Enterprise Mobility Security Part 2
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Enterprise mobility security Part 2.
00:00
The learning objectives for this lesson are to
00:00
explore mobile deployment scenarios,
00:00
to explain mobile security concerns,
00:00
and to define key mobile digital forensics items.
00:00
Let's get started. Continuing on from Lesson 1,
00:00
we're going to go into a deeper dive
00:00
into mobile security.
00:00
Also, we're going to discuss some
00:00
of the issues that may bring
00:00
to a company that
00:00
chooses to deploy different mobile devices.
00:00
Beginning with that, we're going to go over
00:00
mobile device deployment scenarios.
00:00
The first is bring your own device or BYOD.
00:00
This is when the device is owned by the employee.
00:00
But the device needs to meet
00:00
a certain corporate standard for
00:00
specs and also allow for some level of auditing.
00:00
This is the most difficult to secure
00:00
because the corporation does not own the device.
00:00
The next scenario would be the corporate-owned.
00:00
This is when the device is owned by the company and
00:00
device could only be used for corporate purposes.
00:00
The next scenario is the corporate-owned,
00:00
personally enabled or COPE.
00:00
This is where the device is supplied
00:00
and owned by the corporation,
00:00
but it allows for a personal access to email,
00:00
social media, and related.
00:00
These are all accessible to
00:00
the employee and they can use them on their own,
00:00
but they have to do so within
00:00
the corporations' acceptable use policies.
00:00
Then finally, we have choose your own device or CYOD.
00:00
This is similar to COPE,
00:00
but where the corporation will supply
00:00
employees with a list of
00:00
approved devices that the employee can choose from.
00:00
Mobile device, digital forensics.
00:00
Now, mobile devices because they've
00:00
become so embedded in our lives,
00:00
really contain a lot of
00:00
information that would be useful to investigators.
00:00
We can find out where a device was,
00:00
how it was used,
00:00
and how the data was used on the device,
00:00
as along with many other valuable pieces of information.
00:00
We're going to go over those in more
00:00
detail in the next slide.
00:00
But keep this in mind that because
00:00
so many things have been
00:00
pushed to our own mobile devices,
00:00
just not dimension banking
00:00
and shopping and that type of thing.
00:00
But most of our communications are
00:00
done this way through messaging apps.
00:00
But we also take a lot of pictures and we use a lot
00:00
of apps on a wide variety of topics.
00:00
Because of that, our devices are collecting
00:00
more and more information about us in our daily lives.
00:00
Here are some of the specific items that would be
00:00
very interesting to an investigator
00:00
about a mobile device.
00:00
We want to look at the subscriber
00:00
and the equipment identifiers,
00:00
but also the date and time and
00:00
language and the system settings,
00:00
the contacts that are on the device.
00:00
This is very telling for us. Calendar data.
00:00
This may be information that we can make
00:00
sure where someone might have
00:00
been or where they confirmed you have met with someone.
00:00
Also text messages, the call logs,
00:00
email, any media files such as photo, video or audio.
00:00
Messaging apps are a big thing similar to text messaging,
00:00
but a lot of people have shifted more towards this.
00:00
This could be WhatsApp
00:00
or Facebook Messenger, those types of things.
00:00
Also, we want to look at their web browsing,
00:00
their web history to see what's going on.
00:00
Any documents that may be stored on the device,
00:00
their social media data,
00:00
all the data from the apps that
00:00
are installed on the device.
00:00
Geolocation data that would show where the person was.
00:00
A lot of people aren't aware of this,
00:00
but this data is stored for
00:00
very long periods of time so you
00:00
can really go back and find where a device has been.
00:00
Also, many devices we carry
00:00
the biographic health data because of
00:00
the push to using health apps on mobile devices.
00:00
Which brings us to
00:00
the security implications for wearables.
00:00
Wearables are designed to
00:00
be personal data-enabled accessories.
00:00
These could be smartwatches,
00:00
smart rings, bracelets, or glasses.
00:00
They will collect a great deal of data
00:00
about the user, including health information.
