BITGLASS REPORT HOW MDM SOFTWARE EXPOSES YOUR PERSONAL DATA_



Similar documents
Mobile Device Management Solution Hexnode MDM

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Managing Mobile Devices in a Corporation

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

Cloud Services MDM. ios User Guide

Enabling a Mobile Enterprise. Mark Holobach Senior Systems Engineer Citrix Mobility

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

IBM Cognos Mobile Overview

MDM User Guide June 2012

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Mobile Iron User Guide

AT&T Toggle. 4/23/2014 Page i

Security and Privacy Considerations for BYOD

MaaS360 Mobile Enterprise Gateway

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Systems Manager Cloud Based Mobile Device Management

MaaS360 Mobile Enterprise Gateway

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

How to Use Windows Firewall With User Account Control (UAC)

Server Installation ZENworks Mobile Management 2.7.x August 2013

When enterprise mobility strategies are discussed, security is usually one of the first topics

Xopero Backup Build your private cloud backup environment. Getting started

Junos Pulse for Google Android

Hubcase for Salesforce Installation and Configuration Guide

CHECK POINT THE MYTHS OF MOBILE SECURITY

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Server Software Installation Guide

Norton Mobile Privacy Notice

Configuration Guide BES12. Version 12.2

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

ios Enterprise Deployment Overview

Mobile Device Management Version 8. Last updated:

E Mail Encryption End User Guide

GadgetTrak Mobile Security Android & BlackBerry Installation & Operation Manual

Preparing for GO!Enterprise MDM On-Demand Service

Privacy Policy Version 1.0, 1 st of May 2016

Copyright 2013, 3CX Ltd.

BYOD Guidance: BlackBerry Secure Work Space

Ben Hall Technical Pre-Sales Manager

How To Use An Android Phone With A Microsoft Powerbook 2.5 (Ios) And A Microsatellite (Xen Mobile) Device (For A Free Download) For A Business

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Bell Mobile Device Management (MDM)

Configuration Guide BES12. Version 12.1

What We Do: Simplify Enterprise Mobility

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

Samsung SDS. Enterprise Mobility Management

Quick Start and Trial Guide (Mail) Version 3 For ios Devices

End User Devices Security Guidance: Apple ios 8

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

Chris Boykin VP of Professional Services

Plesk 11 Manual. Fasthosts Customer Support

Intermedia Cloud Softphone. User Guide

MDM and beyond: Rethinking mobile security in a BYOD world

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

Mobile Device Management Version 8. Last updated:

How To Manage A Mobile Device Management (Mdm) Solution

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices

Mobile Device Management AirWatch Enrolment ios Devices (ipad, iphone, ipod) Documentation - End User

Copyright 2013, 3CX Ltd.

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Note: Support: Never use your TruMobi application for personal use.

Introduction to the Mobile Access Gateway

Choosing an MDM Platform

U.S. Cellular Mobile Data Security. User Guide Version 00.01

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

BUILT FOR YOU. Contents. Cloudmore Exchange

Administering Jive Mobile Apps

Sophos Mobile Control SaaS startup guide. Product version: 6

Executive s Guide to Cloud Access Security Brokers

Deploying iphone and ipad Security Overview

GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010

Mobile device and application management. Speaker Name Date

Exchange 2010 ActiveSync: Connection

How To Choose A Network Firewall

Securing Corporate on Personal Mobile Devices

Health Science Center AirWatch Installation and Enrollment Instructions For Apple ios 8 Devices

Sophos Mobile Control

Cloud Services MDM. Overview & Setup Admin Guide

Internet Address: cloud.ndcl.org

Deploying iphone and ipad Mobile Device Management

Introduction to Google Apps for Business Integration

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

ETHICAL ELECTRIC PRIVACY POLICY. Last Revised: December 15, 2015

Neat Cloud Service + Mobile App

Mobile Security and Management Opportunities for Telcos and Service Providers

Administration Guide Novell Filr May 2014

Secure Client User Guide Receiving Secure from Mercantile Bank

Feature List for Kaspersky Security for Mobile

NQ Mobile Security Frequently Asked Questions (FAQs) for Android

Transcription:

BITGLASS REPORT HOW MDM SOFTWARE EXPOSES YOUR PERSONAL DATA_

BACKGROUND_ Mobile Device Management (MDM) is a widely used technology that enables organizations to control every aspect of a mobile device, from permitted apps to outbound communications. To understand the extent to which MDM can monitor and control BYO devices, the Bitglass research team installed MDM software on several employees personal mobile devices with their permission. The outcome? Our team was able to track everything and learn about employees interests, activities, relationships, and more, at the click of a button. THE EXPERIMENT_ In a weeklong experiment, we tracked the personal devices of several willing employee volunteers to understand how mobile device management could be misused. We pushed MDM profiles, agents, and certificates to user devices, a common practice in organizations that choose to enable VPN or a global proxy to route data through the corporate network. While most employees expected that VPN traffic would be monitored, SSL-based transactions were thought to be secure and beyond the reach of MDM monitoring. With a global proxy and trusted certificate, however, SSL encryption can be broken, allowing the MDM to monitor all activity in the browser and in third-party apps. What s worse, there is very little difference in the installation process that would warn employees that this is happening. 2016 BITGLASS, INC. Page 2

