A Hard Pill to Swallow?

Size: px
Start display at page:

Download "A Hard Pill to Swallow?"

Transcription

1 Tablets in the Enterprise A Hard Pill to Swallow? Context Information Security whitepapers@contextis.co.uk October 2012 Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

2 Table of Contents INTRODUCTION... 3 SUMMARY OF FINDINGS... 5 DETAILED FINDINGS... 6 DATA PROTECTION... 7 SOFTWARE INTEGRITY SOFTWARE UPDATES ACCESS CONTROL SECURITY AND CONFIGURATION PROFILES CONNECTIVITY DAMAGE LIMITATION DESKTOP SOFTWARE BACKUP AND SYNCHRONISATION ACTIVESYNC DEVICE-SPECIFIC SECURITY RECOMMENDATIONS ABOUT CONTEXT BIBLIOGRAPHY Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

3 Introduction It is difficult to ignore the growing presence of tablet computers in schools and workplaces around the world. Tablets are conveniently small, light and powerful, are less expensive than many laptops, yet have excellent storage facilities and connectivity. They are often sold with built-in apps or accompanying desktop software, which provides access to rich multimedia content for entertainment onthe-go and allows the tablet s data to be backed up to a local computer or to a cloud-based service. The device format is perfect for social networking, but also for creating documents, presentations and other content on-the-fly, then, with a few taps and swipes, sharing it with the management team, or the wider world. It is easy to see why growing numbers of people prefer tablets to desktops and laptops: they allow a blend of productivity, connectivity and physical freedom which has never quite been achieved before. But the same characteristics that are seen in such a positive light by tablet users present a tough security challenge for organisations. Traditionally, it has always been possible for IT departments to build servers, desktops and laptops to their own security specifications. Most medium to large organisations have a number of templates to which machines can be built, providing at the very least a baseline level of security. Tablets are different because they are embedded devices and because manufacturers do not want any end-user application to be able to gain control of the entire device. Unrestricted physical access to the device by end users is central to the concept of tablet computing, and this means that no-one is there to ensure that a sneaky attacker doesn t poke around inside the device and insert some other memory store into the boot sequence. To combat this threat, manufacturers build in complex mechanisms to prevent modification of operating systems and proprietary apps an absolutely vital element in building a trusted platform. Some devices are constructed in a way that makes it impossible to read unencrypted memory components, even if chips are carefully removed and analysed. The measures put in place to enhance the security of these devices often make it harder to understand the security threats associated with a new tablet. This lack of visibility and understanding of threats means that manufacturers claims about device security are not challenged as robustly as is necessary. Taking vendor security claims at face value is not good practice if any realistic level of security is to be achieved. In May 2012, Context conducted a research project studying three of the most popular tablet computers: the ipad 2, the BlackBerry PlayBook and the Samsung Galaxy Tab. The goal of the research was to identify areas of security strength and weakness in relation to their suitability for enterprise use. We intended to make the findings available to individuals or organisations in the hope that appropriate countermeasures could be put in place to mitigate any hitherto undiscovered security risks. Many articles, reviews and papers have been published about the merits and failures of specific and generic tablets and how best to deploy them in an Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

4 enterprise environment. Therefore, this whitepaper is not intended to act either as a deployment guide or as a review of all the security features available on the tablets examined. The purpose of this whitepaper is to present the findings of Context s research. The research plan originally included a Windows 8 tablet. However, the release date for Windows 8 was unknown at the time the research was conducted. Although one option would have been to install the Windows 8 release candidate onto a Windows 7 tablet, there was a risk that one or more significant security changes could have been implemented in Windows 8 between the release candidate and the final version. It was decided that the research and subsequent white paper would focus on the ios, Android and BlackBerry devices only, with Windows 8 to be covered in a future whitepaper, following the selection and testing of a suitable tablet. It is planned that a further whitepaper will examine the security features provided by third-party mobile device management software. The ipad was chosen principally because of its dominance in the marketplace and its already significant presence in corporate environments. Many organisations are developing their own ipad apps to allow the tablets to be seamlessly embedded into workflows. It must already be the case that an enormous amount of sensitive data is now moving around the country on these easily-misplaced devices. The PlayBook was chosen because of the popularity within enterprises of BlackBerry handsets and the associated infrastructure. In that context it would make sense for many organisations to choose to use BlackBerry tablets to complement their existing estate. BlackBerry handsets are usually connected to organisations internal mail and calendar applications and are often used to access internal resources such as intranet sites. The security of the handsets has been examined on numerous occasions and found to be of a high standard, but until now it is has not been known whether the use of an accompanying tablet would represent a marked increase in security risk. Android also has a significant share of the mobile operating system market, so it made sense to examine an Android device. The Samsung Galaxy Tab was chosen because its popularity as a consumer device makes it a likely candidate for the practice of Bring Your Own Device (BYOD). On a technical level it is also a good representative of Android-based devices. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

5 Summary of Findings From an enterprise security point of view, these three modern tablets including two market leaders were very different in several important respects. All of the tablets had reasonably good support for Exchange ActiveSync, which means that the core security configuration can be managed from a central Exchange server. But there was a significant difference in the security offered by the Galaxy tablet on the one hand and the ipad and PlayBook, which were closely matched in terms of enterprise security, on the other. The Galaxy Tab was shown to suffer from some serious security failings that make it difficult to recommend as a tool for enterprise use. As well as the documented security problems, a lack of enterprise-level management tools beyond ActiveSync means that it is difficult to manage more than a small number of these devices effectively. We discovered that despite high levels of security in the BlackBerry and ipad, their respective accompanying desktop software suites did not encrypt backups by default, although the software did offer the option to encrypt the backups using a password. It was possible for these devices to force the use of encrypted backups through application of security policy. The PlayBook was the only device with a workable solution to the Bring Your Own Device dilemma, in the shape of an architecture that provides very good separation between personal and work data. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

6 Detailed Findings This section provides the findings of our practical security research. This information should be used as a guide to help determine your organisation s current level of security exposure, and also to help plan your forward strategy for safely handling information which is stored and processed using these types of devices. Context investigated a number of areas on each device, conducting tests wherever possible to establish whether security controls were robust or weak and, ultimately, whether they were suitable for enterprise use. Devices examined: Tablet Manufacturer Tablet Model Operating System Samsung Galaxy Tab 7.0 plus (Wi-Fi-Only Version) Android 3.2 Apple ipad 2 (Wi-Fi Only Version) ios Research in Motion BlackBerry PlayBook BlackBerry Tablet OS Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

7 Data Protection One of the greatest risks to corporate data that resides on a tablet is unauthorised access in the event of a tablet being lost or stolen. Most tablets provide disk encryption features to try to reduce this risk, but disk encryption has not always been well implemented. In the past it has sometimes been implemented with more of an emphasis placed on remote wipe than on preventing access to the contents of the disk. The goal of this area of research was to determine as far as possible whether the tablets disk encryption provided much real-world protection. Apple ipad The ipad shares the same internal file system structure as the iphone 4 and 4S, in which the disk is split into two partitions: the system partition and the data partition. The system partition is around 512Mb in size, and contains the ios Operating System. The partition is intended to remain unaltered for the lifetime of the device, with the exceptions of changes written to system logs and updates to IOS. No user or application data is ever written to the system partition; they are always written to the data partition. To protect user data, Apple has implemented a security feature known as Data Protection to encrypt files on the data partition. Data Protection is automatically enabled when a passcode is set on the device. 256-bit AES hardware disk encryption is present even when Data Protection has not been enabled, and encrypts the entire data partition at a block level. Cryptographic operations for this are handled by a coprocessor installed specifically for this purpose. When the device is booted, the disk encryption keys are retrieved from the system secure storage and automatically used to unlock the disk. This disk encryption implementation supports wipe functionality by allowing for the instant erasure of the master file system encryption key, without which, the entire contents of the file system are, in practical terms, irretrievably lost. Although this mechanism protects data should the flash memory chip be lifted from the device, it does not protect data if the device is powered on when no passcode has been configured. When Data Protection is enabled, all files on the data partition are encrypted with individual keys, which are transparently used by the hardware engine as it writes the files to flash memory. The process which governs the handling of the per-file keys is quite involved and is explained by Apple in their ios security paper (1). It is possible, using publicly-documented forensics techniques, to gain access to the encrypted contents of the data partition, even when a passcode has been set on the tablet. This is accomplished by loading a forensic toolkit into memory when the device is booted into Device Firmware Upgrade (DFU) mode (2). With Data Protection enabled, obtaining the file system encryption key first requires that the system keybag be decrypted. This is protected by the user s passcode, among other things. So once a jailbroken kernel is running on the device and the forensic toolkit has been uploaded, an attacker s first task is to perform a bruteforce guessing attack on the passcode. Because the attack occurs at kernel level, Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

