Take our FREE 30-Day Trial with no obligation required.

Experience for yourself why MaaS360 is a leader in MDM Solutions.

Divider

Fill out your information below to start.

Your email and personal information are confidential, and will not be sold or rented. See our Privacy Policy for more information.

Loading...
Loading...
Click here to hide

MaaS360 by Fiberlink

App Security Scare Spotlights Jailbroken and Rooted Devices

App Security Scare Spotlights Jailbroken and Rooted Devices

by MaaS360 staff | April 09, 2012

Image source: http://www.howtogeek.com/geekers/up/sshot4f172152d6fdb.jpgIf you are one of millions who have downloaded the Android or iOS Facebook app to your smartphone or tablet, you may not "Like" this blog post. The privacy of your personal information—or that of your company—may be at stake. According to Gareth Wright, a mobile application developer, hackers can access the .plist file of your Facebook application with relative ease.

With access to this file, the hacker can obtain the app's access token, full oAuth key and secret. With these items, a user's account could be hijacked and his or her identity effectively stolen. As you can imagine, news of this potential threat circulated the web relatively quickly which prompted experts to shine more light on the topic.

Josh Constine of TechCrunch says not so fast. In a recent post, Constine pointed out the vulnerability only applies to jailbroken or rooted devices. Good news for some of you, but not all. Especially those of you who use your phone or tablet both at work and out of the office.

Is Jailbreaking the Root of the Problem?

 

Jailbreaking refers to the process of modifying Apple iPhone or iPad software (iOS), and is typically performed as a means to avoid limitations to device functionality. Users can then access third-party applications that would otherwise be unauthorized to run on their device. As for Android devices, they may be less restricted than Apple devices, but they can be rooted in order to rid custom interfaces or to gain more control over the device.

Jailbreaking and rooting are controversial practices, and will void the warranty of most devices. As the recent Facebook vulnerability revealed, jailbreaking can remove some of the key security protections that come standard on a mobile device.

MDM, Remote Wipe, Problem Solved

 

When rooted or jailbroken devices gain access to the corporate network, they automatically pose security risks. IT professionals in the enterprise would be well-advised to guard against the hazards that come along with these penetrable gadgets. Many security professionals have answered the call by working jailbroken and rooted devices into their mobile device management (MDM) policy.

However, as Constine pointed out, lost or stolen devices make matters more complicated. Any hacker worth their salt can root or jailbreak a device that falls into their possession. For this reason, it's important to consider remote wipe solutions, which allow IT departments or individual users to remove sensitive data from a mobile device that is lost or stolen. If it falls into the wrong hands, cost of replacement and restoration should be the only concern.

With the above considered, the threat of the Facebook app is not as scary as it may have first seemed. Much like the other threats brought about by the mobile digital age, it is one that can be mitigated by common sense best practices and smart security solutions.

So for all you employees out there, do you have a jailbroken or rooted device? If so, what measures will you take heading forward to ensure your personal/company information remains out of hackers' hands? Tech admins, what are you doing to prevent infiltration of private corporate information?

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Post a Comment

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments

Get Involved!

Sign in using one of your existing social accounts.

...or manually register for a new account here.

@MaaS360 on Twitter more...

Most Active Users

vhetrick
Ryan_Roth
jharrington
Joe Pappano
bcampbell
Donna Lima
jwittkopp
KaylaBittne...
manthony
Kumar A
Sobek
Fov
TRUSTe European Safe Harbor certification TruSaaS
© Fiberlink Communications Corp. All rights reserved. Privacy Policy
All brands and their products, featured or referred to within this site, are trademarks or registered trademarks of their respective holders and should be noted as such.