Page 14 - index
P. 14
I was fortunate to deliver a presentation with the President of Appthority, Domingo Guerra,
titled "Bring your own Risky Apps". Domingo and I walked attendees through some freeware
tools that allow organizations to review a mobile app and understand its behaviors. This
enumerated that a wallpaper app was accessing location information, while other apps were
harvesting the user's list of contacts and sending them to unknown adware sites. In an
enterprise, this can be quite dangerous for obvious reasons.
We reviewed a variety of proactive and reactive countermeasures that identify all of the more
than 2.5 million risky apps across the App Store and Google Play. We also discussed how
enterprise mobility management (EMM) policy enforcement could be used to respond to a
variety of threats by quarantining a mobile device when a malicious or risky app is identified.
This too represents a fundamental shift from PC-oriented anti-virus and anti-malware. In
mobile, anti-virus and anti-malware is just another app. So while although it can detect
malicious and risky behaviors, it's limited in what it can do in terms of removing the bad app
because it's just another app on the mobile device and typically doesn't have the right to
remove the threat.
Mobile App Risk Management solutions integrate with EMM/MDM solutions to leverage the
ability to respond and mitigate threats.
Black Hat presentations put app data protection front and center
From the headline-grabbing auto hacks to the more than 100 briefings that touched on
mobile vulnerabilities, it was obvious that an ever-growing ecosystem of endpoints present a
clear and present danger to information security.
There were several briefings that stood out from a mobile security perspective. "Unwrapping
the Truth: Analysis of Mobile Application Wrapping Solutions" focused on mobile application
management (MAM) solutions leveraging a technology known as App Wrapping.
This involves taking an app and adding an additional layer of security code to the app to
allow additional security controls to be applied through MDM/EMM policies. These controls
can include strong authentication, encryption for data-at-rest, secure connectivity through
application tunneling or per-App VPN, authorization controls, selective wipe, and more.
Presenters highlighted individual vulnerabilities found in a few EMM solutions including lack
of encryption as well as exploits than can be performed on Jailbroken devices. At MobileIron,
we authored a blog highlighting the presentation and security best practices in terms of
countermeasures.
One notable countermeasure leverages jailbreak and root detection in conjunction with a
quarantine if an attacker is trying to gain access to an application's data either at-rest or in-
transit. It also reinforces the need for administrators to update their EMM products when
updates are released as these updates sometimes include security patches.
14 Cyber Warnings E-Magazine – August 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