8 it is not subject to the incremental waiting times or potential data-wipe enforced by the SpringBoard user interface. The encryption key protecting the keybag consists of the passcode tangled with two unique hardware-based keys, neither of which can be read by firmware or application software, but which can be read by the AES processor. This means that the brute-force attack must be carried out on the ipad itself: it is not possible to perform the attack offline with a more powerful computer. Apple has introduced many encryption rounds into the passcode verification algorithm, and it takes around 80ms to perform a single verification in native code. Using the forensics toolkit, each attempt takes around 108ms. At this rate, the worst-case times taken to obtain the passcode for varying complexities are shown in the table below. 4 Digits 18 Minutes 8 Digits 125 Days 4 Alphanumeric 50.3 Hours 6 Alphanumeric 7.5 Years 8 Alphanumeric 9,661 Years The times given above show the time taken to carry out a brute-force search of the entire key space. Statistically it is likely that the correct key will be found after 50% of the search space has been covered, although this approach could be refined further. This means, for example, that a passcode of six randomly-chosen alphanumeric characters can be expected to protect the encrypted contents of an ipad 2 running ios for about 3 years and 8 months. An informal poll by the author of family and friends revealed that all of them protected their ipads with at best a four digit passcode. Samsung Galaxy Tab The Galaxy Tab s disk partitions are, for practical purposes, unencrypted by default. Applications and user data are stored in a partition mounted at /data, although the size of this is only around 2GB: a small portion of the device s rated storage capacity. The rest of the internal flash storage is mounted at /mnt/sdcard and is available to store any data the user sees fit to store: multimedia files, in the majority of cases. External storage can be added to the Tab in the form of a Micro SD card, mounted at /mnt/sdcard/extstorages/sdcard. Samsung states that, as a part of its Samsung Approved for Enterprise (SAFE) programme, the newer Galaxy range of smartphones and tablets feature hardware-based AES-256-bit encryption. Context was unable to locate details for the way in which the hardware encryption has been implemented. However, our investigations suggest that it has been implemented in a similar way to Apple s hardware encryption, in which the disk is encrypted and is transparently decrypted, without user input, on boot. This facilitates a very fast disk wipe capability and protects against chip-off attacks, but provides negligible data protection against attackers who use software-based attacks. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

9 Given that the secure wipe facility works very quickly, but that when first enabled, encryption takes around an hour, it appears that the Galaxy Tab uses Android s 128-bit software encryption applied on top of the 256-bit hardware encryption in order to provide data confidentiality. This would also account for the slightly extended boot time experienced when encryption is enabled. As Android is built on a Linux kernel, the software encryption is performed using Linux s device mapper (dmcrypt) using 128-bit AES (3). This encryption is not enabled by default, and when enabled is applied to the internal /data and /mnt/sdcard partitions. Disk encryption is enabled through the settings menu and a separate menu item is available to encrypt the external Micro SD card. In a corporate environment, it is possible through ActiveSync policies to enforce the encryption of the device s own internal storage and the Micro SD card. However, on the Micro SD card, encryption takes place on a per-file basis, and if the card is removed, it is still possible to read the unencrypted file names from the file system. When initialising the software encryption, a 128-bit master key is created using 128 bits of entropy from the system s pseudo-random number generator, /dev/urandom. This master key is used by dmcrypt to encrypt the file system. A salt value is also taken from /dev/urandom and used, together with the user s passcode, in the OpenSSL PBKDF2 key derivation function. This creates an encryption key with which the master key is subsequently encrypted. The encrypted master key is then stored, with the copy of the salt and the encryption algorithm details, in the crypto-footer of the partition. At boot time, the user is prompted for the encryption passcode which is required to unlock the master key. Assuming the correct passcode is supplied, the disk can be decrypted and used transparently by the operating system. As the salt is available in plain text, the only unknown variable needed to decrypt the master key is the user s passcode. It would be a feasible attack to take a copy of the crypto-footer and the encrypted file system, and then perform an offline dictionary attack against the encrypted disk image. It is likely that the attack could be carried out relatively quickly, especially if the attacker could distribute the attack across many computers. BlackBerry PlayBook The BlackBerry PlayBook supports both work and personal usage profiles. Work mode is facilitated by the BlackBerry Bridge application, which uses Bluetooth to tether the PlayBook and a BlackBerry smartphone. The Bridge application allows the tablet to access the corporate BlackBerry infrastructure via the access already provided to the phone. The file system is divided into three areas: the base file system, which is read-only and contains system files; the personal file system, which contains applications that run in personal mode together with their data; and the work file system, which contains the applications that run in work mode together with their data (4). Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

10 When a PlayBook is connected to a BlackBerry smartphone using the Bridge software, the tablet temporarily stores work data in the work file system. The work file system is encrypted using XTS-AES-256, which is an IEEE-approved AES mode for disk encryption and uses 512-bit keys. The encryption module has received FIPS certification. The keys that the PlayBook tablet uses to encrypt the work file system are encrypted using the BlackBerry Bridge work key. The tablet stores the Bridge work key in RAM only. When the Bluetooth connection between a tablet and a smartphone closes, the tablet and the smartphone each delete their copy of the Bridge work key. All of the work data stored on the tablet is encrypted with keys encrypted using the Bridge work key, and both copies of the work key are deleted. This data and key encryption means that it is not possible to decrypt the work data after the Bluetooth connection closes and the smartphone and tablet delete their copies of the Bridge work key. No work data can be accessed on the tablet without the presence of a tethered smartphone. However, the PlayBook does not encrypt personal data, and the contents of personal s and messages are unencrypted on the flash storage of the device. Currently, no working jailbreak is available for the device, and it is possible to disable USB Mass Storage access to the device by disabling the File Sharing option. With this option disabled, it was not possible to gain unauthorised access to the unencrypted file system, although this will change when a working jailbreak becomes available. Summary For protection of corporate data, the BlackBerry tablet has the best security, although this is achieved largely by offloading many of the security requirements to a tethered BlackBerry smartphone. The disadvantage of the tablet is that it does not encrypt personal data. When a jailbreak for the device becomes available, it will become possible for a skilled thief to access the unencrypted files. The ipad also has an excellent disk encryption facility, the weak point of which is the user s passcode. If a centrally-managed password policy of at least 8 alphanumeric characters is enforced, then the ios disk encryption scheme will provide very strong protection against lost or stolen device scenarios. The Galaxy Tab provided software encryption support which was slightly more intrusive to use than the other solutions and would probably not be enabled by the majority of domestic users. However, it was possible to forcibly enable encryption within a corporate environment. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

11 Software Integrity A key goal of tablet manufacturers is to ensure that only trustworthy software is run on their devices. If applications are forced to behave in a trustworthy manner it is less likely that a piece of malicious software could access data belonging to another application. Because the physical devices are in the hands of the endusers, manufacturers achieve this goal by implementing strict cryptographic checks at key stages of the boot process. This means the operating system, when it is finally running, is guaranteed to be the original vendor s signed code. With this guarantee in place, the devices are in a position to prevent the execution of any apps not signed by a trusted software publisher. This area of testing focused on determining whether it was possible to bypass any of these checks and run unsigned code. Apple ipad Each step of the boot process contains components that are cryptographically signed by Apple to ensure integrity, and proceeds only after verifying the chain of trust. This includes the bootloaders, kernel, kernel extensions, and baseband firmware (1). When an ios device is powered up, its application processor executes code from read-only memory known as the Boot ROM. This is implicitly trusted, immutable code, burned in during chip fabrication. The Boot ROM code contains the Apple Root CA public key, which is used to verify that the Low-Level Bootloader (LLB) is correctly signed by Apple before allowing it to load. This is the first step in a chain of trust in which each step ensures that the next is signed by Apple. When the LLB finishes its tasks, it verifies and runs the next-stage bootloader, iboot, which in turn verifies and runs XNU, the ios kernel. Once the ios kernel has booted, it controls which user processes and apps can be run. ios requires that all executable code be signed using an Apple-issued certificate. Apps provided with the device, like Mail and Safari, are signed by Apple, but third-party apps must also be validated and signed using an Appleissued certificate. Mandatory code signing extends the concept of chain of trust from the OS to apps, and prevents third-party apps from loading unsigned code resources or using self-modifying code. This means that the only way to get code to run on an ios device is to install it though the Apple app store. But businesses and organisations can apply to join the ios Developer Enterprise Program (idep). Members of idep can register to obtain a provisioning profile that permits in-house apps to run on devices that it authorises. Users must have the provisioning profile installed in order to run the in-house apps. This ensures that only the organisation s intended users are able to load the apps onto their ios devices. Security vulnerabilities that allow for arbitrary code execution in a given stage of the boot process allow the attacker to control the subsequent boot processes. Over most versions of IOS, including IOS 6.0, hackers have discovered security vulnerabilities in most stages of the iphone/ipad software stack. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

