Mobile security compromised by ‘jailbreaking’ phones

Mobile Security breaches and leaks are imminent threats facing enterprises today. While

hackers definitely pose a security threat, employees may actually create more harm to a

company. According to security analyst Kevin Sze, “Your employees who frequently use

cloud services pose a larger threat to your organization than hackers”. Research group

Gartner expounds on this impending threat, reporting that, “In 3 years, 75% of company-

wide data breaches on mobile devices will be caused by the misuse of cloud applications

& services.” Hence, mobile security is an issue that should be addressed immediately by

corporations, given the recent increase in mobile security breaches.

While attacks on mobile platforms are actually quite uncommon, the instances where

employees use cloud services & applications to store documents via mobile platforms

have now become an everyday occurrence. Thus, “placing corporate information in the

cloud for remote working can build an uncontrolled stash of sensitive data”, says Gartner

principal research analyst Dionisio Zumerle.

Additionally, employees can further put sensitive and confidential company data at risk

by modifying one’s mobile device operating system. Given the mass appeal and

commercialization of jailbreaking iPhones & rooting android devices, operating system

manipulations have become quite common in the workplace. If a piece of malware indeed

infiltrates a jailbroken or rooted mobile device, it’s an easy operation to extract highly

confidential information. Furthermore, jailbroken or rooted devices are increasingly

disposed to cryptanalytic attacks which systematically running through all possible keys

or passwords, until successful.

Mobile device adoption is set to continue its astronomical rise, with 2+ billion

smartphones & tablets projected to be sold this year, Gartner reports. With this rise of

smartphones and tablets, while sales of traditional PCs decreasing, attacks on

smartphones and tablets are increasing, states research firm Gartner Inc. By 2017, the

focus of endpoint breaches will move to mobile platforms: tablets and smartphones.

Furthermore, Gartner states that 75% of all mobile security breaches will be the result of

mobile application misconfiguration and misuse – issues which can be easily evaded.

According to Dionisio Zumerle, principal research analyst at Gartner, a typical scenario

of misuse of cloud services occurs via smartphone and tablet apps. “When used to

convey enterprise data, these apps lead to data leaks that the organization remains

unaware of for the majority of devices," he said. Therefore, one of the best defense

mechanisms for a company is to enforce safe utilization and configuration. One way to

enforce this would be conducted via a mobile device management policy.

In conclusion, CIO’s and information technology leaders should make active efforts in

defending against malware on mobile platforms. Principal Analyst at Gartner, Zumerle

states, "You have to cleanout the hype about mobile security attacks and find out which

are the real risks for the enterprise. At this moment, the attacks are not very advanced.

They're very plain." In order to combat mobile security threats, Zumerle suggests clients

take on a more strategic approach on mobile security, by purchasing advanced

technologies which not only cover issues present today, but also those that can adapt to

future threats and conditions as they arise.