Today's Top Stories The Android Fake ID flaw could open up enterprises that allow BYOD to malware that impersonates trusted apps, steals confidential information and fools mobile device management software. The flaw, discovered by security firm Bluebox, enables malware to copy an Android app's unique identity and use that ID to impersonate the legitimate app without user notification, explains Jeff Forristal, chief technology officer with Bluebox, in a blog. "This can result in a wide spectrum of consequences. For example, the vulnerability can be used by malware to escape the normal application sandbox and take one or more malicious actions: insert a Trojan horse into an application by impersonating Adobe Systems; gain access to NFC [near field communications] financial and payment data by impersonating Google Wallet; or take full management control of the entire device by impersonating 3LM," writes Forristal. The flaw affects all Android devices prior to Android 4.4 (KitKat), or more than 82 percent of the Android devices currently in use, according to Google's stats. Google did issue a patch for the vulnerability in April to the phone manufacturers in response to Bluebox's research. However, not all of the vendors have released the patch to their ecosystems. The flaw could lead to a BYOD device being compromised through the download of malware impersonating a legitimate app. This could in turn fool device management software and infect the corporate network, explains TechTarget in an article. TechTarget recommends that IT security teams use app whitelisting to approve trusted apps, train employees about how to avoid downloading suspicious apps and phishing scams, use software enabled with app analysis and use an enterprise app store. This will reduce the risks from the Fake ID flaw, as well as other malware that could infect BYOD devices and the network. For more: - check out the Bluebox blog - read the TechTarget article [reg. req.] - see the Google Android use stats Related Articles: Malware attacks on Android devices see 600% increase, says Sophos Android security hole could enable attackers to bypass VPN Flood of BYOD devices challenges IT security pros Read more about: BYOD, malware back to top | This week's sponsor is Gartner. | |  | The explosion of connected BYOD devices and the need for greater mobile network density prompted the University of Miami to make a major upgrade to their Wi-Fi network. The university turned to Aruba Network to upgrade its system, which covers 200 buildings and 11 million square feet at the university's three main campuses, as well as the UHealth-University of Miami's three hospitals and two dozen outpatient facilities. The university has more than 15,000 students enrolled, and each student has an average of four to five mobile devices. More than 25,000 devices connect to the university's network daily, with peaks as high as 18,000 devices simultaneously on the network. "We are faced with a diverse environment, different needs ranging from clinical and research to academic and administrative. It had been awhile since we did a wireless worklist. We had a decent pervasive wireless network" [provided by Meru Networks], explains Brad Rohrer, deputy CIO for information technology at the university. "We did an evaluation of multiple vendor partners and products ... Aruba just seemed to be the right product for us given the diverse set of demands from our customers as well as [Aruba's] ability to scale," Rohrer tells FierceMobileIT. Rohrer declined to say who the other vendors were, but he noted that they were the leading enterprise Wi-Fi vendors in the market. According to Gartner, leading Wi-Fi vendors include Aruba, Cisco and HP. "We are finding students with four or five devices each connecting to wireless. So it's no longer just wireless coverage or speed, it's density ... It's becoming like electricity. You assume it's there, and you needed it to be there," Rohrer explains. The university has different security profiles for their various Wi-Fi networks. Security is an important issue especially for the UHealth network because of the patient information that is stored there. The university plans significant Wi-Fi upgrades in the next two months, Stewart Seruya, chief network officer for information technology at the university, tells FierceMobileIT. By the end of the summer, the university plans to install another 3,000 access points (APs), in addition to the current 2,300 APs, many of which are 802.11ac. "We're fine-tuning the process as we go along, Seruya adds. For more: - check out Aruba's release Related Articles: Wi-Fi Wars Aruba, Cisco and HP are magic when it comes to LAN infrastructure 4 tips to successfully deploy a wireless security network Read more about: BYOD, security back to top While much of the focus of mobility has been on the enterprise, small businesses are increasingly looking to mobility to improve productivity at a lower cost. In fact, more than three-quarters of small businesses used mobile technology this year, up from two-thirds last year, according to a survey of 540 small business owners by Constant Contact. A full 92 percent of small businesses either have deployed or are interested in deploying a mobile-optimized website. That's up from just 34 percent of firms who had deployed a mobile-optimized website last year. In addition, 61 percent of respondents said that they use mobile storage apps, 58 percent said they use scheduling and calendar apps, and 51 percent said they use financial management apps. Small businesses are also adopting mobile advertising in greater numbers. A full 21 percent of respondents said they are using mobile advertising, up from just 10 percent last year. Another 23 percent said they were interested in using mobile advertising in the next six months. The survey results are summarized in the infographic below. For a full-size version, click here [jpg]. Read more about: Mobile Advertising, mobile technology back to top |
No comments:
Post a Comment
Keep a civil tongue.