Back

Mobile security is the new hotness

April 2, 2012 | Team NetSPI

Mobile security is the new hotness. The conventional wisdom hasn’t yet been established, but many security proponents are gunning for users who jailbreak or root their devices. Symantec and Good both offer enterprise solutions that include features to manage root privileges on employee devices. Unfortunately, malware engineers just changed their approach. As background, many approaches to mobile security rely on preventing users from gaining root access. Root access allows a user ultimate control over the phone, regardless of the inherent protections built into the device’s operating system. Many users who go about acquiring root access do so in order to harmlessly customize their device. Some users leverage root privileges to subvert controls on functionality like mobile tethering. In any case, this process is seen as a risk since a user who roots their phone is capable of granting these enhanced privileges to any application that requests escalation. If a user inadvertently grants root privileges to a piece of malware, that malware could access any data on the phone, including potentially protected, corporate information. In August, a piece of malware called GingerMaster was found to escalate to root privileges on any device compromised. From a management perspective, it no longer matters whether or not users in a given environment have rooted handsets. At this point, a user with a rooted device who installs a malicious app is just as likely to expose sensitive or controlled information as a user without a rooted device. This means there isn’t a technical control that can prevent a given user from installing a malicious app and accidentally compromising anything from their email to their entire corporate environment. Just like with SSL certificates, users will have to learn to differentiate between helpful apps and malicious ones. Thankfully, attackers are still disguising most of their malware pretty poorly. The cutting edge malware GingerMaster, for example, was disguised as “Beauty of the Day.”

Team NetSPI

Recent Posts

                                                        <img width="832" height="451" src="https://www.netspi.com/wp-content/uploads/03-28-24_Azure-Site-Discovery_Feature-Image.jpg" alt="Elevating Privileges with Azure Site Recovery Services">												
                                                    
                                                            Technical BlogCloud Penetration Testing                                                        
March 28, 2024

                                                            Elevating Privileges with Azure Site Recovery Services
                                                        
                                                                                <img data-del="avatar" src='https://www.netspi.com/wp-content/uploads/Joshua-Murrell-150x150.jpg' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'/>                                                                                  
                                                                        
                                                        <img width="832" height="451" src="https://www.netspi.com/wp-content/uploads/03-20-24_Blockchain-Technical-Blog_Feature-Image.jpg" alt="Web2 Bugs in Web3 Systems">												
                                                    
                                                            Technical BlogBlockchain Penetration Testing                                                        
March 19, 2024

                                                            Web2 Bugs in Web3 Systems
                                                        
                                                                                <img data-del="avatar" src='https://www.netspi.com/wp-content/uploads/2017/09/netspi-150x150.png' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'/>                                                                                  
                                                                        
                                                        <img width="832" height="451" src="https://www.netspi.com/wp-content/uploads/03-14-24_Azure-Deployment-Scripts_Karl_Feature-Image.jpg" alt="Azure Deployment Scripts: Assuming User-Assigned Managed Identities">												
                                                    
                                                            Technical BlogCloud Penetration Testing                                                        
March 14, 2024

                                                            Azure Deployment Scripts: Assuming User-Assigned Managed Identities
                                                        
                                                                                <img data-del="avatar" src='https://www.netspi.com/wp-content/uploads/Karl-Fosaaen_Web-150x150.jpg' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'/>

Name	Domain	Purpose	Expiry	Type
VISITOR_INFO1_LIVE	youtube.com	YouTube cookie.	6 months	HTTP
Test	test.com	Testing	7 days	HTTP

Featured

Mobile security is the new hotness

Recent Posts

Elevating Privileges with Azure Site Recovery Services

Web2 Bugs in Web3 Systems

Azure Deployment Scripts: Assuming User-Assigned Managed Identities

Services

Resources

Company

Get in Touch