12 Security vulnerabilities can be addressed by Apple by means of software updates, but not if they exist in the Boot ROM. Because the Boot ROM is immutable and the contents are set at fabrication time, vulnerabilities in existing devices cannot be patched. The best that Apple can do is fix the vulnerability in future releases of the Boot ROM on new devices. Such security vulnerabilities are the basis of jailbreaking, the practice of modifying ios to allow the running of unsigned code. Jailbreaking tools are freely available for most versions of ios running on all Apple ios hardware. The majority of jailbreaking tools install a replacement XNU kernel, which is modified not to check for signed code, and an application called Cydia, a package management application. Cydia allows the installation of non-approved packages from a nonapproved app store. Whilst there are plenty of useful apps available via Cydia, there are also many malware-ridden apps, created by unscrupulous developers keen to take advantage of the lack of quality control. Samsung Galaxy Tab Like ios, Android normally uses an ostensibly secure boot sequence, in which each stage of the boot process verifies the signature on the next stage prior to loading and handing control to it. Unfortunately, numerous publicly-known security vulnerabilities and recovery features make it possible to gain control of the Android boot process. On the Galaxy Tab under test, it was found that both the native and recovery bootloaders were unlocked, allowing unsigned kernels to be loaded. An attacker who had gained temporary access to the device could power off the tablet and boot into recovery mode. The attacker could then exploit this mode to perform a number of actions such as rooting the device, or apply new software to the tablet. In this state, it would be possible for an attacker to access potentially sensitive information, such as the domain credentials used by ActiveSync on the tablet, or other private application data. This is possible whether or not a password is applied. Apps are deployed from the Google Play app store, and all apps must be signed by their authors before Android devices will install them. But Android will accept any valid signed package and there is no real chain of trust. This is one reason why there is more malware distributed through the Google Play store than through the Apple App store. BlackBerry PlayBook The PlayBook s bootloader is locked, which means it will only boot code that has been signed by Research in Motion (RIM). As with ios, each step of the boot process contains components that are cryptographically signed by RIM to ensure integrity, and proceeds only after verifying the chain of trust. No security vulnerabilities have been found in the bootloader or other elements of version of the PlayBook OS, and no jailbreak was available as of September Apps are deployed to the PlayBook via the BlackBerry App World store. The PlayBook OS supports the installation and running of Android apps which, because Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

13 they have a reputation for lacking a very high degree of security or quality control, are vetted before being made available in the App World store. Android apps are considered to be for Personal mode only; the BlackBerry Runtime for Android prevents Android apps from accessing work data. It was possible to run unsigned code via side-loading: the installation of applications from sources outside the official App World store (5). The side-loading process is not intuitive, and requires entering developer mode. Many people will not realise that the possibility to side-load applications exists. Summary The Blackberry PlayBook was the only tablet on which it was not possible to gain privileged access. Both the ipad and the Galaxy Tab were easily compromised with untethered jailbreaks, although the outcomes were different in terms of the security impact a jailbreak had on the data stored on the devices. If the Galaxy Tab had not had encryption enabled, it would have been possible to access all of the data on the internal /data and /mnt/sdcard partitions. The data on the Micro SD card could be read in plain text, even though SD card encryption had been enabled. Conversely, the data on the data partition of the ipad remained protected. Finally, the Galaxy Tab was the only device with an unlocked bootloader. In an extreme case, this would allow the installation of a completely different operating system even before any exploitation of software vulnerabilities. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

14 Software Updates Security vulnerabilities in software are discovered every few minutes. Tablet manufacturers need to react to the discovery of security vulnerabilities and release updated versions of their firmware in order to protect the integrity of customers devices. As well as security fixes, software updates are often released in order to add new functionality, or to fix non-security bugs. If the software update process can be subverted, then the integrity of the whole platform should be considered untrustworthy. Apple ipad All software updates for non-jailbroken ipads are distributed by Apple via the app store. This includes updates for ios and Apple apps. Updates for third-party applications are also obtainable only from the app store, in line with Apple s strict policy of allowing only signed code to run on ios devices. ios version 5 introduced the concept of over-the-air operating system updates; previously the only method to update ios was to connect the device to the itunes desktop software via USB and download a complete copy of the updated ios from Apple. ios updates are now incremental and delivered over the air via Wi-Fi or 3G, meaning that updates are much quicker and consume less bandwidth. All software downloads are signed by Apple and delivered over HTTPS connections. Despite significant efforts with DNS and certificate forging during testing, there was no evidence of any improper certificate validation, and software updates from servers other than Apple servers were all rejected with a user-friendly error message. The same applied to software updates which had been altered during download. During an itunes-based software update, itunes requests a signature from Apple for the software it is about to apply to the ipad. itunes first supplies a challenge, which includes the software version and unique device ID. Apple signs the challenge, and if the signature is valid, itunes applies the software update. However, Apple refuses to sign software which is older than the current version. It is possible, through the use of tools such as Tiny Umbrella, to cache these signed responses from Apple and re-use them at a later date to apply out-of-date ios versions to a device. This can allow an ipad to be downgraded to an older version of ios, usually so that the device can then be jailbroken. It should be noted that Apple s signatures are time-bound. Once the expiry date has passed, they cannot be reused. Samsung Galaxy Tab Software updates are delivered to the Samsung Galaxy Tab via the Kies desktop software, then delivered to the device over USB. This process was not fully evaluated during the time available for research. It is very likely that a non-rooted tablet would detect an illegitimately modified firmware during its signature checks, and that it would subsequently reject the update. But there is a strong likelihood that a rooted tablet would accept a maliciously modified software update. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

15 BlackBerry PlayBook Blackberry PlayBook updates can be applied over USB, via the BlackBerry Desktop software, or over the air. All software updates are delivered over TLS and are digitally signed. It was not possible to update the PlayBook with a new firmware which had been modified illegitimately by subverting either of these methods. A number of offline downgrade attacks have been published, allowing PlayBooks to be downgraded to vulnerable versions of the operating system, subsequently allowing the devices to be rooted. Once rooted, the integrity of the device cannot be assured. Summary Both the ipad and the PlayBook rejected attempts to interfere with online software updates. It is likely that the Galaxy Tab would also reject such attempts, but this could not be confirmed during testing. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

16 Access Control Although tablets tend to have only one user at a time, many applications are installed simultaneously and many are often running at the same time. The applications are effectively under the control of the application developer, as the user can only see what the application wants them to see. A tablet can potentially contain hundreds of pieces of software, each from a different company or individual developer and it is important to realise that these separate entities have no obligations to each other and there is certainly no trust relationship between them. A tablet s user has an implicit trust relationship with each developer: he has installed that developer s code on his tablet, and he is trusting the developer not to share the small subset of data controlled by the app with the whole world. He doesn t want that developer to be able to access data from other applications, at least, not without explicit consent. This area of research looked at the mechanisms for preventing access to data, either via the user interface, or programmatically, as an application. Apple ipad User-level access control to the device is via a passcode, ranging in configurable complexity from a four-digit PIN to an alphanumeric sequence of arbitrary length. The passcode is required to unlock the device. If a passcode is entered incorrectly, the user is forced to wait until they can make another attempt, and the waiting time between failed attempts rises exponentially. The device can be configured to erase itself after a preset number of failed attempts. The erasure is achieved cryptographically, using the same mechanism used by the remote wipe facility. For applications, access control is imposed in ios through the use of the Apple Sandbox. The Sandbox environment is designed to ensure that applications cannot access areas of the file system or memory to which they should not have access; and cannot make privileged system calls or execute other code which they should not have permission to execute. From the application s point of view, there are very tight restrictions on which areas of the file system are accessible. Non-Apple applications are able to write only to their own dedicated area of the file system. No access control problems were discovered during testing of the device. Samsung Galaxy Tab All applications have read access to all locations under /mnt/sdcard/. This includes both the large internal and the Micro SD card storage areas, meaning that applications which store sensitive data in these areas should encrypt the data before writing them to storage. Examples of sensitive data might include cached credentials, attachments or personal information in documents created by third-party apps. Only some application data was found to be securely stored on the device under test, and this is likely to be the case across all Android devices. For example, ActiveSync credentials are stored in the clear within a flat-file database, allowing for easy retrieval of domain credentials by applications running as root. An Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

17 attacker would require root privileges over the device to access this file, as it was stored in the /data partition and therefore subject to file system-based access controls. Once obtained, this information could be used in order to mount a more serious attack against the corporate network. content was found to be securely stored within databases in the /data partition, but the same cannot be said for attachments. Corporate attachments, even those served from ActiveSync accounts, are downloaded to the tablet s so-called external storage, which is actually the larger internal storage partition. But on all Android devices, even an application with no privileges is permitted to read data from external storage, whilst applications which need to write to the larger internal storage will have been granted the WRITE_EXTERNAL_STORAGE permission, allowing them to overwrite the contents of any file stored in this area. As a result, any application on the phone could potentially read the contents of the attachment from the tablet, and a number of applications would be able to modify the attachments too. If an application had the Internet permission (a permission that nearly all apps request), then it would be possible for the malicious app to send corporate attachments to a rogue server. In the Android architecture, each app runs in the context of its own User account and Group ID within its own sandboxed Dalvik Virtual Machine (VM). The Dalvik sandbox prohibits communication with other processes, access to data, access to hardware features like GPS or camera and network access and so on. Access to resources must be declared by the application when it is packaged for deployment, and the user must review and accept the access requirements prior to installing the app. Once the app is installed, it can assume that it has been granted all the permissions it requires. It is not possible to hide requirements from the user, as the manifest containing the access requirements is used by the Dalvik VM to grant the access. If a requirement is not requested it is not granted. Technically, this separation works very well, but the reliance on users to determine which permissions are reasonable when they wish to install an app can lead to some poor security choices. Because they know users will typically accept almost any permission requests, this also leads to developers simply requesting more permissions than they need. The cycle continues as users are met with increasingly complex lists of permission requirements for ostensibly simple apps. Faced with a choice of functionality or security, many will choose functionality and install the app anyway. For access via the user interface, various methods exist to secure the device: Unsecure swipe to unlock. Doesn t require pattern, pin or password. Pattern connect at least four dots. PIN minimum four characters. Password minimum four characters. It was also possible to configure the Galaxy Tab to erase its contents after a number of failed login attempts, and this was a feature which could be enforced and configured by ActiveSync. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

