It’s Not Your Father’s Endpoint – What if a Mobile Device is Attacked?
In my first blog, I discussed why mobile devices are the likely choice for savvy attackers since they typically have no endpoint protection. Let’s understand what is on the device and how that can impact an enterprise/organization.
The goal of an attacker that is targeting your organization, is not to get personally identifiable information data to sell on the dark web. Their goal is to get company intellectual property. They will do this by finding a device that they can use that is typically unprotected. Then, gain access to the organization’s internal gooey intranet through this device, the servers that are not typically protected from the inside.
Let’s do an exercise. Unlock your mobile device. What is the first thing you typically do after you unlock it? 1) Look for text messages? 2) Check your email? 3) Browse somewhere on the Internet? 4) Open an app needed for work?
What would happen if an attacker:
- Accessed your device;
- Saw your work or personal emails and all attachments;
- Sent emails as if they were coming from you; and
- Exfiltrated any data it sees on the device such as photos, emails, text messages, etc.,?
Damaging Mobile Device Attacks
That would be pretty damaging to your organization. You could have confidential company plans to expand into new territory or maybe military information. Any app and all the data on that device is available to the attacker once they exploit the device to get elevated privileges and gain a foothold on the device.
Scarier yet, they can access your browsing history! In all seriousness, knowing where you have been browsing is another piece in the puzzle to attacking your organization more deeply, perhaps via other vectors.
Another factor to understand is the attacker’s main goal might just be to get a foothold on your device in order to interrogate the target organization’s internal network when the device connects to the internal WiFi. Not many companies put firewalls in front of their internal WiFi network.
Allowing an attacker to gain access to information on your device opens your organization up to further attacks, brand issues, loss of business and in the case of the military, possible loss of life.
In my next blog, I’ll describe the techniques used to attack mobile devices.