Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Locking down risks from unlocked devices

601 views

Published on

Locking Down Risks from Unlocking

How organizations can protect themselves from the security threats and liability of unlocked phones. While steep fines have placed the unlocking issue in the spotlight, savvy organizations will tell you that this is nothing new. For years, they have taken action to protect themselves from the security risks posed by unlocked or jailbroken phones.

The question now is –how far should they go in ensuring that their employees don’t jailbreak or unlock their phones?

Webinar covers:
• Security strategy best practices
• Acceptable use policy options
• Data protection
• Application management

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Locking down risks from unlocked devices

  1. 1. Locking Down the Risks from Unlocked Devices Presented by: Troy Fulton Director, Product Marketing Wednesday, February 20, 2013 © 2013 Tangoe, Inc. Thursday, February 21, 2013
  2. 2. Today‟s Speaker Troy Fulton Director, MDM Product Marketing • 20+ years in high-tech and communications devices • Senior product marketing and management positions with global corporations including Motorola Mobility, Nokia, and Compaq • MBA from The College of William and Mary; BA from Boston College © 2013 Tangoe, Inc. 2
  3. 3. Agenda • Definitions • What is Illegal • Key Takeaways • Risk & Mitigation • Summary • Q&A © 2013 Tangoe, Inc. 3
  4. 4. Definitions: Unlocking • Enables a device to work on a wireless carrier other than the one device was purchased from • If an AT&T iPhone were unlocked, it could be used on T-Mobile USA's network • In October, the U.S. Library of Congress invalidated a copyright exemption in the Digital Millennium Copyright Act for unlocking cell phones • Unlocking a device is potentially illegal, unless authorized by a carrier • Civil fines range from $200 to $2,500 per unlock • Criminal penalties up to $500,000 and five years in jail. • http://bits.blogs.nytimes.com/2013/01/25/cellphone-unlock-dmca/ • Unauthorized unlocking requires the device to be jailbroken © 2013 Tangoe, Inc. 4
  5. 5. Definitions: Jailbreak • Pertains to iOS devices • Allows applications not approved by Apple to be downloaded from any source • Removes the security controls which prevent access to data on a device by unauthorized people and applications • Process of removing the sandbox protections that Apple places in its iOS products • Enables users to access files they normally wouldn't be permitted to, which opens up all sorts of possibilities for customizing an iOS system • Many technically inclined users loathe being locked into a sandboxed device © 2013 Tangoe, Inc. 5
  6. 6. Definitions: Root • Pertains to Android devices • Android, unlike Apple, is an open source operating system • Android out of the box allows users to install 3rd party apps (also known as sideloading) • User can install themes • Allows the install of applications directly from SD card or internal memory of device • Everything IOS users hope to accomplish with jailbreaking is basic functionality within Android • Rooting overcomes limitations carriers and OEMS put on devices (skins, etc.) • COMPLETELY remove and replace the entire operating system of the device © 2013 Tangoe, Inc. 6
  7. 7. What Has Been Reported to be Illegal • Unlocking without carrier permission • A common example…. • Use device as an Internet hotspot • Switch to a local carrier when traveling overseas to avoid roaming charges • In Europe, unlocked phones function as you might expect. • You buy a phone and obtain a SIM card from the network you have chosen, and the phone registers on that network • Want to change networks? Get a different SIM and swap it out • Why does this work? • Network operators share the same three portions of the spectrum and support GSM (3G) and LTE (4G). • In the U.S. carriers enable different features on their smartphones • Support differentiated mobile experiences • Support competing 3G and 4G wireless communication standards at different spectrum frequencies © 2013 Tangoe, Inc. 7
  8. 8. Key Takeaways: Unlocking • New carrier = non-optimized usage rates • Unlocking can also interfere with your phone‟s settings • Features previously enabled will not likely function • Phone warranty voided • Jailbreaking attracts malware and decrypts data • This law does not eliminate the practice of unlocking phones • Does not prevent unlocked phones from entering corporate networks • Organization may be held liable for an employee‟s unlocked device © 2013 Tangoe, Inc. 8
  9. 9. Key Takeaways: Jailbreak vs. Rooted • Sandbox protection for apps is removed • Every app can get to everything • iOS and Android apps designed not to share data • Jailbreaking decrypts data on the device • Bypasses device password • Android app developers can store data in cipher text (optional) • If not, encrypted device data may be stored in plain text if you PC synch • Jailbroken vs. rooted • iOS: apps must utilize the Data Protection APIs to maintain encryption • Password protection enables data encryption • NSS Labs: possible to jailbreak an iOS device and completely bypass the passcode • Jailbroken phones are more vulnerable to malware • Android: device password enables full file system encryption • Modifying the bootloader or OS is not sufficient to access data without the password • Rooting decrypts all data. Google recommends an OEM hardware solution © 2013 Tangoe, Inc. 9
  10. 10. Risks and Mitigation • Device is lost or stolen • Exposed data…all of it • SMS/iMessage texts • Address book, calendar, email…. • VPN • Secure communication but is the device secure? • Access to enterprise resources • Need mobile anti-virus • Mitigate risks • Monitor with automatic policy response • Carrier and application • Mobile content management • Containerization • ABQ © 2013 Tangoe, Inc. 10
  11. 11. Secure Mobile Content Management • Enforce security for device-based Corporate Document Stores access • Manage distribution authority • Enforce DLP via cut/paste features • Manage document Native, 3rd Party Editing Tools Mobile Content Management version control & redundancy Device Continuum © 2013 Tangoe, Inc. Simple, Private File Sharing
  12. 12. Mobile Device Containerization Tap to access Divide • • • Enter passcode Get to work! • • • Personal phone, SMS and web Choice of device, services Freedom & privacy Data security Enterprise apps & services Easy to manage and control • Separate corporate data from personal data • Allow „personal data‟ to co-exist • Provide controls over corporate data © 2013 Tangoe, Inc. 12
  13. 13. Secure Network Access: THE BYOD Solution • Real-time detection and enforcement • Detect and quarantine unknown devices • Self-Service Device Enrollment Modules • Guest Access Management • Non-Browser Device Registration • MDM Policy Enforcement • MDM Self-Registration process integrated with NAC-based Policy Enforcement • NAC-based MDM Policy Enforcement and Remediation Messaging 13 © 2013 Tangoe, Inc.
  14. 14. Summary • Terms and conditions should clearly describe the penalties for unlocking • Know your environment • SANS Institute IT Survey: 9% are “fully aware” of all mobile devices on their network • Lifecycle of smartphones and tablets is very short: 12 – 18 months • Do not be fooled…if no controls, there is sensitive data on the device • Make (sustainable) decisions • If you do not define policy, employees will • Never store confidential corporate data on an unencrypted device • No corporate business through the use of personal accounts • Prohibit sending emails from your corporate address to private email accounts • Lock down any device assigned to an employee, including remote wipe • Secure communication to the device • Block device access to ActiveSync for non-compliance • Have a recycling program © 2013 Tangoe, Inc. 14
  15. 15. Questions and Contacts Troy Fulton Director, Product Marketing Troy.Fulton@tangoe.com Tangoe 203.859.9300 info@tangoe.com www.tangoe.com © 2013 Tangoe, Inc. 15

×