The past few months have seen both Android and iOS fall prey to various security attacks, with more malware attacks and exploits being uncovered on a daily basis.
First, let’s look at the newest zero-day Android vulnerability. This vulnerability leverages the ”use-after-free” memory flaw to wreak havoc on mobile devices. In layperson terms, the use-after-free flaw allows access to memory recently freed (after performing some operation) to execute malicious code.
Though this was patched as early as 2017 in Android Open Source Project (AOSP), it’s yet to be patched in Android. For those who don’t know, AOSP is the actual open source part of Android, upon which each original equipment manufacturer (OEM) like Google build their versions of Android. So, any time an AOSP vulnerability is patched, OEMs have to incorporate this patch into their own versions of Android.
According to a Google Project Zero report by Maddie Stone, these are the list of devices that have been affected:
Pixel 2 running Android 9.0 and 10.0
Xiaomi Redmi 5A
Xiaomi Redmi Note 5
Oreo LG phones
Samsung S7, S8, S9
However, she later clarified in a tweet that most Android pre-fall 2018 devices are also affected.
Now, the iOS exploit, although not as serious as the Android exploit (you need to have the device to run the iOS exploit), still deserves a quick mention. This exploit, named “checkm8,” was discovered a couple weeks ago and affects 11 generations of iPhones from iPhone 4S to the iPhone X. This exploit manipulates the BootROM of the device, a read-only memory space that’s used for booting. Since it’s read-only, there’s no way Apple can patch this vulnerability, making this exploit ”unpatchable.”
This exploit could be used as a part of a larger exploit chain, letting attackers install keyloggers, malware, etc.
So, what’s the solution?
With newer vulnerabilities and exploits being discovered daily, there’s never going to be a single solution that works for every case. However, a mobile device management (MDM) solution can help you establish solid baseline security policies that will be the first layer of security against any attack.
For example, in the case of the Android vulnerability, there’s no solution other than to update the OS to patch the vulnerability. Using an MDM solution, this process can be completely automated, ensuring that the latest OS version is immediately installed on every device without delay.
In addition to this, the primary method through which vulnerabilities are utilized is malicious apps. MDM solutions usually provide an extensive set of capabilities when it comes to apps. Some of the proactive steps that can be taken include:
- Enable Google Play Protect: Google’s own app security suite, Google Play Protect, manages the installation of apps. It checks all apps before they’re downloaded on the device and automatically disables malicious apps until they’re uninstalled by the device user. Using an MDM solution you can configure restrictions to ensure Google Play Protect is enabled by default and cannot be modified by the user.
- Blacklist apps: This is an extension of Google Play Protect, whereby once an app is blacklisted, all the existing installations are automatically uninstalled and newer installations are restricted
- Restrict app installation: There are multiple ways you can restrict app installation. You can choose to restrict app installation from third-party app stores (ones other than Google Play Store) or restrict all app installation across the board. In the latter case, you can whitelist business-approved apps via an MDM solution.
Another solution, especially for personal devices, is to create a corporate container. Containerization logically isolates the corporate and personal data present in the device; this way, enterprises take full control of the former while having zero control of the latter. This not only helps with privacy but also ensures any installation within the container can be completed only by the enterprise while the users maintain full control over the personal space.
- Remove jailbroken/rooted devices: MDM solutions also let you identify if the device has been jailbroken/rooted and instantly removes these devices from the enterprise network; corporate data can also be automatically removed these devices.
To specifically nullify the checkm8 exploit, you can remotely configure a restriction to ensure your iOS devices do not connect to any unauthorized machines via USB.
If you’re looking for an MDM solution that helps you effectively secure both Android and Apple devices, look no further: start your fully functional, 30-day free trial of Mobile Device Manager Plus today.
The post More Android malware and another iOS exploit: How to safeguard your devices? appeared first on ManageEngine Blog.
Powered by WPeMatico