Page 38 - Mobile Data Loss
P. 38

32    Mobile Data Loss

          the device. We’ve become accustomed to Anti-Virus simply removing the
          threat on a PC once detected. But on a mobile device, the application
          sandboxing prohibits the anti-virus from removing a threat since it’s
          isolated just like any other app. In the mobile device world a new
          approach has emerged referred to as an App Reputation Service or
          Mobile Threat Prevention. Fundamentally, an App Reputation Service
          leverages the EMM’s app inventory and compares that to its inventory
          of apps to identify apps that contain malware or risky behaviors
          that may expose data. Additionally, some may or may not use an
          anti-virus-like app on the device. Theseare more tunedtomobilethreats,
          but most importantly are still tied to the MDM/EMM. When a threat is
          identified, these solutions communicate the threat to the EMM and the
          EMM will quarantine the device. The quarantine can automatically
          remove the POS App and/or its data from the device upon detection.
          Additionally, the quarantine can optionally use a mobile gateway to
          automatically block the device’s connectivity on the network to protect
          the infected device from impacting the broader CDE.
             Another major threat is a mobile device compromise stemming
          from jailbreak (iOS) and rooting activity (Android). There is a
          plethora of techniques for jailbreaking or rooting a device. In addition
          to the variants of jailbreaking techniques, there are tools meant to hide
          the fact that the device has been jailbroken. For Android, there are
          also a variety of ways of compromising a device. These can stem from
          an Android device-specific vulnerability, side-loading/side-jacking, use
          of the ADB and USB controls, Custom ROMs, and much more.
          When this occurs the operating system sandboxing is circumvented
          and security is weakened on the device, opening up the device to a
          variety of data loss threats and attacks.

             Quarantine options can automate the response to a mobile device
          compromise ranging from a Full Wipe of the device, to a Selective
          Wipe where just the POS data and/or apps are removed from
          the device. Note that these behaviors vary slightly across the
          platforms including iOS, Android, Windows, and more.
             One concern for retailers is the scenario of a lost or stolen device.
          When this occurs it’s no longer on the retail Wi-Fi and thus the retailer
          loses visibility and management of the device. Furthermore, if an
          attacker then tries to target the device to steal credit card information,
          the EMM can’t send a quarantine command to the device to wipe the
   33   34   35   36   37   38   39   40   41   42   43