18 During testing Context did not find a direct method to bypass this access control using on-device functionality. But it was possible to unlock the device remotely using the Samsung Dive product. Some investigation of the process used to do this revealed that it would be possible for any application to unlock the screen, change the password or worse. This is covered on more detail in the Damage Limitation section of this white paper. Further access control bypasses were possible when USB debugging was enabled. This is a developer option allowing software development toolkits to push updated applications to the tablet without notification or user intervention. It is possible to access all areas of the file system when in this mode using the Android Debug Bridge (ADB). Using this method, it was possible to read in clear-text the contents of the SD card, even though they we stored in encrypted form on the device. BlackBerry PlayBook The PlayBook uses a sandboxing security architecture in which every application, network stack or device driver runs in memory-protected user space. Each application process runs in its own sandbox, which consists of the memory and file system segments to which the application has access at a specific time. By default, each application stores its private data in its own data directory, to which only it has access. Applications can also store and access data in a shared directory. The user is prompted to permit access when an application first wants to store or access data in the shared area. Access to hardware I/O is controlled through the authorisation manager and capabilities, such as camera and microphone access. When an application starts, the authorisation manager is invoked to set the permissions for the capabilities used by the application. In some cases, the user might be prompted to grant or deny access to a capability by an application. This decision will be remembered by the authorisation manager and applied in future instances. Access to the user interface is controlled by a password, which is not set by default. When a password is set, the device will securely erase all stored data after ten failed login attempts. When file sharing is enabled, it is not protected by the device password; a separate password must be set to protect personal data. The file sharing service uses CIFS over USB and Wi-Fi to enable copying of files to and from the device. A warning is presented to the user when file sharing is enabled with no password set. When the tablet is tethered to a BlackBerry smartphone and enters work mode, the security policy on the phone is also automatically applied to the tablet. So, for example, it will be necessary to enter the phone s password to unlock the tablet. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

19 Summary The Samsung Galaxy Tab was affected by numerous access control security problems, while the ipad and PlayBook both provided strong access control that could not be bypassed. The PlayBook made it possible to expose files to a network with no protection, while no such facility existed on the ipad. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

20 Security and Configuration Profiles All three tablets allow the user to configure security settings through the user interface. They also allow security to be managed through the use of configuration profiles, although the implementation of the profiles varies between tablets. This area of research investigated whether it was possible to install a strong security configuration via profiles, and whether these security settings could be removed by users. Apple ipad To assist in the deployment of standard and secured device configurations, Apple provides a configuration file format called mobileconfig. This is an XML file describing a number of security and operational parameters, such as the name of the profile, whether or not it can be removed by the user or whether it requires a PIN for removal. The bulk of the document contains the desired settings to be applied to the ipad. Most of these settings are security-related, and many of them are simply not accessible through the ios User Interface. It is possible to use mobileconfig, for example, to configure VPN connections, set password complexity requirements, force encryption of backups, and restrict the use of certain applications. Mobileconfig files can be signed and published via a web server so that ios devices can install the profiles if their users browse to the mobileconfig location with the Safari browser. Mobileconfig configurations can be created by the graphical iphone Configuration Utility (ICU), which is available at no cost from Apple. As well as configuration via mobileconfig, the ipad supports Microsoft ActiveSync policies. ipad s ActiveSync support, as tested by Context, is detailed later in this document. During testing, all of the supported security configuration parameters were successfully applied to the ipad. Using the User Interface, it was not possible to remove profiles which had been configured as non-user-removable. However, it was possible to remove policies by restoring backups which had been made before the policies had been applied; this would consequently result in the loss of data which had been stored since the non-protected backup was made. Samsung Galaxy Tab Android implements support for enterprise applications via the Android Device Administration (ADA) API. This API provides device administration features at the system level and facilitates the creation of security-aware applications that are useful in enterprise settings, enabling IT professionals to require rich control over employee devices. The .apk application shipped with the Galaxy Tab was used to apply ActiveSync policies to the device using the ADA API, and was also the client used to collect from Exchange using ActiveSync. Because the ADA API can be used by multiple applications to apply restrictions to the device, one possible scenario is that multiple applications could attempt to set differing policy settings. In such conditions, the most constrictive settings are used. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

21 Removing the ActiveSync account removes the s that are stored on the device (ie. content in the databases) and the passwords stored in the accounts database. But it does not remove the ActiveSync policy. Furthermore, because the ActiveSync account has been removed, it is no longer possible to access or receive further ActiveSync policy updates. In this state, the device is stuck with an ActiveSync policy which cannot be removed easily. One method of removing the ActiveSync policy is to create and install an application which uses the ADA API to relax all of the security settings. Whilst this is non-trivial to create initially, it is the sort of attack which could be packaged up and distributed through the Internet for use by non-technical users. A simple modification can be made to the .apk application to prevent the application of ActiveSync policies. Examples of these patches for numerous Android versions can be found on the Internet. BlackBerry PlayBook Blackberry Balance is an architectural feature included in the PlayBook (running OS 2.0) which facilitates the security management and separation of work and personal data on the same device. BES 5.0 is required to manage the policies to be enforced on the PlayBook, and it allows very fine-grained control over the actions that can be performed on the device, to a much greater extent than is enabled by the ActiveSync policies. For example, as well as setting basic security configuration such as password lengths, it is possible to disallow forwarding of work content using personal channels, and also to set very granular application control policies. It was not possible to test whether a user could remove these policies in the time available. However, previous experience with BlackBerry products and the lack of a jailbreak for the current PlayBook suggests that it is unlikely to be achievable. Summary All of the devices supported basic security policy application either via ActiveSync or by vendor-specific means. ipad users are not able to remove security policies themselves and it is expected, though not confirmed, that this is also the case with the PlayBook. The Galaxy Tab showed good support for ActiveSync policies, though it was possible for a user, on a rooted device, to remove ActiveSync policy but retain access to corporate . Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

22 Connectivity The tablets tested offered a range of connectivity options, including Wi-Fi, USB, Bluetooth and Micro SD cards. Context examined each method of connecting to the device to determine whether it was possible to compromise its security through any poorly implemented services or drivers. Apple ipad The ipad tested supported Wi-Fi and Bluetooth, but not 3G. The only network service available over TCP/IP was the iphone-sync service, on TCP/ This service is used internally when the device is synchronising with itunes over USBMUX, and it is also used by icloud to initiate remote operations. No security problems were identified with this service. Bluetooth offered only the services defined in the following table. No security issues were identified in any of these services. Service Name Wireless iap AVRCP Device Audio Source Handsfree Gateway Description Proprietary iphone Accessory Protocol Audio/Video Remote Control Profile A2DP Audio Source Enable Hands-free Use of Audio Services IEEE G connectivity was as expected, with support for all the major wireless encryption and authentication protocols most notably, WPA2 Enterprise was well supported. Context found that when Wi-Fi was enabled, the ipad attempted to connect to any network it had joined previously. This is a significant security concern for open wireless networks. When it is not yet associated to an Access Point, the ipad issues probe requests for previously-connected networks. An attacker could configure his own computer as an Access Point purporting to be the requested network. The ipad would then, without user intervention, connect to the computer of the attacker, who would be in a position to view and modify any network traffic generated by the ipad. It would be possible, for example, for the attacker to supply maliciously-crafted content which exploited known security vulnerabilities in the ipad and allowed the attacker to access the file system. USB connectivity between the ipad and itunes was encrypted with TLS. Samsung Galaxy Tab The version of the Galaxy Tab under test supported Wi-Fi and Bluetooth, but not 3G. There was also a Micro SD card slot. Like the ipad, the Galaxy Tab issued probe requests seeking previously-used wireless networks. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

