How Does Jailbreaking Or Rooting Affect My Mobile Device Security?

/0 Comments/in /by

You may have heard the term jailbreaking or rooting in regards to your mobile phone, but what is this and what does it really mean for you?

Jailbreaking is the process of removing the limitations imposed by Apple and associated carriers on devices running the iOS operating system. To “jailbreak” means to allow the phone’s owner to gain full access to the root of the operating system and access all the features. Similar to jailbreaking, “rooting” is the term for the process of removing the limitations on a mobile or tablet running the Android operating system.

Jailbroken phones came into the mainstream when Apple first released their iPhone and it was only on AT&T’s network. Users who wanted to use an iPhone with other carriers were not able to unless they had a jailbroken iPhone.

By hacking your device, you can potentially open security holes that may have not been readily apparent, or undermine the device’s built-in security measures. Jailbroken and rooted phones are much more susceptible to viruses and malware because users can avoid Apple and Google application vetting processes that help ensure users download virus-free apps.

It is inevitable that over the next few years, as millions of smartphones replace handhelds, laptops, and desktop PCs, and billions of applications are downloaded—risks of mobile crime will rise. Not only do you need to stay educated about the latest threat and scams, you should also make sure you havecomprehensive mobile security installed on your mobile device.

And remember, jailbreaking or rooting your mobile device can open you up to security risks that don’t make it worth doing so.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

“BYOD”? Mobile Security Tips for Small Businesses

/0 Comments/in /by

Many employees have come to expect that they should be able to use personal smartphones and other mobile devices at the office. This creates problems for IT managers. A company’s IT staff may have a solid grasp on company-issued laptops, desktops, and even mobile phones, but it is almost impossible to control the results when employees begin connecting various types of personal devices to the company’s network. When you get that brand new Droid, load it up with apps, and then plug it into your work PC in order to update or sync necessary files, your company’s IT guy has to worry about whether that last app you downloaded might infect the entire network.

A study by ESET/Harris Interactive found that fewer than 10% of people who use personal tablets for work have enabled auto-locking with password protection. Only one in four secure the personal smartphones they use for work, and only one in three adequately protect their laptops. With well over 50% of employee’s personal devices left unsecured, lost phones, laptops, and tablets constitute a significant data breach risk.

Corporations that do allow employees to use personal devices at work have responded to this problem by implementing a BYOD (“bring your own device”) policy to help IT staff manage these devices and ensure network security.

So, what’s the difference between personal and employer-issued mobiles in the workplace? The short answer to this question is: there is no difference.

A smartphone provided by your employer requires a “company mobile liability policy.” This means they not only provide and pay for your mobile device, they also dictate what you can and can’t do on the device. In many situations, the employer may have remote capabilities to monitor activity and, in the event of loss or employee termination, wipe the data.

“Employee mobile liability policies” are for employees who prefer to BYOD. While these employees may pay for their own devices and their monthly data plans, but the same restrictions can (and should) be imposed on employees who use personal devices at work. If you choose to use your personal device for work purposes, at any time, for any reason, your employer will more than likely want control over that device. This means that, again, your employer may have remote capabilities to monitor activity wipe your device’s data if it is lost or you resign or are fired.

In both situations, the employer will be liable for leaked data. So if you choose to BYOD, be prepared to give up some liberties.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures