Mobile Security Weekly – Bringing the Hammer Down on Mobile Threats
The world of mobile security is constantly absorbing and adopting new trends. This week’s summary highlights just that. It’s evident just how unsecure even the most “secure” devices are – despite several companies attempting to create an “impregnable” device. On the flip side, we see more examples of mobile security being taken seriously – whether by Google or governments.
British Information Watchdog warns of £500,000 fines for putting clients’ data at risk.
The Information Commissioner’s Office (ICO) has voiced its concern over a recent series of data-protection issues in the British legal profession, warning lawyers they face fines as high as £500,000 if they place clients at risk.
After 15 incidents in the past 3 months, the ICO says it’s obvious that staff in the legal profession aren’t using the necessary data-protection practices and technologies to keep data secure.
http://www.v3.co.uk/v3-uk/news/2358882/ico-sounds-the-alarm-over-legal-professions-shoddy-data-handling
Why is this Significant?
It’s great to see an official government organization preaching the use of encryption and security measures outside the high-tech industry. Looking at the sensitive information handled by the legal profession – it’s clear why they are being targeted by threat actors:
- Lawyers are always mobile – they need much of their private and confidential data with them at all times.
- The Legal industry is yet to embrace more advanced security regulations.
- Communication is a critical part of the business – making mobile devices the perfect target.
For more information on securing devices in a mobile-driven legal world, you can read our previous blog post here
The “Most Secure” Android Phone Hacked In Fewer Than Five Minutes
The Blackphone, advertised as a highly secure consumer alternative to standard smartphones, has been successfully hacked. This happened not long after Blackphone had a very public argument with Blackberry after the latter called the secure device “unacceptable” for enterprise and private customers.
This hack was performed live at a recent conference – researchers hacked the phone and gained root access within five minutes, without unlocking the bootloader.
http://www.itproportal.com/2014/08/11/hacker-roots-blackphone-black-hat-conference/#ixzz3AT6KmVqr
Why is this Significant?
While it must be said that some user interaction is required and Blackphone have since solved one of the problems, this serves as an additional example in the advancements and increase in methods of attacking and gaining control over a device. It is important to recognize that organizations are, more likely than not, going to be infected. The critical part is identifying and mitigating the problem as quickly and professionally as possible.
Google ‘Android Device Manager’ App Updated With ‘Call Back’ Security Feature
Users running Android 2.3 and above now have an interesting new way to try and locate lost smartphones.
The Android Device Manager always enabled data to be remotely erased by users as well as activating the lost device’s screen lock PIN remotely. Now, the important functionality has received an upgrade in the form of a ‘call back’ feature, which when set, enables finders of lost devices to call and return the set to the original owner. Basically, if the device gets lost and is picked up by someone, the ‘Call Back’ functionality displays a new green call button at the bottom when the finder activates the device’s (smartphone) screen.
Another important aspect about Google’s latest security enhancement is that, ‘Call Back’ can be made active even after users lose their Android smartphones.
http://www.ibtimes.co.uk/google-android-device-manager-app-updated-call-back-security-feature-available-download-1460526
Why is this Significant?
It’s interesting to see how Google are looking at combating the theft and misplacement of devices. Although this feature won’t help in securing devices against malware, it is undoubtedly an important part of device protection.
Image Credit: mosio.com