SBN

Ethical hacking: BYOD vulnerabilities

Introduction

With the influx of millennials and rising demand for flexible employment, the transition from using corporate devices to personnel bringing their own devices is having a significant influence on how IT handles data security. Companies that apply BYOD, or bring-your-own-device, in the workplace need to implement certain security measures to ensure the protection of valuable and sensitive corporate data.

However, there might be security holes in the corporate system that the companies aren’t even aware of. Ethical hacking can assist in the identification of BYOD vulnerabilities and provide insight on the countermeasures that need to be taken. Before we discuss how, though, let’s look at BYOD vulnerabilities in detail.

Top BYOD vulnerabilities

Third-party network flaws

Employees typically connect their personal devices to a range of networks outside of the organization’s control. Third-party networks, however, lack the range of security features that are increasingly incorporated into corporate networks. 

Cylance, for example, discovered a vulnerability in network routers used by hotels across 29 countries. The flaw allowed hackers to monitor and tamper with traffic from Wi-Fi networks and even access management systems. As a result, personnel storing corporate data on BYOD-approved devices put their employers at risk of compromise when they connected to third-party wireless networks.

Rooted and jailbroken devices

Most BYOD security suites consider rooted and jailbroken devices to be the root cause of compromise. Because these devices bypass the vendor’s as well as the enterprise’s safeguards, their back end is even more vulnerable to viruses, malware and other hacks than standard devices. 

When these devices connect to the enterprise network, a malware or virus piggybacking on their back end can be easily routed into it. This allows adversaries to make unauthorized uploads, create fake redirects and cause other types of damage.

Malformed content

Employees may be unaware (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/0wKK_s5Y6Ww/