Encryption of corporate data as a protection mechanism on mobile devices has the same flaws as desktop OS systems. I.E. I can exploit the phone, grab root, and grab your data once it is unencrypted/accessible/unlocked as your viewing/browsing it etc... Obviously such attacks are not really there yet on the mobile platform but they exist on the desktop/server OS's and it all works the same really from a threat perspective.
Encryption in this context, and in desktop/server, only helps with data at rest or in transit. Otherwise it does little to nothing to keep the bad guys from getting your data. I remember one of the first 10 vulnerabilities I discovered was in PGP, just to make a more visual point about how much encryption does not help compared to the perception of it. This obviously does not mean you should not use it, just should not think it is really going to protect your data as it relates to attacks coming across the wire etc... -Marc Signed, Marc Maiffret Founder/CTO eEye Digital Security WEB: http://www.eEye.com BLOG: http://blog.eeye.com TWITTER: http://twitter.com/marcmaiffret -----Original Message----- From: Sam Cayze [mailto:[email protected]] Sent: Tuesday, October 11, 2011 8:44 AM To: NT System Admin Issues Subject: RE: Android Handset Makers - Adding Value or Vulnerabilities? Or just get Good Messaging for Enterprise and not worry too much about the platform and various security threats. (At least with the Corporate side info. Personal data can still be compromised). It runs in an Encrypted Sandbox on most all platforms. http://www.good.com/solutions/mobile-security.php From: Rod Trent [mailto:[email protected]] Sent: Tuesday, October 11, 2011 9:46 AM To: NT System Admin Issues Subject: RE: Android Handset Makers - Adding Value or Vulnerabilities? Windows Phone is still wait and see. -- Sent from Kaiten Mail for Android. Please excuse my brevity. John Hornbuckle <[email protected]> wrote: There's a third viable platform: Windows Phone 7. John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -----Original Message----- From: Bill Humphries [mailto:[email protected]] Sent: Tuesday, October 11, 2011 10:03 AM To: NT System Admin Issues Subject: Re: Android Handset Makers - Adding Value or Vulnerabilities? So, does this mean your smartphone is an iphone? Bill Marc Maiffret wrote: > I thought some of the NTSYSADMIN'ers would enjoy this post as I saw the HTC > vuln. was mentioned the other day here. > > http://blog.eeye.com/vulnerability-management/android_security > > If nothing else fun hack to mess with your HTC/Samsung Android using > co-workers. :-) > > -Marc > > Signed, > Marc Maiffret > Founder/CTO > eEye Digital Security > WEB: http://www.eEye.com > BLOG: http://blog.eeye.com > TWITTER: http://twitter.com/marcmaiffret > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/%3e> ; ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/%3e> ; ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/%3e> ; ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