00:00
Because this information is
00:00
such a private nature it
00:00
presents security issues as well as privacy issues.
00:00
But what ends up happening with this data
00:00
as it's shared with various apps.
00:00
A lot of times people aren't aware
00:00
that the app you're using
00:00
is collecting that information
00:00
to in turn share with other apps.
00:00
Because of that, we do have
00:00
potential health privacy issues.
00:00
In addition, we have geo-location problems
00:00
because these devices will
00:00
track the location of where they were used.
00:00
After all, they're often used for tracking,
00:00
running schedules, and running paths,
00:00
that type of thing.
00:00
It can really show where a device was.
00:00
Keep in mind it doesn't always
00:00
mean that's where the person
00:00
was because the device could be used by someone else,
00:00
but it shows where that device was,
00:00
and most often that is where the person was as well.
00:00
Here's a good example of that.
00:00
In 2017, Strava,
00:00
which was a run and tracking app company,
00:00
they released the heat maps
00:00
showing where their users were running.
00:00
Well, unfortunately, this revealed the locations of
00:00
many secret military bases around the world.
00:00
Some of these were used by the United States,
00:00
Russia, and Taiwanese forces.
00:00
You'd be able to see these running maps,
00:00
and then people were able to take those and
00:00
locate previously unknown installations.
00:00
Eavesdropping. Now, this is a broad category,
00:00
but it basically means
00:00
to listen to devices that are transmitting.
00:00
This could be anything from Wi-Fi to Bluetooth,
00:00
NFC, or even cellular.
00:00
Eavesdropping is a constant threat and anything that
00:00
you do not want to be intercepted must be encrypted.
00:00
Bluetooth devices are especially
00:00
vulnerable and they can be attacked
00:00
using tools such as ramble.
00:00
This can be located.
00:00
Even hidden devices stored in
00:00
the car can be located in stolen.
00:00
With RaMBLE, you can locate
00:00
a device that is out of sight.
00:00
Often, like I said, in the back of a car,
00:00
if you keep your phone or your mobile device,
00:00
it's tucked away somewhere,
00:00
that RaMBLE would be able to locate it.
00:00
Because of that, thieves have been able to
00:00
break the back windows of cars and steal
00:00
things that people thought
00:00
were probably pretty safe because they were out of sight.
00:00
Device hardware and software security.
00:00
First thing we're going to go over is jailbreaking.
00:00
These are exploits that enable
00:00
a user to become root on an iOS device.
00:00
This would allow the user to install apps,
00:00
change carriers, and to customize the system
00:00
in ways that they wouldn't normally be able to do.
00:00
The equivalent for this on the Android side is routing.
00:00
Android runs a version of Linux,
00:00
and routing refers to obtaining
00:00
the system level or root access to the device.
00:00
System list refers to obtain
00:00
the same access without modifying the system partitions.
00:00
This is harder to detect.
00:00
When individuals do this,
00:00
they would be able to circumvent
00:00
any security that corporations may be have placed
00:00
on the devices and it does make
00:00
the devices more prone to being hacked.
00:00
If you're getting around the security that
00:00
the manufacturers have installed on the devices,
00:00
it makes it easier for attackers to do the same thing.
00:00
Unauthorized application stores.
00:00
We can use sideloading,
00:00
and this refers to the installation of apps that from
00:00
any third-party management suites
00:00
can be configured not to allow this.
00:00
We make sure that we don't want
00:00
individuals to install apps that are not
00:00
approved and we don't want them
00:00
downloading them from other unapproved sites.
00:00
Third-party app stores would be a good example of this.
00:00
Sites that are other
00:00
than Apple's App Store and Google's Play Store.
00:00
Examples would be F-Droid in Aurora.
00:00
These are app stores that you can download apps.
00:00
Sometimes they're the same ones that are
00:00
in the Google Play Store,
00:00
but oftentimes they are
00:00
apps that are not available there.
00:00
By using this, you could download different apps that
00:00
are not available and install those on your device.