23 One interesting observation was that when the device is connected to the Kies desktop software via USB, then TCP port 1108 is opened and accessible via wireless. The port s intended purpose is not clear. Additional network services were also opened during synchronisation over-the-air. The details can be found in the section on Backup and Synchronisation. USB traffic was found to be unencrypted, potentially allowing an attacker to intercept or modify communications between the Kies desktop software and the tablet. To exploit this, a remote attacker would need a hardware-based USB sniffer, or would need to have installed USB interception software on the desktop machine, an activity which would require administrative privileges. In a scenario where a corporate or BYOD Galaxy Tab was plugged into an infected home computer, it is conceivable that the malware could trigger a backup of the tablet, and could potentially install malware on the tablet over the USB connection. Bluetooth offered only the services defined in the following table. No security issues were identified in any of these services. Service Name Voice Gateway AVRCP TG Audio Source OBEX Object Push Description Enable Use of Audio Services Audio/Video Remote Control Profile A2DP Audio Source File Transfer and Contact Synchronisation BlackBerry PlayBook The PlayBook supported Wi-Fi and Bluetooth, but not 3G. Using Bluetooth OBEX, it was possible to access shared files from the personal partition, and it was also possible to share the device s Wi-Fi connection, typically sharing Internet access. A password was required to access these services, and it was not possible to bypass this access control. USB communication was found to be encrypted with TLS. Summary The ipad and PlayBook provided the most secure interfacing options. The Galaxy Tab was reasonably good, but exposed a serious security vulnerability during overthe-air synchronisation. Further details of this are provided in the Backup and Synchronisation section. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

24 Damage Limitation In the event of the loss or theft of a tablet, some features can help to locate the device, alert passers-by and let them know how they can return the tablet. In the event of a theft it may be better to simply wipe the contents of the device remotely and write off the value of the hardware. Context examined the implementations of these features for security problems. Apple ipad In the event of the loss or theft of an ipad, Apple provides a number of mechanisms to limit the effects of the loss. The first of these is Data Protection, which was discussed earlier in this section. This can be bypassed fairly easily unless an alphanumeric passcode of reasonable length is set on the device. Apple also provides an online service called Find My ipad, which claims to be able to show on a map the location of a lost or stolen ipad. This assumes that the ipad has the Find My ipad feature enabled and Internet connectivity to the icloud service, but if this is the case it is possible to perform a number of actions to protect the data it carries and hopefully retrieve the device. Firstly, it is possible to display a message on the screen, even if it is locked, and have it play a sound, even if it is in silent mode. The idea is that the message can tell someone who finds it how they can return it. Secondly, it is possible to set a passcode remotely. This will automatically enable Data Protection, and will not require re-encryption of all files on the file system. Instead, just a few class keys will need to be re-encrypted. However, it is only possible to set a four-digit passcode using this service. As a measure of last resort, it is possible to initiate a remote wipe. This is a very quick process once the device has received the request, with the device responding within 10 seconds of the request being sent. Following a remote wipe, the device is restored to a factory-fresh state. These services can only be used if the ipad is registered to Apple s icloud service. Samsung Galaxy Tab The Samsung Dive service is an online service which provides device location and remote control capabilities of a similar nature to those offered by the icloud service. The following features are available through the service, which requires registration with a Samsung account: Find My Mobile My Missing Mobile Tracking Mobile Lock with Message Call Restriction Mobile Wipe Out Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

25 Unlock the Mobile Screen Context found that it was possible to break ActiveSync policy through this service by removing the device password. It was still possible to access Exchange , although the device did not receive, and could not send, new . The remote wipe service allows for selected or all storage areas to be wiped. If the device does not respond to the Samsung Dive service within an hour, the remote wipe request will be dropped, and another request will need to be made. When the tablet receives the remote wipe command, it is a fairly quick process to wipe the storage and return the device to a factory-reset condition. But remote wipe is achieved on unencrypted Micro SD cards by formatting the storage, and the deleted contents could still be recovered afterwards using commonly-available forensic tools. By experimenting with the implementation of these features, Context determined that it would be possible for any app on the device to remove or change the device password, or to wipe the device at will. This vulnerability was found to affect not only the Galaxy Tab but also a number of Samsung Android devices including the Samsung Galaxy Note. On a telephony-enabled device, further actions were possible, such as the redirection of phone calls and the silent forwarding of text messages to arbitrary numbers. The vulnerability could be exploited by creating an arbitrary application that could send broadcast intents such as those listed below: android.intent.action.dsm.dm_factory_reset android.intent.action.dsm.dm_forwarding android.intent.action.dsm.dm_lock_release android.intent.action.dm_lock_my_phone These intents were received and acted upon by the Samsung DSMLawmo application, which is responsible for implementing the remote control functions available via the Samsung Dive service. It should be noted that it is not required for a victim user to have previously signed up for the Samsung Dive service for their device to be vulnerable. Context has notified Samsung of this issue, and the problems have since been reported as having been fixed by Samsung through over-the-air firmware updates. BlackBerry PlayBook Remote wipe is implemented as a feature of BlackBerry Balance. At the time of writing there are no other options to alert users or to display messages on screen. BlackBerry provides an application and online service called BlackBerry Protect, which allows devices to be located on a map, but this is currently only available for BlackBerry smartphones. BlackBerry Balance is administered by a BES server run by corporate IT departments. There seems to be no way for owners of personal devices to remotely wipe their tablets. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

26 Summary Both the ipad and the Galaxy Tab provide similar damage limitation features. But the Galaxy Tab cannot be relied upon to securely erase external storage, and the Samsung Dive service appears to be slower than the icloud service, in extreme cases taking up to 45 minutes to message a device. In addition, the way the service had been implemented on the phone introduced a significant security vulnerability. By contrast, icloud took around 10 seconds to send a remote wipe instruction to the ipad, with the contents of the ipad then securely erased almost instantly. The BlackBerry remote wipe feature is only available for corporate users. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

27 Desktop Software Each tablet vendor provides software for managing their devices, allowing media, contact and document synchronisation with desktop or cloud-based services. All desktop software tested also allows users to make and restore backups of the tablets. This area of research investigated vulnerabilities associated with these pieces of desktop software. Apple ipad The iphone, ipod and ipad brands are almost synonymous with the itunes desktop software, as this has for years been the de-facto method for idevice management. Available for Windows and MAC, itunes is primarily a media management and sharing centre for music and video. itunes adds network media discovery and sharing services to the computers on which it is installed, and although the services can be safely disabled, device management via itunes is not a scalable solution. Before ios 5, it was necessary to connect all new ios devices to itunes in order to activate them, but this has since changed. It is now possible to successfully operate an ios 5 device without ever installing itunes. The iphone Configuration Utility (ICU) is a graphical tool, available for Windows and MAC and used for creating device configuration profiles in the.mobileconfig format described above (see p19). When connected the ipad via USB, the ICU can push the configuration to the device immediately. But it is possible to save the newly-created.mobileconfig profile and securely deploy it via a web server to as many ipads as request it. Apple Configurator is a free, MAC-only configuration tool which is not very scalable and suitable for small deployments. It can configure up to 30 devices at a time, updating them to the latest version of ios and installing apps and ios.mobileconfig configuration profiles. It also permits ongoing device management with use of Supervised Mode, in which supervised devices can be organised into groups, each of which have specific configurations applied. Supervised devices can also have a standardised naming convention applied, and can be prevented from syncing with other computers and itunes. But all management is performed over USB, so requires physical access to the device. Samsung Galaxy Tab Samsung provides the free Kies software for management of Galaxy phones and tablets. In general use, Kies feels incomplete, with frequent crashes and inexplicable pauses. Context discovered a buffer overflow vulnerability within the KiesTrayAgent.exe program that could be exploited remotely. As this is a system tray agent, it runs throughout the time a user is logged into the desktop, not just when the main Kies program is running. This vulnerability was reported to Samsung shortly after discovery. All communication between Kies and the Galaxy Tab occurs in clear text. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

28 BlackBerry PlayBook The PlayBook is accompanied by the BlackBerry Desktop software, which allows synchronisation of media files, OS updates and, of course, data backup and restore. Enterprise integration is provided by the BES5.0 server. All communication between the PlayBook and BlackBerry Desktop or BES is encrypted. Summary The ipad and PlayBook are well supported with robust management software, free of any currently-known security issues. The Galaxy Tab is supported only by Kies, although it is possible to do much of the file synchronisation by using the Tab as a Mass Storage USB device, then using drag and drop to transfer files. Newer firmware versions since Android 4.0 have introduced over-the-air updates, removing the need for Kies to perform software updates. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

29 Backup and Synchronisation Backup and synchronisation is a vital element of a tablet s lifecycle. Each of the devices tested was shipped with the ability to be backed up to a desktop computer, a cloud service, or some other storage medium. Context examined the backup options available in order to discover any security weaknesses which might allow an attacker to illegitimately access private data, or to gain control over the tablet. Apple ipad For ios 5 and 6 devices, the primary backup mechanism recommended by Apple is icloud. This has significant security implications for enterprise, including the need for direct connectivity and the storage of data in potentially untrusted data centres. In August 2012, malicious hackers took over the icloud account of journalist Mat Honan and performed a remote wipe of all the devices associated with that icloud account. The hackers first compromised his Google account and then his Amazon account, and managed to glean enough information to mount a successful social engineering attack against Apple s icloud support. If an attacker obtains credentials for an icloud account, the backups are vulnerable to unauthorised access, modification or deletion. Local backups are performed by itunes. The default setting is for the backups to be unprotected, so they are unencrypted and readable by any person or process with read access to the file system on which the backup is stored. The backup consists of many files in SQLite and Apple properties list (plist) format, together with any media files such as images, video and music. The files are assigned very long, seemingly random names without file extensions, but it is possible to sort through the files programmatically and view the contents of each. It is possible, for example, to read a list of recently-typed words from the ipad s predictive-text keyboard cache, or to read the data directly from any app s database. It is also possible to obtain the password to Apple accounts associated with the device, something which would allow access to icloud backups if they were also in use. Context found that, by restoring an old backup that did not have the security options set, it was possible to remove security profile settings that had been applied by a.mobileconfig file. This method could be used to remove the device passcode, even though the device had to have been unlocked before being connected to itunes to perform the restore. Security profile settings could also be removed by manually altering backups which had been taken after the policy had been set, and the restoring the altered backups. It is possible to set a passcode to be used to encrypt backups. This does not need to be the same passcode that protects the ipad, and indeed they should be set differently. Context found that there were no complexity requirements: it was even possible to set a passcode of 1 (without the quotes). Software is readily available to purchase which will brute-force the passcode used to encrypt itunes backups. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

