Archive

Posts Tagged ‘mobile security’

More Smartphones, More Risk: Mobilisafe Targets SMB’s With New Security Solution (Invites)

February 26, 2012 Leave a comment

Mobilisafe, the stealthy Seattle-based mobile security startup with $1.2 million in funding from Madrona Venture Group and Trilogy Equity Partnership, is opening up access to its private beta program today (invite link below) for a handful of TechCrunch readers.

Over and above, the company is revealing new insights it credited during its private beta period related to the penetration of mobile device in the SMB market, the area which happens to be the startup’s current area of focus.

Much of the current analysis on the consumerization of I.T. and the accompanying BYOD (“bring your own device”) trends are focused on the enterprise market, but Mobilisafe’s data comes from its own hands-on experience with SMB’s.

Mobilisafe was founded by former T-Mobile software architects Giri Sreenivas and Dirk Sigurdson. The firm focused on developing a security solution that gives hands to the companies to deal with the influx of personal devices on the corporate network. The startup does not offer businesses with tools to manage the increased number of mobile devices, it’s also performing data-mining on the aggregate data it collects, enabling its solution to learn over time, and become more predictive about its analysis and recommendations.

Mobilisafe’s big advantage is that it will be able to use the aggregate data to analyze whether an organization is more or less secure than its peers in the same industry or vertical. Right now, the focus is on providing this analysis and understanding to smaller businesses (between 15-2,500 employees), especially because they’re more at risk due to lower I.T. budgets and/or lack of in-house I.T. expertise. But such an ability could easily be useful in larger organizations in the future, if Mobilisafe wanted to go that route.

Over the past three months, Mobilisafe mapped out more than 38 million employee device connections (now up to 44M), which allowed it to uncover some interesting trends within the SMB market.

For example, the majority of SMB’s are highly mobilized, and are driven by BYOD programs, with above 80% of SMB employees already using smartphones and tablets. A new device model was introduced to a company for every 6.6 employees, but over half (56%) were running out-of-date firmware. SMB I.T. departments, meanwhile, are often at a loss when it comes to determining this sort of information for themselves.

In addition, around 39% of authenticated devices were inactive for over 30 days, something that could indicate devices which were lost, stolen, replaced or sold. In some cases, these devices may have had employee credentials and sensitive corporate data on them before disappearing off the network.

The data gathered here through Mobilisafe’s initial beta run is more of a confirmation of the market value for its mobile security solution, meant to simplify the challenges involved with assessing security risk and then knowing the next steps to take after being presented with specific issues.

Mobilisafe has been quietly running a private beta since late last year. Companies use its SaaS solution to tell Mobilisafe what kind of risk threshold they have, and then the startup does the heavy lifting to determine whether they’re falling above or below that threshold. The whole thing can be deployed in 15 minutes, without hardware or network changes, on-device software, or changes to employee behavior, the startup says.

Source: techcrunch

Four Must-Have Android Settings, From a Security Expert

February 23, 2012 Leave a comment

Google made an announcement last week that it has located a latest security flaw in Google Wallet,  through which a determined could root one’s non-rooted device ex post facto and retrieve your Google Wallet prepaid card. That was partly true. So we can assure that there is technical issue that remains still, even though if Google Wallet itself is safer.

To recap the Google Wallet brouhaha this month, first researcher Joshua Rubin from zvelo revealed a quick, simple brute force technique to extract the Google Wallet PIN from a rooted phone. But it actually requires some skills, but the next day The Smartphone Champ revealed that even in a non-rooted Nexus smartphone with Google Wallet, a thief can steal your Google Wallet prepaid card by simply wiping Google Wallet settings and attaching the app to a new Google account. Atlast, Rubin made a report on how a thief can root one’s non-rooted phone ex post facto and steal their Google Wallet funds. This is processed due to the root privileges that does not remove all the data on one’s Android device, and Google prepaid cards are stored in the device, not in one’s Google Wallet account.

Google made a respond to Rubin’s discovery. It suspended new prepaid cards on Sunday. The corporation began re-issuing Google Wallet prepaid cards on Tuesday, claiming that it has fixed the problem. But as a spokesman told Neil Rubenking, Google’s “fix” was to require users to contact Google Support to re-activate a Google Wallet account. So yes, the technical issue still remains.

Rubin, who discovered the latest hack and told us how one might get past the lock screen to perform the root exploit, offered four easy ways to tighten the security settings on your Android device. Not only do we urge anyone using Google Wallet to do this, but any Android user concerned about securing the data on his device should make sure the following Settings are turned on:

1. Enable Lock Screens: Under Settings\Security. Enable Face Unlock, Pattern, PIN, and Password to increase physical security to the device. Slide doesn’t do much.

2. Disable USB Debugging: Under Settings\USB debugging. When enabled, the data on mobile devices can be accessed without first passing a lock screen challenge unless Full Disk Encryption is also enabled.

3. Enable Full Disk Encryption: Under Settings\Security. This will prevent even USB Debugging from bypassing the lock screen.

4. Maintain Device Up-To-Date: Ensure the device is current with the latest official software. Unfortunately, users are largely at the behest of their carrier and cell phone manufacturer for this, but when you are finally prompted to upgrade your operating system, do so. Using only official software and keeping devices up-to-date is the best way to minimize vulnerabilities and increase security overall.

Bonus: Stick to official app stores. This is far less likely, but an attacker can also discover your PIN lock (which is necessary for him to root your phone) if you accidentally install a malicious app that records your personal data, including PIN. Most malicious apps are distributed through shady Chinese/Russian app stores; to be on the safe side stick to the Android Market, GetJar, and the Amazon App Store.

And always read through app permissions, as malicious apps typically make unusual requests. Most mobile security apps, like McAfee Mobile, Lookout Mobile, and F-Secure Mobile Security, come with an app auditing feature to help you keep tabs on permission requests.

Mobile security feats to double in 2011, says IBM

October 21, 2011 Leave a comment

Depending on 12 billion “security events” that happened in the first half of the year, IBM has decided that the number of mobile security exploits in 2011 will be twice as high than in 2010.

Mobile malware leads its way to consumers via third-party applications and often use premium SMS services to monetize an infection or collect private data on cell phones that is extracted in phishing attacks or for identity theft purposes.

Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force says that observers expected mobile malware to become a big problem of latest generation and this is the time that it has come true.

The situation is more worst that the number of critical vulnerabilities is tripled in 2011. Especially attacks from “hacktivist” groups now more a concern as they typically exploit known vulnerabilities, challenging organizations to figure out ways to fix newly discovered problems much faster than before.

The positive observation clears that the number of vulnerabilities in web applications has declined. Last year the number was 49 percentage and this year it is downed to 37 percentage. The number of browser vulnerabilities declined as well, as did the amount of spam that is being sent to users, which has a direct impact on phishing attacks. According to IBM, the percentage of spam that is phishing on a weekly basis was less than 0.01 percent.

Source: tomsguide