Mobile Security Defenses

Mobile Security Defenses

By: Jeremy Klinzak, Security Engineer, MAD Security | February 7, 2019   Mobile device security is an important part of securing IT assets for companies today. These devices are some of the most exposed parts of IT infrastructure, as they go everywhere the employee goes. Common threats to mobile devices include malicious applications, malicious advertisements, sideloading, and rogue access points. Fortunately, Mobile Device Management (MDM) solutions exist and serve as a means to simplify the process of securing and managing employee mobile devices. MDM solutions can assist in preventing mobile device compromise and empowers organizations with the ability to respond to security incidents such as a stolen or infected mobile device. In the sections below I will explain some of the common features of MDMs and the threats they can help mitigate. Before reviewing MDM solutions, let’s first analyze the most common threats to mobile devices and discuss developing a Mobile Device Policy.   Common Methods of Infection   There are three common methods that malware infects mobile devices. The three common methods are malicious or infected applications, malicious advertisements or phishing, and sideloading. MDMs can assist in preventing all three methods. Let’s explore these to detail how the devices can become infected and how MDMs can assist in protecting them.   Malicious or Infected Applications   Sometimes attackers manage to upload malicious applications to iOS and Google Play stores posing as harmless software. Attackers can also infect previously safe applications. In 2017 attackers hacked the popular application CCleaner’s distribution servers[i]. This allowed attackers to inject malicious code into the application and infect any device that installed CCleaner after...