© 2013 Tangoe, Inc.

Locking Down the Risks

from Unlocked Devices

Troy Fulton

Director, Product Marketing

Presented by:

Wednesday, February 20, 2013

Thursday, February 21, 2013

© 2013 Tangoe, Inc.

Today‟s Speaker

2

Troy Fulton

Director, MDM Product Marketing

• 20+ years in high-tech and communications devices

• Senior product marketing and management positions

with global corporations including Motorola Mobility,

Nokia, and Compaq

• MBA from The College of William and Mary; BA from

Boston College

© 2013 Tangoe, Inc.

Agenda

• Definitions

• What is Illegal

• Key Takeaways

• Risk & Mitigation

• Summary

• Q&A

3

© 2013 Tangoe, Inc.

Definitions: Unlocking

• Enables a device to work on a wireless carrier other than the one device

was purchased from

• If an AT&T iPhone were unlocked, it could be used on T-Mobile USA's network

• In October, the U.S. Library of Congress invalidated a copyright

exemption in the Digital Millennium Copyright Act for unlocking

cell phones

• Unlocking a device is potentially illegal, unless authorized

by a carrier

• Civil fines range from $200 to $2,500 per unlock

• Criminal penalties up to $500,000 and five years in jail.

• http://bits.blogs.nytimes.com/2013/01/25/cellphone-unlock-dmca/

• Unauthorized unlocking requires the device to be jailbroken

4

© 2013 Tangoe, Inc.

Definitions: Jailbreak

• Pertains to iOS devices

• Allows applications not approved by Apple to be downloaded from any

source

• Removes the security controls which prevent access to data on a device by

unauthorized people and applications

• Process of removing the sandbox protections that Apple places in its iOS

products

• Enables users to access files they normally wouldn't be permitted to, which

opens up all sorts of possibilities for customizing an iOS system

• Many technically inclined users loathe being

locked into a sandboxed device

5

© 2013 Tangoe, Inc.

Definitions: Root

• Pertains to Android devices

• Android, unlike Apple, is an open source operating system

• Android out of the box allows users to install 3rd party apps (also known as

sideloading)

• User can install themes

• Allows the install of applications directly from SD card or internal memory of

device

• Everything IOS users hope to accomplish with jailbreaking is basic functionality

within Android

• Rooting overcomes limitations carriers and OEMS put

on devices (skins, etc.)

• COMPLETELY remove and replace the entire

operating system of the device

6

© 2013 Tangoe, Inc.

What Has Been Reported to be Illegal

• Unlocking without carrier permission

• A common example….

• Use device as an Internet hotspot

• Switch to a local carrier when traveling overseas to avoid roaming charges

• In Europe, unlocked phones function as you might expect.

• You buy a phone and obtain a SIM card from the network you have chosen, and the phone

registers on that network

• Want to change networks? Get a different SIM and swap it out

• Why does this work?

• Network operators share the same three portions of the spectrum and support GSM

(3G) and LTE (4G).

• In the U.S. carriers enable different features on their smartphones

• Support differentiated mobile experiences

• Support competing 3G and 4G wireless communication

standards at different spectrum frequencies

7

© 2013 Tangoe, Inc.

Key Takeaways: Unlocking

• New carrier = non-optimized usage rates

• Unlocking can also interfere with your phone‟s settings

• Features previously enabled will not likely function

• Phone warranty voided

• Jailbreaking attracts malware and decrypts data

• This law does not eliminate the practice of unlocking phones

• Does not prevent unlocked phones from entering corporate networks

• Organization may be held liable for an employee‟s unlocked device

8

© 2013 Tangoe, Inc.

Key Takeaways: Jailbreak vs. Rooted

• Sandbox protection for apps is removed

• Every app can get to everything

• iOS and Android apps designed not to share data

• Jailbreaking decrypts data on the device

• Bypasses device password

• Android app developers can store data in cipher text (optional)

• If not, encrypted device data may be stored in plain text if you PC synch

• Jailbroken vs. rooted

• iOS: apps must utilize the Data Protection APIs to maintain encryption

• Password protection enables data encryption

• NSS Labs: possible to jailbreak an iOS device and completely bypass the passcode

• Jailbroken phones are more vulnerable to malware

• Android: device password enables full file system encryption

• Modifying the bootloader or OS is not sufficient to access data without the password

• Rooting decrypts all data. Google recommends an OEM hardware solution

9

© 2013 Tangoe, Inc.

Risks and Mitigation

• Device is lost or stolen

• Exposed data…all of it

• SMS/iMessage texts

• Address book, calendar, email….

• VPN

• Secure communication but is the device secure?

• Access to enterprise resources

• Need mobile anti-virus

• Mitigate risks

• Monitor with automatic policy response

• Carrier and application

• Mobile content management

• Containerization

• ABQ

10

© 2013 Tangoe, Inc.

Secure Mobile Content Management

Corporate Document

Stores

Simple, Private

File Sharing

Device Continuum

Native, 3rd Party

Editing Tools

Mobile

Content

Management

• Enforce security for

device-based

access

• Manage distribution

authority

• Enforce DLP via

cut/paste features

• Manage document

version control &

redundancy

© 2013 Tangoe, Inc.

Mobile Device Containerization

12

• Data security

• Enterprise apps & services

• Easy to manage and control

• Personal phone, SMS and web

• Choice of device, services

• Freedom & privacy

• Separate corporate data from personal data

• Allow „personal data‟ to co-exist

• Provide controls over corporate data

Enter passcode Tap to access Divide Get to work!

© 2013 Tangoe, Inc.

Secure Network Access: THE BYOD Solution

• Real-time detection and enforcement

• Detect and quarantine unknown devices

• Self-Service Device Enrollment Modules

• Guest Access Management

• Non-Browser Device Registration

• MDM Policy Enforcement

• MDM Self-Registration process integrated with NAC-based Policy

Enforcement

• NAC-based MDM Policy Enforcement and Remediation Messaging

13

© 2013 Tangoe, Inc.

Summary

• Terms and conditions should clearly describe the penalties for unlocking

• Know your environment

• SANS Institute IT Survey: 9% are “fully aware” of all mobile devices on their network

• Lifecycle of smartphones and tablets is very short: 12 – 18 months

• Do not be fooled…if no controls, there is sensitive data on the device

• Make (sustainable) decisions

• If you do not define policy, employees will

• Never store confidential corporate data on an unencrypted device

• No corporate business through the use of personal accounts

• Prohibit sending emails from your corporate address to private email accounts

• Lock down any device assigned to an employee, including remote wipe

• Secure communication to the device

• Block device access to ActiveSync for non-compliance

• Have a recycling program

14

© 2013 Tangoe, Inc.

Questions and Contacts

Troy Fulton Director, Product Marketing

Troy.Fulton@tangoe.com

Tangoe

203.859.9300

info@tangoe.com

www.tangoe.com

15