Page 59 - index
P. 59
virus then stole information from mobile devices and sent it to criminals via wireless means.
Apple responded rapidly by posting an operating system fix -but not before reports of hundreds
of thousands of people had been infected, via the reactive “closing the barn door after the horse
has escaped” process which all too many malware remedies end up following.
This wasn’t the only major attack against iOS systems; ‘Find and Call’, discovered in 2012, was
the first notable non-jailbreaked iOS trojan which uploaded contact lists to a remote server. Two
years later spyware applications XAgent and MadCap were discovered on iOS systems.
This malware was directed at political and military employees and intended to perform
advanced political espionage. This is not meant to impugn or blame Apple for product flaws;
they are a great company with great products and, truth be told, they have much lower infection
rates than Android devices.
However, it shows that no one is immune to mobile viruses. Everyone should be on high alert.
Protect the Enterprise from Cyber Criminals
So, what can IT professionals do to protect their Enterprise from inside
threats presented by USB vulnerabilities which are often introduced
unintentionally by well-meaning employees?
Educating employees on the dangers associated with USB charging is
the first step. Implementing security policies and periodic training is a
common best practice among most companies large enough to
support an IT staff.
However, education, training and policies might not prevent an employee with just 5% charge
left on their phone from plugging it into a USB port on his work computer. This small and
seemingly harmless act can bring down an entire network if lurking malware on the phone can
circumvent policies intended to thwart it.
Just as bad, it can also expose corporate intellectual property such as research, product plans,
employee records, financials, and a host of other information that should never go outside of the
corporate network.
The majority of USB enterprise security breaches are accidental. Therefore, more
comprehensive mitigation strategies should be considered. One such strategy is the USB port
blocker, which are inexpensive mechanical plugs that physically prevent the connection of all
USB devices.
While this will work in some scenarios, the port blocker comes with an obvious disadvantage: it
completely disables the functionality of the USB port, including its ability to charge devices. For
the proverbial employee low on smartphone power you’ll need to consider a solution that meets
their needs as well as your security requirements.
It’s possible to disable the data synchronization component of a USB port (which is how viruses
can spread) while still allowing charging. Some devices and “charge-only” cables allow power-
59 Cyber Warnings E-Magazine – June 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