00:00
Oftentimes, corporations would not want
00:00
these apps installed on their corporate-owned devices.
00:00
Because it maybe would introduce
00:00
an aspect of security that
00:00
they don't have to worry about.
00:00
It doesn't mean that these are bad stores.
00:00
They're not. I use both of these actually for my phone.
00:00
But it does introduce
00:00
things that as a security practitioner,
00:00
you're going to have to take into account
00:00
when you're trying to secure your network,
00:00
you don't want anything on there that
00:00
isn't necessary for the corporate mission.
00:00
Containerization. This divides the device into profiles.
00:00
One container profile can be for work purposes,
00:00
while the other can be for personal needs.
00:00
These containers are isolated from each other and
00:00
the apps cannot access each container.
00:00
DLP can also make sure of this and then it can
00:00
prevent tagged data from being
00:00
moved to a non-approved container.
00:00
Again, since one part is being used for personal then
00:00
the user is able to have all their personal things there,
00:00
such as email and their social media there.
00:00
But on the worksite,
00:00
it's strictly limited to only the apps that are
00:00
necessary for work and any documents or
00:00
data that's used on that work profile would
00:00
not be able to be moved over
00:00
to the personal and vice versa.
00:00
Hardware manufacturer concerns.
00:00
Device manufacturing is a worldwide system.
00:00
Parts are made in one place and
00:00
then shipped to other vendors,
00:00
and then they're assembled.
00:00
Original equipment manufacturers or OEM,
00:00
are the final sellers of
00:00
the device and all support comes from them.
00:00
It doesn't come from the people who
00:00
manufacture the individual parts.
00:00
When vulnerabilities are discovered,
00:00
patches must come from the OEM.
00:00
If the OEMs are not responsive
00:00
then devices remain unpatched.
00:00
This is on the Android users have had
00:00
a hard time with because
00:00
the patch updates have to
00:00
come from the device manufacturers such as Samsung.
00:00
If Samsung is slower to patch,
00:00
so they have a slower patch release schedule,
00:00
then that means that there are longer periods of
00:00
time that those Android devices are remaining unpatched.
00:00
Apple is pretty good about this.
00:00
They release patches much more
00:00
frequently than Android devices manufacturers do.
00:00
Bootloader security. Bootloaders are
00:00
the first line of mobile defense for our devices.
00:00
They prevent any unauthorized operating systems
00:00
from being loaded onto the device.
00:00
eFuses are used to permanently
00:00
write OS files to flash storage.
00:00
eFuses also allow for
00:00
cryptographic keys to be
00:00
etched into the device for trust.
00:00
Since these keys are edge that will be
00:00
read-only and they cannot be altered.
00:00
These keys can be used to validate software
00:00
during installation. Let's summarize.
00:00
We discussed mobile device deployment models
00:00
and also containerization and mobile devices,
00:00
bootloader security,
00:00
hardware, and manufacturer concerns.
00:00
We went over jailbreaking and routing,
00:00
loading apps through sideloading
00:00
and other third-party app stores,
00:00
and security concerns of wearable devices.
00:00
Let's do some example questions. Question 1.
00:00
This process allows a user to gain root or
00:00
super user-level access of an iOS device.
00:00
Jailbreaking. Question 2.
00:00
A mobile device is supplied by a company but the employee
00:00
may use it to access non-corporate data such as email,
00:00
corporate-owned, personally-enabled, or COPE.
00:00
Question 3. F-Droid and Aurora are examples of this.
00:00
Unauthorized application stores.
00:00
Also, you could just say third-party application stores,
00:00
but for the purposes of
00:00
a corporation controlling access to a device,
00:00
these would be unauthorized application stores.
00:00
Finally, Question 4, true or false?
00:00
Mobile devices are not forensically speaking,
00:00
very interesting to investigators.
00:00
This is false. They are
00:00
very interesting because they contain
00:00
so much information about
00:00
the person that's using the device.
00:00
I hope this lesson was helpful for
00:00
you, and I'll see you in the next one.
Up Next
Instructed By
