alexwhite19800
asked on
MITM attack on Android phones
http://arstechnica.com/security/2016/11/powerful-backdoorrootkit-found-preinstalled-on-3-million-android-phones/
We have BYOD in our environment and around 10% Android devices. We use GOOD for secure email, a containerised solution.
Would any corporate data, sent via or within GOOD, be affected here?
Also, the root detection should pick thisup?
We have BYOD in our environment and around 10% Android devices. We use GOOD for secure email, a containerised solution.
Would any corporate data, sent via or within GOOD, be affected here?
Also, the root detection should pick thisup?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The best practice is not to use any public wifi and to use 3G or 4G when you are not in your office if you have to use your Android phone.
One aspect is that apps containers should support app based vpn to secure exchanges to its backend system for update. It will be preferred that such phone is managed as the byod device is still the weakest device to safeguard without a proper MDM and MAM in place to manage the comingling of personal and company apps and integrity of the phone firmware and lockdown profile configured.
ASKER
Thanks. GOOD has root detection to disable access and wipe corporate data once detected, should that mitigate the threat here?
it seems very difficult to believe that an attacker that gains access to your phone cannot access the data in good, whatever container strategies they use. containers are difficult to get out of but they are easy to get inside of.
my personal belief is that all smartphones are plagued by a crazy bunch of voluntary backdoors, hard and soft ( and neither you, i or probably anyone around knows of half of them ) and no app i ever saw with encryption, wiping, and secure your data stuff was adding next to enough security to make it worth the bucks ( including free ones )
the real question might be do you think that whoever might be interested in your data have the knowlege or bucks to hack your phones ? if the answer is yes, you probably should stop using phones altogether. securing an android or apple phone is most likely just not feasible.
my personal belief is that all smartphones are plagued by a crazy bunch of voluntary backdoors, hard and soft ( and neither you, i or probably anyone around knows of half of them ) and no app i ever saw with encryption, wiping, and secure your data stuff was adding next to enough security to make it worth the bucks ( including free ones )
the real question might be do you think that whoever might be interested in your data have the knowlege or bucks to hack your phones ? if the answer is yes, you probably should stop using phones altogether. securing an android or apple phone is most likely just not feasible.
Yes the container lockdown mitigate but does not remediate as this is a backdoor that is installed in the device. It can attempt to callback and send back device info.
So far, there is no clear evidence that it is targeting any other apps data. If those are encrypted, it is likely the backdoor may not get it and remote wipe off the apps on device compromise helps.
For those affected models, best to remote wipe those apps that you have concern with for time being. You may be interested in additional security s/w watch over for anomalous activities. See https://www.zimperium.com/zips-mobile-ips and https://www.zimperium.com/zanti-mobile-penetration-testing
So far, there is no clear evidence that it is targeting any other apps data. If those are encrypted, it is likely the backdoor may not get it and remote wipe off the apps on device compromise helps.
For those affected models, best to remote wipe those apps that you have concern with for time being. You may be interested in additional security s/w watch over for anomalous activities. See https://www.zimperium.com/zips-mobile-ips and https://www.zimperium.com/zanti-mobile-penetration-testing
ASKER