Jailbroken iPhones – a Risk in the Enterprise
Last week’s ruling by the Library of Congress’s Copyright Office giving a legal green light to iPhone and iPad users who want to download non-Apple-approved apps may make corporate security managers nervous if these Apple products are part of their mobile device portfolio – but a smartphone security company has come up with a counter-measure that will at least bring the risk level down to what it was before the ruling.
Mobile Active Defense (M.A.D.) has announced a solution that can detect jailbreaking within one minute and then enforce immediate remediation. With the M.A.D. solution, the iPhone/iPad stays in communication with a Mobile Enterprise Compliance and Security (MECS) server at all times. If any company-defined “out of compliance” or “out of policy” conditions are detected on any of the organization’s iPhones/iPads, an immediate alert is generated.
Several policy-driven remediation responses are available. Administrators can choose to isolate the offending iPhone/iPad from connecting to anything pending further investigation, wipe the entire device with no notification to the user, or simply receive a notification (via email, SMS or a MECS server console popup) so they can choose their response on a case-by-case basis.
M.A.D. Chairman Winn Schwartau notes that there was – and will continue to be – substantial risk with smartphones even when only approved apps are involved. “There is no standardized vetting process about what goes on underneath the hood,” he said in an interview with SecurityWeek. “These companies are only checking to see if the app does what it says it will do. There’s no code review.”
According to M.A.D., adding MECS Servers to any enterprise does not require any changes to existing security or IT infrastructures and can be up and running within one day.