30 It is possible, using a Mobile Device Management solution, to set a security policy on the device which automatically enforces the use of encrypted backups. Samsung Galaxy Tab The Samsung solution for the Galaxy Tab is to use the Kies software for backups and sync. Full backups and restores can only be performed over USB. There is an option for the user to set a passcode to be used to encrypt the backups, but the default is to save backups without encryption. Backups are not tested for integrity and it was possible to make modifications to the backup which could then be restored. For example, it was possible to modify contact details that were later restored to the device overwriting the existing details. Modifying policy and configuration was more difficult as the data files contained binary and potentially encrypted data. It is not possible to perform over the air backup or restore. It is possible to do some synchronisation tasks over the air (contacts, for example). No actual authentication is required, though user interaction is required to synchronise in that a button needs to be clicked within Kies. Following analysis, Context found it was possible to for anyone with network access to perform certain tasks on the Tablet remotely without any requirement for authentication. The vulnerability was found during analysis of the over-the-air synchronisation sequence, which happens as follows: User selects Kies via Wi-Fi in the device s Wireless and Network menu. This issues a trio of M-SEARCH SSDP discovery requests. Kies desktop software replies with an SSDP response in which the location header specifies a HTTP service that the Kies desktop is offering. The tablet makes a HTTP request to the Kies desktop HTTP Service. During this exchange, the tablet advertises a TCP port that will be opened (for example TCP port 32530). The Kies desktop software sends AT commands to the tablet to TCP port No authentication is required. The behaviour was also confirmed on a Samsung Galaxy Note handset and again, no authentication was required. This vulnerability could be exploited in two ways; By an app on the device that has granted the Internet permission By a network based attacker (only when the tablet is connected to the Kies desktop software via Wi-Fi) An unauthenticated attacker or app could potentially exploit this condition to gain unauthorised read/write access to stored SMS messages, calendar entries, contact list and external storage. Context has been working with Samsung to amend this issue and the problems revealed in the course of our research have since been reported as fixed by Samsung through over-the-air firmware updates. The Galaxy Tab supports mounting as a USB Mass Storage device, permitting access to the internal /mnt/sdcard partition and also the external Micro SD card. This allows for the use of third-party backup tools or manual drag and drop onto another device. Any backups taken by this method will be stored without Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

31 encryption on the target disk unless the backup destination is an encrypted container. Data saved on the /data partition cannot be backed up in this way, and therefore this backup method is really only suitable application data which has not been stored in this location: media files, for example. BlackBerry PlayBook Backups and synchronisation are performed over USB within a TLS tunnel between the PlayBook and BlackBerry Desktop. The default behaviour is for backups to be stored without encryption, although it is possible for the backups to be encrypted by a password. There is no integrity checking on the backups, so it is possible to alter the backup data without immediate detection. But it is not possible to modify device policy by altering the backups. There is no over-the-air backup or synchronisation capability. The PlayBook allowed for personal data to be backed up using a file sharing service which could be accessed over Wi-Fi. No special software was required for this, as the share was presented by the widely-supported CIFS protocol. Summary All of the tablets have the capability of encrypting backups, but the default setting for each is to store the backups in plain text. The ipad s and the PlayBook s backup, restore and synchronisation processes were robust. In contrast, the Galaxy Tab s backup mechanism through Kies was not so reliable. The Galaxy was the only tablet to offer over-the-air synchronisation, although the manner in which the feature was implemented introduced a serious security vulnerability. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

32 ActiveSync Security policy can be pushed onto tablets in order to reduce the security risk created when allowing a mobile device access to corporate resources. Policy can be enforced on a device through a number of means. Typically, companies allow access to corporate resources such as while imposing restrictions and security settings through use of Microsoft ActiveSync or third-party software. ActiveSync offers a number of settings that can be configured through Microsoft Exchange that could potentially be used to increase the security of the tablet. In reality, only a subset of the configuration settings are supported by the various tablets and therefore only limited settings can be applied to the device. Apple ipad Support for ActiveSync was simple to configure, and reasonably well implemented. The credentials for the service are stored in the system keychain, which is protected by strong encryption when Data Protection is enabled using a reasonably strong passphrase. Samsung Galaxy Tab Support for ActiveSync was simple to configure and reasonably well implemented. However, Context found that the ActiveSync credentials were stored without encryption within the accounts table in the /data/system/accounts.db database, and also within the HostAuth table in the /data/data/com.android. /databases/ provider.db database. If these credentials were obtained by an adversary, it is very likely that they could be used with significant impact against the corporate infrastructure. It is possible set SSL transport encryption with ActiveSync, but it is also possible to configure a setting that accepts the use of any SSL certificates, even invalid ones. This would allow an attacker to transparently intercept ActiveSync traffic, and eavesdrop upon s. BlackBerry PlayBook Version 2.0 of the Tablet OS introduced support for ActiveSync, so it is a relatively new feature to the PlayBook. The vast majority of ActiveSync policies supported by Exchange 2010 were supported. This was the only tablet to support application black- and whitelisting via ActiveSync. Summary of ActiveSync Support The following table details which of the ActiveSync Settings were supported by each of the tablets under test. Notes [1] It is possible to prevent download of attachments to the device through the ActiveSync account, but not through the consumer account. [2] During review, it appeared that desktop synchronisation could be prevented over USB, but not Wi-Fi. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

33 Category Item Galaxy Tab ipad PlayBook Password Require Password N/A Yes Yes Password Require Alphanumeric password Yes Yes Yes Password Minimum number of character sets Yes Yes Yes Password Enable password recovery No No No (Select this check box to enable password recovery for the mobile phone. Users can use Outlook Web App to look up their recovery password and unlock their mobile phone) Password Require encryption on device Yes N/A N/A Password Require encryption on storage card Yes N/A N/A Password Allow simple password No Yes Yes Password Number of failed attempts allowed Yes Yes Yes Password Minimum password length Yes Yes Yes Password Time without user input before password must be re-entered (in minutes) No Yes Yes Password Password expiration (days) Yes Yes Yes Password Enforce password history Yes Yes No Sync Settings Allow HTML-formatted Yes No Yes Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

34 Category Item Galaxy Tab ipad PlayBook Sync Settings Allow attachments to be downloaded to device Partial [1] No Yes Device Allow removable storage Yes N/A Yes Device Allow Camera Yes Yes Yes Device Allow Wi-Fi Yes No Yes Device Allow infrared N/A N/A N/A Device Allow internet sharing from device N/A N/A N/A Device Allow remote desktop from device N/A N/A N/A Device Allow desktop synchronisation Partial [2] N/A Yes Device Allow Bluetooth Yes No Yes Device Applications Device Applications Device Applications Device Applications Allow browser Yes Yes Yes Allow consumer mail No No No Allow unsigned applications N/A N/A N/A Allow unsigned installation packages N/A N/A N/A Other Allow applications N/A No Yes Other Blocked applications N/A No Yes Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

35 Device-Specific Security Recommendations None of the devices had perfect security, and potential users of the tablets should consider the merits and risks of each device before authorising its use in a corporate environment. This section describes some mitigating steps users can take to reduce the risks identified with each type of tablet. Apple ipad Ensure that firmware is kept up to date by enabling over-the-air updates. Enforcing an alphanumeric password of eight characters or more will dramatically increase the strength of the disk encryption. Do not use dictionary words or predictable character sequences. Use mixed-case alphanumerics and special characters. Set a strong password on itunes backups if these are going to be used. This cannot be enforced with ActiveSync, although it can be enforced through other mobile device management solutions such as the iphone Configuration Utility. Use different passwords for backup and device passwords. In corporate environments, disable connection to itunes via device policy. Turn off Wi-Fi and Bluetooth when they are not required. Samsung Galaxy Tab Ensure that the device firmware and the Kies software (if used) are kept upto-date. Ensure that USB Debugging is disabled. Disable the "Kies via Wi-Fi" service. Enforcing an alphanumeric password of eight characters or more will dramatically increase the strength of the disk encryption. Do not use dictionary words or predictable character sequences. Use mixed-case alphanumerics and special characters. Enable disk encryption on all available partitions. Ensure that custom-built applications will encrypt any sensitive data and store it in the app s data directory in the /data partition. Set a strong password on Kies backups. This will require user education as it cannot be enforced with ActiveSync. Use different passwords for backup and device passwords. Turn off Wi-Fi and Bluetooth when they are not required. BlackBerry PlayBook Ensure the firmware is kept up to date by enabling over-the-air updates. Use BlackBerry Balance to manage the device if in a corporate setting. Set a strong password on BlackBerry Desktop backups. This may require user education as it cannot be enforced with ActiveSync. Use different passwords for backup and device passwords. Turn off Wi-Fi and Bluetooth when they are not required. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

