(In-)Efficiency of security features on mobile security and compliance

2k13 - Version 0.36 - Last change on 01 September 2013 10:30:00
Jump to: navigation, search


by Yury Chemerkin

MDM tries to offer a way to exert 'useful' and 'efficiency' control over management of mobile devices in certain environment by enforcing configurations, profiles, passwords, encryption while almost of all legitimate applications has come overpermissioned to plant on user mobile devices and asked for unnecessary access more and more. Some of them is aimed to bypass security cages and gather silently all possible information such messages linked with address book, events, social information etc. Typically, every MDM has undocumented communication and different vision on security that might not help to customers evaluate the security and risks adequately. Moreover, they is a 'must have' solution because of known limitless of prebuilt device security features by default. To make it clear, customers rely on wide capabilities and compliance standards and guidelines as much as possible.

The goal of examination of security capabilities is an attempt to expose the security limitations and (in-)ability to prevent attacks on acceptable reliability level that possible due to different defense mechanism of MDM solutions and OS to protect personal and corporate data under BYOD. It is aimed to covers native and MDM enhancements features in order to compliance too. Several attacks against the best security solutions presents a real difference between device & MDM security features and possible attacks as well as how far it is in alignment to compliance