The ability to work from home or whilst out on the road can make a major contribution to a company’s revenue stream and bottom line, but unfortunately cyber security is rapidly becoming an issue.
Recent research carried out at the US Universities of California and Michigan revealed a flaw in some Android devices that allows applications to be hacked. It’s also feared that this flaw can also be used in attacks on iOS and Windows Mobile applications. The research paper was presented to experts at the USENIX Security Symposium, where it caused considerable discussion and concern.
According to researchers, Android device intrusion requires a piece of malware to run in the device’s background. The app is virtually undetectable to the average user, as it uses very little battery energy and only requires a handful of permissions in order to run. The malicious mobile program uses the window manager, a graphic interface framework housed in the shared memory area of a tablet or smartphone.
It was found that the malicious app could theoretically interfere with around 92% of devices targeted and was particularly effective in disrupting Gmail. Hackers could use the malicious app to view a replica of the user interface, in addition to obtaining image files through the device’s camera. Clearly, this possibility presents major cyber security concerns for all SMEs where all or part of their workforce has remote access to company intranet files via mobile devices, used when working from home or out on the road.
Fortunately, mobile application management software is able to mitigate the effects of such malicious apps (and there is more than one). Interference can be prevented by sandboxing applications and avoiding memory sharing between them. However, IT departments that do not quickly adapt to an increasingly mobile-influenced world are at increased risk of serious attacks, which could serious damage client confidence and may even result in the loss of highly sensitive personal and company data and cyber blackmail attacks.
The research raised serious concerns about the increasingly popular ‘bring your own device’ policy now operating across many businesses. If companies do not use MAM software, their systems could be at risk from a malicious application, which could easily be customised to attack one specific operating system. Those enterprises that do install MAM software suites on each and every user’s own device will stay immune from attack. MAM software suites are specifically built for each separate operating system and combat hacking using malicious programs by restricting memory sharing.
Mobility is obviously the way forward for many modern businesses, but it’s crucial that companies are aware of serious threats to data security and put systems in place to combat it. For more information on how outsourcing your IT security needs, why not contact the experts at CARA?