36 Conclusions From an enterprise security point of view, these three tablets were very different in several important respects. There was a significant difference in security levels between the Galaxy tablet and the ipad and PlayBook, which were much more closely matched for enterprise levels of security. The Galaxy Tab was shown to suffer from some serious security failings that make it difficult to recommend as a tool for enterprise use. As well as the documented security problems, a lack of enterprise-level management tools beyond ActiveSync means it is very difficult to manage more than a small number of these devices effectively. The ipad was shown to offer surprisingly good levels of security for what is predominantly a domestic consumer device, including robust data protection and damage limitation facilities. The ipad was not so impressive in some other respects: jailbreaks are produced regularly and disk encryption can still be broken with no prior knowledge of the passcode if a weak passcode has been set. Fortunately, configuring the device with a password that meets typical corporate security policies does greatly improve the security of the disk encryption. In common with the Galaxy Tab, from a management standpoint, the ipad is quite difficult to manage in any quantities using the available Apple tools. The BlackBerry PlayBook was found to be far more advanced in its level of readiness for the Bring Your Own Device era than either of the other two tablets. The Balance architecture, in combination with the Bridge application, appears to provide excellent logical and data separation between work and personal modes. There were also some surprising findings. The ipad showed that although great thought and complexity had been designed into its disk encryption scheme, the default behaviour for itunes backups was still to store the files in clear text. The same issue also applied to the BlackBerry, which was surprising given RIM s reputation for security. The security limitations of the Samsung tablet, in particular the fact it did not ship with a locked bootloader, and the fact that disk encryption was software-based and disabled by default, suggest that Samsung still has some distance to cover in its security thinking before it can challenge the likes of Apple and RIM. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

37 About Context Context Information Security is an independent security consultancy specialising in both technical security and information assurance services. The company was founded in Its client base has grown steadily over the years, thanks in large part to personal recommendations from existing clients who value us as business partners. We believe our success is based on the value our clients place on our product-agnostic, holistic approach; the way we work closely with them to develop a tailored service; and to the independence, integrity and technical skills of our consultants. The company s client base now includes some of the most prestigious blue chip companies in the world, as well as government organisations. The best security experts need to bring a broad portfolio of skills to the job, so Context has always sought to recruit staff with extensive business experience as well as technical expertise. Our aim is to provide effective and practical solutions, advice and support: when we report back to clients we always communicate our findings and recommendations in plain terms at a business level as well as in the form of an in-depth technical report. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 38

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 Why care about ios Security? 800M 800 million ios devices activated 130 million in last year 98%

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Guidance End User Devices Security Guidance: Apple ios 7

Guidance End User Devices Security Guidance: Apple ios 7 GOV.UK Guidance End User Devices Security Guidance: Apple ios 7 Updated 10 June 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform Can

More information

BlackBerry 10.3 Work and Personal Corporate

BlackBerry 10.3 Work and Personal Corporate GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network

More information

BYOD in the Enterprise

BYOD in the Enterprise BYOD in the Enterprise MDM. The solution to BYOD? Context Information Security whitepapers@contextis.co.uk October 2013 Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) 207 537 7515

More information

ipad in Business Security

ipad in Business Security ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

Deploying iphone and ipad Security Overview

Deploying iphone and ipad Security Overview Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services

More information

Guidance End User Devices Security Guidance: Apple OS X 10.9

Guidance End User Devices Security Guidance: Apple OS X 10.9 GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.9 Published 23 January 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform

More information

End User Devices Security Guidance: Apple OS X 10.10

End User Devices Security Guidance: Apple OS X 10.10 GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.10 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best

More information

iphone in Business Security Overview

iphone in Business Security Overview iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods

More information

Windows Phone 8.1 Mobile Device Management Overview

Windows Phone 8.1 Mobile Device Management Overview Windows Phone 8.1 Mobile Device Management Overview Published April 2014 Executive summary Most organizations are aware that they need to secure corporate data and minimize risks if mobile devices are

More information

Corporate-level device management for BlackBerry, ios and Android

Corporate-level device management for BlackBerry, ios and Android B L A C K B E R R Y E N T E R P R I S E S E R V I C E 1 0 Corporate-level device management for BlackBerry, ios and Android Corporate-level (EMM) delivers comprehensive device management, security and

More information

Mobile First Government

Mobile First Government Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,

More information

End User Devices Security Guidance: Apple ios 8

End User Devices Security Guidance: Apple ios 8 GOV.UK Guidance End User Devices Security Guidance: Apple ios 8 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best satisfy

More information

Mobile Device Management for CFAES

Mobile Device Management for CFAES Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Successful Mobile Deployments Require Robust Security

Successful Mobile Deployments Require Robust Security By: Maribel D. Lopez FIRMS MUST BUILD SECURITY ENABLED MOBILITY Mobility is no longer considered a luxury within enterprise but a critical part of a networking strategy as 9irms look to increase productivity

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

PULSE SECURE FOR GOOGLE ANDROID

PULSE SECURE FOR GOOGLE ANDROID DATASHEET PULSE SECURE FOR GOOGLE ANDROID Product Overview In addition to enabling network and resource access for corporate managed mobile devices, many enterprises are implementing a Bring Your Own Device

More information

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY DATASHEET HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY Gold level EMM for BlackBerry Regulated-level security for BlackBerry 10 devices Ultimate security. BlackBerry 10 devices managed by BES10 with

More information

How To Protect Your Mobile Devices From Security Threats

How To Protect Your Mobile Devices From Security Threats Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has

More information

Enterprise Security with mobilecho

Enterprise Security with mobilecho Enterprise Security with mobilecho Enterprise Security from the Ground Up When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come

More information

Addressing NIST and DOD Requirements for Mobile Device Management

Addressing NIST and DOD Requirements for Mobile Device Management Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW

More information

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring

More information

Chris Boykin VP of Professional Services

Chris Boykin VP of Professional Services 5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition

Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED 1 Background Traditionally, security has not been a high priority for e-learning; as such content was hosted and only accessible at the

More information

Novell Filr. Mobile Client

Novell Filr. Mobile Client Novell Filr Mobile Client 0 Table of Contents Quick Start 3 Supported Mobile Devices 3 Supported Languages 4 File Viewing Support 4 FILES THAT CANNOT BE VIEWED IN THE FILR APP 4 FILES THAT GIVE A WARNING

More information

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT DATASHEET SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT Silver level EMM Enterprise Mobility Management for Corporate-owned and BYOD devices BlackBerry Enterprise Service 10 is a powerful device,

More information

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment Xperia TM in Business Mobile Device Management Read about how Xperia TM devices can be administered in a corporate IT environment Device management clients Xperia TM T3 Exchange ActiveSync The my Xperia

More information

ONE Mail Direct for Mobile Devices

ONE Mail Direct for Mobile Devices ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document

More information

Deploying iphone and ipad Mobile Device Management

Deploying iphone and ipad Mobile Device Management Deploying iphone and ipad Mobile Device Management ios supports Mobile Device Management (MDM), giving businesses the ability to manage scaled deployments of iphone and ipad across their organizations.

More information

Mobile Device Management and Security Glossary

Mobile Device Management and Security Glossary Mobile Device Management and Security Glossary February, 2011 MOBILE OS ActiveSync Exchange ActiveSync (EAS) is a Microsoft technology that allows mobile users to access their Microsoft Exchange mailboxes

More information

Quick Start Guide. Version R9. English

Quick Start Guide. Version R9. English Mobile Device Management Quick Start Guide Version R9 English February 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

Kaspersky Lab Mobile Device Management Deployment Guide

Kaspersky Lab Mobile Device Management Deployment Guide Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile

More information

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

Windows Phone 8 Security Overview

Windows Phone 8 Security Overview Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.

More information

iphone in Business Mobile Device Management

iphone in Business Mobile Device Management 19 iphone in Business Mobile Device Management iphone supports Mobile Device Management, giving businesses the ability to manage scaled deployments of iphone across their organizations. These Mobile Device

More information

Salesforce1 Mobile Security Guide

Salesforce1 Mobile Security Guide Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

Adobe Flash Player and Adobe AIR security

Adobe Flash Player and Adobe AIR security Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,

More information

Sophos Mobile Control Administrator guide. Product version: 3

Sophos Mobile Control Administrator guide. Product version: 3 Sophos Mobile Control Administrator guide Product version: 3 Document date: January 2013 Contents 1 About Sophos Mobile Control...4 2 About the Sophos Mobile Control web console...7 3 Key steps for managing

More information

ipad in Business Mobile Device Management

ipad in Business Mobile Device Management ipad in Business Mobile Device Management ipad supports Mobile Device Management, giving businesses the ability to manage scaled deployments of ipad across their organizations. These Mobile Device Management

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:

More information

Legal notices. Legal notices. For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html.

