Got a mobile phone? Then you've got a Trojan problem too
This time it’s personal
And last comes Android
And last comes Android. Lyne agrees with Sawyer that it is the most under attack, and notes that it is fragmentation that poses the biggest problem.
The scale is shown by research conducted by Lacoon Security, an Israeli consultancy which surveyed the smartphones of half a million users over a number of networks.
Lacoon found that one in 1,000 had some kind of spy phone software installed. Of these 53 per cent were Android and 47 per cent iOS, with 22 per cent of the infections being on Android 4.x.
Given that there is a security threat if you don’t use an MDM, and that using an MDM itself might pose a security treat, what is the best option, particularly for those highly targeted Android devices?
Perhaps the best combination of MDM and devices is the Samsung Knox system. Like the General Dynamics solution announced at Mobile World Congress, Knox has a customisable boot and uses the NSA-derived SELinux (security enhanced), although Sawyer notes that until the end of August Samsung shipped this in permissive mode rather than enforced mode.
Samsung does not provide an MDM system for Knox phones directly but builds on its Safe program to provide a basis for other suppliers of MDM system.
In a world of end-to-end ecosystems from Amazon to iTunes it is surprising that Samsung has elected not to enter the fray. Perhaps it thinks Western companies would prefer not to have a South Korean company own the keys to their commercial secrets.
The secure container is a common approach, adopted by Knox, General Dynamics, Deutsche Telekom’s SimKo3, MobileIron, Airwatch, FiberLink, Zenprise and Good Technology, among others.
The model of using a container for applications cuts the risk of the data leakage associated with BYOD (bring your own device). A secure container is set up for corporate applications such as email, calendar, browser, storage clients and so on.
Data downloaded from the enterprise, such as email attachments and files, cannot be accessed by applications outside that container.
This provides the perfect excuse to leave the work phone behind when you go on holiday
This stops users from being able to email, text or Dropbox any files that should live only within the corporate environment. All the data stored is encrypted using AES-256.
This provides the perfect excuse to leave the work phone behind when you go on holiday as you will be prohibited from taking it anywhere that has UN export restrictions and sanctions in place or where encryption is illegal.
Sophos has a lighter touch, perhaps more tailored to BYOD. This ensures the user has a decent passcode and that the device is properly configured – for example that SSL is turned on for email and looking for the signs of Trojans.
There is no easy way to detect if a phone has been rooted or jailbroken. The signatures are to look for those apps such as Cydia, which takes advantage of the freedom to download third-party applications to an iPhone, or Superuser which establishes privileges on an Android phone.
Daniel Brodie, senior researcher at Lacoon, adds that data is unencrypted once it is in memory and a crafted Trojan could bypass the container.
Choose your cloud
And don’t forget the hosting. Although backing up your corporate data in the cloud might be a good thing to do for all kinds of reasons, you need to make sure that the cloud you are using is secure. If data is covered under the data protection act you are legally obliged to know where it is.
This has led to the advent of companies such as Secura Hosting, a government-approved G-Cloud supplier, which undertakes to keep data within the UK only.
So, has mobile malware suddenly gone from being talked about to actually happening? All those companies that sold solutions for which there was no problem now do have a problem to deal with.
That is why one security expert I spoke to was carrying a Motorola Razr. It might be old and limited but it was built before phones got smart. It is unhackable. ®