12-16-2013 11:54 AM
One of the problems the BYOD trend poses is jailbreaking -- and then hiding it. "Jailbroken and rooted phones are super dangerous in the enterprise," said Marble Security Chairman and CTO Dave Jevan. "They have no security. They can also have backdoors installed on them, which is why people want to detect and block them from accessing the enterprise network."
Smartphones hacked to run unauthorized programs or unlock features are being targeted by hackers and can pose a threat to enterprise networks, warned Marble Security.
Modifying a smartphone to enable unauthorized behavior -- called "rooting" in the Android world and "jailbreaking" in the iOS realm -- makes the mobile vulnerable to infected jammer software, the firm said.
After jailbreaking or rooting a phone, a user may not be able to use it at work because networks often contain security tools that reject modified phones. To skirt those security measures, a user will install jammer software to hide the fact that a phone is modified.
"A significant percentage of jailbroken and rooted phones have these jammers," Marble Chairman and CTO Dave Jevans told TechNewsWorld.
"We're starting to see them included in rooting and jailbreaking kits," he added.
With organizations increasingly allowing employees to use their own devices to perform corporate chores, jammers can pose a serious threat to an enterprise.
Experience shows us that even just one compromised device eventually can lead to a massive breach, Jevans said.
While jammers aren't a new phenomenon, their use is evolving.
"What we're seeing is more of them and they're getting more sophisticated," Jevans observed. "They're actually directly attacking MDM and other systems."
MDM, or Mobile Device Management systems, have been installed by many organizations with BYOD -- Bring Your Own Device -- programs. Those programs can detect jailbroken or rooted devices and prevent them from coming onto the network.
That protection often can be defeated by a jammer, thus allowing jailbroken or rooted devices full connectivity privileges to a network.