Download - Locking down risks from unlocked devices
© 2013 Tangoe, Inc.
Locking Down the Risks
from Unlocked Devices
Troy Fulton
Director, Product Marketing
Presented by:
Wednesday, February 20, 2013
Thursday, February 21, 2013
© 2013 Tangoe, Inc.
Today‟s Speaker
2
Troy Fulton
Director, MDM Product Marketing
• 20+ years in high-tech and communications devices
• Senior product marketing and management positions
with global corporations including Motorola Mobility,
Nokia, and Compaq
• MBA from The College of William and Mary; BA from
Boston College
© 2013 Tangoe, Inc.
Agenda
• Definitions
• What is Illegal
• Key Takeaways
• Risk & Mitigation
• Summary
• Q&A
3
© 2013 Tangoe, Inc.
Definitions: Unlocking
• Enables a device to work on a wireless carrier other than the one device
was purchased from
• If an AT&T iPhone were unlocked, it could be used on T-Mobile USA's network
• In October, the U.S. Library of Congress invalidated a copyright
exemption in the Digital Millennium Copyright Act for unlocking
cell phones
• Unlocking a device is potentially illegal, unless authorized
by a carrier
• Civil fines range from $200 to $2,500 per unlock
• Criminal penalties up to $500,000 and five years in jail.
• http://bits.blogs.nytimes.com/2013/01/25/cellphone-unlock-dmca/
• Unauthorized unlocking requires the device to be jailbroken
4
© 2013 Tangoe, Inc.
Definitions: Jailbreak
• Pertains to iOS devices
• Allows applications not approved by Apple to be downloaded from any
source
• Removes the security controls which prevent access to data on a device by
unauthorized people and applications
• Process of removing the sandbox protections that Apple places in its iOS
products
• Enables users to access files they normally wouldn't be permitted to, which
opens up all sorts of possibilities for customizing an iOS system
• Many technically inclined users loathe being
locked into a sandboxed device
5
© 2013 Tangoe, Inc.
Definitions: Root
• Pertains to Android devices
• Android, unlike Apple, is an open source operating system
• Android out of the box allows users to install 3rd party apps (also known as
sideloading)
• User can install themes
• Allows the install of applications directly from SD card or internal memory of
device
• Everything IOS users hope to accomplish with jailbreaking is basic functionality
within Android
• Rooting overcomes limitations carriers and OEMS put
on devices (skins, etc.)
• COMPLETELY remove and replace the entire
operating system of the device
6
© 2013 Tangoe, Inc.
What Has Been Reported to be Illegal
• Unlocking without carrier permission
• A common example….
• Use device as an Internet hotspot
• Switch to a local carrier when traveling overseas to avoid roaming charges
• In Europe, unlocked phones function as you might expect.
• You buy a phone and obtain a SIM card from the network you have chosen, and the phone
registers on that network
• Want to change networks? Get a different SIM and swap it out
• Why does this work?
• Network operators share the same three portions of the spectrum and support GSM
(3G) and LTE (4G).
• In the U.S. carriers enable different features on their smartphones
• Support differentiated mobile experiences
• Support competing 3G and 4G wireless communication
standards at different spectrum frequencies
7
© 2013 Tangoe, Inc.
Key Takeaways: Unlocking
• New carrier = non-optimized usage rates
• Unlocking can also interfere with your phone‟s settings
• Features previously enabled will not likely function
• Phone warranty voided
• Jailbreaking attracts malware and decrypts data
• This law does not eliminate the practice of unlocking phones
• Does not prevent unlocked phones from entering corporate networks
• Organization may be held liable for an employee‟s unlocked device
8
© 2013 Tangoe, Inc.
Key Takeaways: Jailbreak vs. Rooted
• Sandbox protection for apps is removed
• Every app can get to everything
• iOS and Android apps designed not to share data
• Jailbreaking decrypts data on the device
• Bypasses device password
• Android app developers can store data in cipher text (optional)
• If not, encrypted device data may be stored in plain text if you PC synch
• Jailbroken vs. rooted
• iOS: apps must utilize the Data Protection APIs to maintain encryption
• Password protection enables data encryption
• NSS Labs: possible to jailbreak an iOS device and completely bypass the passcode
• Jailbroken phones are more vulnerable to malware
• Android: device password enables full file system encryption
• Modifying the bootloader or OS is not sufficient to access data without the password
• Rooting decrypts all data. Google recommends an OEM hardware solution
9
© 2013 Tangoe, Inc.
Risks and Mitigation
• Device is lost or stolen
• Exposed data…all of it
• SMS/iMessage texts
• Address book, calendar, email….
• VPN
• Secure communication but is the device secure?
• Access to enterprise resources
• Need mobile anti-virus
• Mitigate risks
• Monitor with automatic policy response
• Carrier and application
• Mobile content management
• Containerization
• ABQ
10
© 2013 Tangoe, Inc.
Secure Mobile Content Management
Corporate Document
Stores
Simple, Private
File Sharing
Device Continuum
Native, 3rd Party
Editing Tools
Mobile
Content
Management
• Enforce security for
device-based
access
• Manage distribution
authority
• Enforce DLP via
cut/paste features
• Manage document
version control &
redundancy
© 2013 Tangoe, Inc.
Mobile Device Containerization
12
• Data security
• Enterprise apps & services
• Easy to manage and control
• Personal phone, SMS and web
• Choice of device, services
• Freedom & privacy
• Separate corporate data from personal data
• Allow „personal data‟ to co-exist
• Provide controls over corporate data
Enter passcode Tap to access Divide Get to work!
© 2013 Tangoe, Inc.
Secure Network Access: THE BYOD Solution
• Real-time detection and enforcement
• Detect and quarantine unknown devices
• Self-Service Device Enrollment Modules
• Guest Access Management
• Non-Browser Device Registration
• MDM Policy Enforcement
• MDM Self-Registration process integrated with NAC-based Policy
Enforcement
• NAC-based MDM Policy Enforcement and Remediation Messaging
13
© 2013 Tangoe, Inc.
Summary
• Terms and conditions should clearly describe the penalties for unlocking
• Know your environment
• SANS Institute IT Survey: 9% are “fully aware” of all mobile devices on their network
• Lifecycle of smartphones and tablets is very short: 12 – 18 months
• Do not be fooled…if no controls, there is sensitive data on the device
• Make (sustainable) decisions
• If you do not define policy, employees will
• Never store confidential corporate data on an unencrypted device
• No corporate business through the use of personal accounts
• Prohibit sending emails from your corporate address to private email accounts
• Lock down any device assigned to an employee, including remote wipe
• Secure communication to the device
• Block device access to ActiveSync for non-compliance
• Have a recycling program
14
© 2013 Tangoe, Inc.
Questions and Contacts
Troy Fulton Director, Product Marketing
Tangoe
203.859.9300
www.tangoe.com
15