WS N HISTORY_ With MDM, by routing all traffic through a global proxy, our team was able to monitor all activity conducted on employees managed mobile devices. We captured employee browsing activity, including sensitive healthcare ueries and ma on product searches, but that was among the least sensitive in ormation collected. PRIVATE COMMUNICATIONS ND S L NS EXPOSED_ he trusted certificate, pushed to the device via MDM, allowed all SSL sessions to be decrypted by a proxy so that we could see the contents o employees personal email inboxes, social networking accounts, and even banking in ormation. Notably, the usernames and passwords used to log into these sensitive accounts, including personal banking accounts, were transmitted to our proxy server in plain text. ur ability to monitor outbound and inbound communications using MDM was not limited to the browser. hird party apps were also susceptible to the same packet sniffing. ven on i S, where some believe app sandboxing limits employer visibility into user behavior, we were able to intercept personal communications sent through widely used apps including mail and Messenger. L SS, N. Page 3

INSTALLED APPS REVEAL PERSONAL INFO_ MDM tracks which third-party apps are installed on user devices, information that reveals more than employees may realize. Our team was able to see employees sports team allegiances, banks of choice, dating applications, and more. We were also able to glean insight into employee hobbies - from gardening to gaming. REAL-TIME LOCATION DATA_ While aware that admins could use GPS to track device location, few considered the extent to which this data could be used to monitor their behavior. We found that MDM can force GPS to remain active in the background without notifying the user, draining battery power in the process. Our research team demonstrated that this level of visibility has the potential to be far more invasive than tracking a lost or stolen phone. The software we tested was able to pinpoint the locations of managed devices on a map all at once and revealed user habits - where employees went after work, where they traveled on weekends, how frequently they visited their local supermarket, and more. REMOTE MONITORING AND CONTROL_ PCs have long been susceptible to remote monitoring and control. Mobile phones, in contrast, are built to protect users against malware and remote access and restrict the ability to control the microphone and camera for privacy reasons. We discovered that some MDM solutions on certain platforms could be used to remotely view and control employees managed mobile devices. While intended for troubleshooting, admins could easily abuse such a feature, exerting complete control over a device without the user s knowledge. 2016 BITGLASS, INC. Page 4

NO BACKUPS? NO RECOURSE_ Remote wipe capabilities were of concern to many employees, several of whom stored personal contacts, notes, and other data on their personal-turned-managed device. The possibility that their sensitive personal data could be wiped without recourse was alarming. With MDM, our team was able to restrict backups, making a restore from icloud or similar service impossible. MDM USER EXPERIENCE IS POOR_ 57% REFUSE TO JOIN BYOD Employees don t like MDM, and it shows in the user adoption numbers. 57 percent of employees refuse to participate in BYOD programs according to our latest survey, due to privacy concerns and poor usability. REMOTE WIPE CONFIRMED The poor user experience is even more apparent when looking at user feedback on the App Store and Google Play store. AirWatch by VMWare, one of the most popular MDM products, makes apps all of which are rated between 1 and 2.5 stars. MobileIron s MDM apps hold ratings between 1.5 and 3 stars. These low ratings are oftentimes due to their lack o critical unctionality such as push notifications or email. 2016 BITGLASS, INC. Page 5

MOBILE SECURITY_ 67 percent of employees would participate in a BYOD program if employers couldn t view or alter personal data and applications according to Bitglass most recent BYOD report. Without a security solution that respects user privacy, employees will simply work around IT. To protect data on unmanaged devices, organizations are now adopting agentless, data-centric solutions that provide employees the exibility to access corporate data rom any device, anywhere, without the privacy implications of MDM. Gartner predicts that by, more than hal o all bring your own device users that currently have an MDM agent will be managed by an agentless solution. ABOUT BITGLASS_ n a cloud first, mobile first environment, enabling secure D is critical. While demand for BYOD continues to rise, adoption of MDM has stagnated due to privacy concerns, underscoring the need for an agentless, data-centric solution. itglass is the first and only agentless mobile security solution, capable o protecting corporate data across any device, anywhere, without installing agents or profiles. ounded in by industry veterans with a proven track record of innovation, itglass is based in Silicon Valley and backed by venture capital rom N, Norwest and Singtel nnov. MDM or more in ormation, visit www.bitglass.com Phone: 0 mail: info@bitglass.com 2016 BITGLASS, INC. Page 6