Page 3 - index
P. 3
It’s Fall Cleanup Time – Rake Up, Bag and Trash Your Cyber Mess
Have you taken an inventory of all the hardware devices you have on your
network? Do you allow Bring Your Own Device (BYOD) such as Apple
iPhones, iPads and others like Samsung, the #2 smartphone hardware
distributor worldwide? Well, if you do, you should inventory all of these
devices and if they don’t belong on your network – rake ‘em up, bag ‘em
and trash ‘em (actually just tell your employees – “keep these weak and
infected devices off my network!”). Just this month, the National Institute of
Standards and Technology is warning of the presence of a Zero-Day flaw
in the Samsung FindMyMobile service.
The US-CERT/NIST is warning of the presence of a zero-day flaw that affects the Samsung
FindMyMobile web service (CVE-2014-8346). The Samsung FindMyMobile implements several features
that allow users to locate the lost device, to play an alert on a remote device or to lock remotely the
mobile phone. “The Remote Controls feature on Samsung mobile devices does not validate the source
of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of
service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.”
states the security advisory issues by the NIST. According to the NIST the Remote Controls feature
implemented by the Samsung FindMyMobile fails to validate the sender of a lock-code data received over
a network, an attacker could cause a denial of service remotely (screen locking with an arbitrary code) by
triggering unexpected Find My Mobile network traffic.
This is just the tip of the iceberg. According to the Gartner Group at least 75% of Mobile Apps can’t even
pass a security check. From Flashlight Apps, to Bible Apps, can you really trust those that your users
installed for free and are made in countries far away, collecting data from your users, locally and shipping
it off over covert channels? Inventory BYOD hardware, software and do a Fall Cleanup. Now is the time,
more than ever, to be very vigilant. When your users say “but I need these 45 other apps…” ask them
“how many do you actually need?” The answer is usually only a ½ dozen. If you can get them down to a
manageable number, then make sure those apps actually add or enhance productivity and don’t connect
to spyware servers somewhere else around the Globe. Stay ever so vigilant!
To our faithful readers, Enjoy
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, [email protected]
3 Cyber Warnings E-Magazine – October 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
