BYOD Best Practices – Three pitfalls you can’t afford to ignore

In a previous post1I raised three pitfalls that your BYOD program cannot afford to ignore when allowing employees to use their personal devices for work:

– Remote deletion of personal data on an employee-owned device
– Tracking an individual’s location
– Monitoring an employee’s Internet access

Based on my involvement with various BYOD projects2 and my ongoing conversations with many industry experts, here is my recommendation for three best practices that will allow you to strike the delicate balance between employee privacy and corporate liability :

Read more of this post

Mobile Security: iOS Jailbreaks Pose Risks

*** UPDATE 9/1/2015: KeyRaider Compromises 225K (jailbroken) Apple Logins ***

http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/

 

Mobile Security: iOS Jailbreaks Pose RisksJailbreaking is happening in the millions: don’t turn a blind eye.



The latest jailbreak for iOS 6.1, released on 4 February, was downloaded by a whopping 5 million users in the first 48 hours alone, according to the website stats posted by Cyril (a.k.a. pod2g), the developer of the latest hack published on evasi0n.com. During these first two days, the websites served 40 million page views of which a good 50 per cent to 2.5 million unique visitors from the U.S.

Read more of this post

Catching Android Tokens in the Wild

Below is my interview with Shaun Nichols of V3.co.uk on the latest Android security flaw:

Unsecured Wi-Fi leaves Android users open to attack

/v3-uk/news/2071676/researchers-disclosure-flaw-android

Android logo

18 May 2011, Shaun Nichols  , V3

Experts are warning of the dangers of unsecured Wi-Fi connections after a group of German researchers uncovered a security flaw which could leave Android users’ contact information exposed.

Researchers from Ulm University reported that many Android handsets and tablets are currently vulnerable to attack via an unsecured Wi-Fi connection when used to access authentication tokens for Google’s Calendar, Contacts and Gallery services. The vulnerability lies in the handling of the authToken component. When the user is connected on an open Wi-Fi connection, an attacker could capture and reuse the token to access data on the Google services. “The implications of this vulnerability reach from disclosure to loss of personal information for the Calendar data,” the researchers wrote. “For Contact information, private information of others is also affected, potentially including phone numbers, home addresses and email addresses.” The flaw is found in handsets running Android versions prior to 2.3.4 and tablets running Android versions prior to 3.0. The authorisation is performed over a secure connection on newer versions which prevents harvesting of the tokens. The researchers suggest that, if possible, Android handset owners should update to the newest version for their device.

Read more of this post