The IDC stats on mobile threats show that Top6 are user behaviour based, and not tech related. Why does that happened and what can be done? Read on and enjoy some Dilbert along the way!
Device Compliance with Identity Manager – the less obvious implementation details
Everyone likes the idea of Device Compliance checks. It allows us to differentiate between Company-issues, BYOD-enrolled, private and totally foreign devices, assess their security posture and execute access decisions based on this vital data, expanding our Conditional Access options. It is also extremely easy to use, just like that (VIDM Admin Console): Device Compliance can... Continue Reading →
Securing work contacts while keeping caller ID 03: iOS with Boxer
I had a week of customer meetings, each (literally!) asking the same question: "How can I prevent WhatsApp from grabbing the corporate contacts on my device?" In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user... Continue Reading →
Securing work contacts while keeping caller ID 02: Android
I had a week of customer meetings, each (literally!) asking the same question: "How can I prevent WhatsApp from grabbing the corporate contacts on my device?" In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user... Continue Reading →
Securing work contacts while keeping caller ID 01: Android vs iOS
I had a week of customer meetings, each (literally!) asking the same question: "How can I prevent WhatsApp from grabbing the corporate contacts on my device?" This happens more often than you think – the infamous GetContact collected over 3.5B contacts in just a few months, all of which were officially available for sale! With GDRP... Continue Reading →
iOS Trustjacking protection with EMM
Trustjacking is a new "scary" attack on iOSnew "scary" attack on iOS devices, exploiting user's lack of understanding or what's going on. When plugging into an unknown computer or charger user may choose to "trust" it, which allows the remote device quite a degree of access to iPhone/iPad data. Many don't realize that this trust... Continue Reading →
Bypassing Android security via backups (PSK recovery)
In my recent Android trainings and the Android security talk I gave at AppForum 2014 I was asked to provide a sort of a demo that can be easily replicated to explain the importance of maintaining a proper security posture. So I created a script that 'recovers' PSKs from the device and displays them. Before... Continue Reading →