Legal notices. Legal notices. For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. ADOBE AIR Security Legal notices Legal notices For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. iii Contents Installing and updating desktop applications...........................................................................

More information

MaaS360 Mobile Enterprise Gateway

MaaS360 Mobile Enterprise Gateway MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2013 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice. The software

More information

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices It s common today for law enforcement

More information

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY GOLD EMM SUBSCRIPTIONS Experience the most secure mobility management solution with BES12 and Gold Enterprise Mobility Management (EMM) subscriptions. HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

More information

Sophos Mobile Control SaaS startup guide. Product version: 6

Sophos Mobile Control SaaS startup guide. Product version: 6 Sophos Mobile Control SaaS startup guide Product version: 6 Document date: January 2016 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 What are the key steps?...7 4 Change your password...8

More information

Mobile Device Management Version 8. Last updated: 17-10-14

Mobile Device Management Version 8. Last updated: 17-10-14 Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names

More information

MaaS360 Mobile Enterprise Gateway

MaaS360 Mobile Enterprise Gateway MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2014 Fiberlink, an IBM Company. All rights reserved. Information in this document is subject to change without notice. The software described

More information

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold Android Security Device Management and Security by Stephan Linzner & Benjamin Reimold Introducing Stephan Linzner Benjamin Reimold Consultant, Software Engineer Mobile Developer Founder of Stuttgart GTUG

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

BlackBerry 10.3 Work Space Only

BlackBerry 10.3 Work Space Only GOV.UK Guidance BlackBerry 10.3 Work Space Only Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network architecture

More information

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION Response Code: Offeror should place the appropriate letter designation in the Availability column according

More information

How To Protect Your Business Information From Being Stolen From A Cell Phone Or Tablet Device

How To Protect Your Business Information From Being Stolen From A Cell Phone Or Tablet Device Page 2 of 14 Securing Critical Corporate Data in a Mobile World Page 3 of 14 Table of Contents 1 Mobile is the New Normal... 4 1.1 The Critical Importance of Mobile Security... 4 1.2 Mobile Security Challenges...

More information

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time. SYNCSHIELD FEATURES This document describes the diversity of SyncShield features. Please note that many of the features require a certain platform version, often earlier software versions do not support

More information

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution? MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,

More information

BYPASSING THE ios GATEKEEPER

BYPASSING THE ios GATEKEEPER BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY

More information

Advanced Configuration Steps

Advanced Configuration Steps Advanced Configuration Steps After you have downloaded a trial, you can perform the following from the Setup menu in the MaaS360 portal: Configure additional services Configure device enrollment settings

More information

ManageEngine Desktop Central. Mobile Device Management User Guide

ManageEngine Desktop Central. Mobile Device Management User Guide ManageEngine Desktop Central Mobile Device Management User Guide Contents 1 Mobile Device Management... 2 1.1 Supported Devices... 2 1.2 What Management Operations you can Perform?... 2 2 Setting Up MDM...

More information

Mobile Device Management:

Mobile Device Management: Mobile Device Management: A Risk Discussion for IT Decision Makers Mobile Device Management (MDM) software provides IT organizations with security-relevant capabilities that support the integration of

More information

Policy and Profile Reference Guide

Policy and Profile Reference Guide BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Policy and Profile Reference Guide Published: 2014-06-16 SWD-20140616165002982 Contents 1 About this guide... 10 2 New IT policy

More information

company policies are adhered to and all parties (traders,

company policies are adhered to and all parties (traders, APPLICATION SECURITY OVERVIEW Users have access to additional layers of security that are controlled and determined by the company s ICE administrator. These are designed to ensure company policies are

More information

Feature List for Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance

More information

Junos Pulse for Google Android

Junos Pulse for Google Android Junos Pulse for Google Android User Guide Release 4.0 October 2012 R1 Copyright 2012, Juniper Networks, Inc. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks

More information

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise

More information

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Analysis of advanced issues in mobile security in android operating system

Analysis of advanced issues in mobile security in android operating system Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of

More information

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones

More information

Systems Manager Cloud Based Mobile Device Management

Systems Manager Cloud Based Mobile Device Management Datasheet Systems Manager Systems Manager Cloud Based Mobile Device Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, and monitoring of the

More information

WIND RIVER SECURE ANDROID CAPABILITY

WIND RIVER SECURE ANDROID CAPABILITY WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion

More information

Information Systems. Connecting Smartphones to NTU s Email System

Information Systems. Connecting Smartphones to NTU s Email System Information Systems Connecting Smartphones to NTU s Email System Connecting Smartphones to NTU s Email System Contents Things to be aware of before you start 3 Connecting a Windows Mobile 6 (6.0-6.5) Phone

More information

ipad in Business The Top Considerations

ipad in Business The Top Considerations ipad in Business The Top Considerations iphone and ipad are the best mobile devices in the world and have transformed the way people work with over 98 percent of the Fortune 500 and over 92 percent of

More information

When enterprise mobility strategies are discussed, security is usually one of the first topics

When enterprise mobility strategies are discussed, security is usually one of the first topics Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced

More information

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents

More information

ios Enterprise Deployment Overview

ios Enterprise Deployment Overview ios Enterprise Deployment Overview ios devices such as ipad and iphone can transform your business. They can significantly boost productivity and give your employees the freedom and flexibility to work

More information

Sophos Mobile Control Administrator guide. Product version: 3.6

Sophos Mobile Control Administrator guide. Product version: 3.6 Sophos Mobile Control Administrator guide Product version: 3.6 Document date: November 2013 Contents 1 About Sophos Mobile Control...4 2 About the Sophos Mobile Control web console...7 3 Key steps for

More information

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide BlackBerry Enterprise Service 10 Universal Service Version: 10.2 Administration Guide Published: 2015-02-24 SWD-20150223125016631 Contents 1 Introduction...9 About this guide...10 What is BlackBerry

More information

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious

More information

Securely Yours LLC We secure your information world. www. SecurelyYoursllc.com

Securely Yours LLC We secure your information world. www. SecurelyYoursllc.com We secure your information world www. Mobile Security Features What are the new security features in Android KitKat 4.4 and IOS 7?. IOS Feature 1 Single Sign-on Previously available for multiple apps developed

More information

Enterprise Mobility as a Service

Enterprise Mobility as a Service Service Description: Insert Title Enterprise Mobility as a Service Multi-Service User Management for Mobility 1. Executive Summary... 2 2. Enterprise Mobility as a Service Overview... 3 3. Pricing Structure...

More information

The Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices

The Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices The Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices Essay Authors Ted Shorter, CTO, Certified Security Solutions, Inc. Wayne Harris, PKI Practice Lead, Certified Security

More information

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment peria TM in Business Mobile Device Management Read about how peria TM devices can be administered in a corporate IT environment Device management clients March 2015 Exchange ActiveSync The my peria service

More information

Mobile Iron User Guide

Mobile Iron User Guide 2015 Mobile Iron User Guide Information technology Sparrow Health System 9/1/2015 Contents...0 Introduction...2 Changes to your Mobile Device...2 Self Service Portal...3 Registering your new device...4

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

Windows Phone 8 devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as

Windows Phone 8 devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as GOV.UK Guidance End User Devices Security Guidance: Windows Phone 8 Updated 14 October 2013 Contents 1. Usage Scenario 2. Summary of Platform Security 3. How the Platform Can Best Satisfy the Security

More information

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444 Working Together Managing and Securing Enterprise Mobility WHITE PAPER Larry Klimczyk Digital Defence P: 222.333.4444 Contents Executive Summary... 3 Introduction... 4 Security Requirements... 5 Authentication...

More information

iphone in Business How-To Setup Guide for Users

iphone in Business How-To Setup Guide for Users iphone in Business How-To Setup Guide for Users iphone is ready for business. It supports Microsoft Exchange ActiveSync, as well as standards-based services, delivering email, calendars, and contacts over

More information

BYOD Policy Implementation Guide. February 2016 March 2016

BYOD Policy Implementation Guide. February 2016 March 2016 BYOD Policy Implementation Guide February 2016 March 2016 Table of Contents Step One: Evaluate Devices... 3 Step Two: Refine Network Accessibility... 4 Step Three: Determine Appropriate Management Policies...

More information

SECURING TODAY S MOBILE WORKFORCE

SECURING TODAY S MOBILE WORKFORCE WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table

More information

Kaseya 2. User Guide. Version 1.0

Kaseya 2. User Guide. Version 1.0 Kaseya 2 Mobile Device Management User Guide Version 1.0 March 12, 2012 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations.

More information

Mobile Security Standard

Mobile Security Standard Mobile Security Standard Title Mobile Security Standard Mobile Device Security Category Version: 18/07/2013 PUBLISHED Author:, IT Services Contact: itsecurity@contacts.bham.ac.uk Mobile Security Standard

More information