Many who follow Jamf’s blog will know how pivotal a role security and privacy play when using technology. One of the leaders of this discussion arguably is Apple, whose commitment to both is witnessed in its consistent inclusion of security and privacy frameworks that are serve as a tentpole of the platform.
In fact, since its inception on the iPhone by way of TouchID, Apple has included the security and privacy framework into every piece of hardware – mobile and desktop computing alike – ensuring that anyone using a device across its entire product line will find the same level of protection.
Additionally, these frameworks act as blueprints for all developers wishing to design apps and services that run on Apple hardware, detailing exactly what is expected of developers in a concerted effort to maintain parity between the hardware and software that runs on it. Their goal? To ensure that data security and privacy are always at the forefront (and never an afterthought) of any process running within macOS- and iOS-based devices.
The results speak for themselves, with a powerful, yet easy to use platform that does not compromise security at the expense of convenience (as it often the tradeoff when incorporating security) nor does it compromise end-user privacy in an all-consuming aim to lockdown everything (sadly, another common tradeoff that leaves users vulnerable).
While we could go on about endpoint security in general, the focus of this blog is specifically on mobile security and how the growth of this segment has led to mass adoption at a global level. Furthermore, said adoption has fueled incorporating mobile technology into many different industries, from education with 1:1 program for students to supply-chain & logistics where they serve as invaluable tools to get supplies where they need to go fast and to remote/hybrid work environments in every industry, thanks in no small part to its blend of powerful computing and lightweight form factor. The ubiquitous design lends itself to helping users access critical resources at any time, from anywhere.
As we’ve seen historically, there is a tradeoff. In this case, the compromise to efficiently being able to work from anywhere is often mobile security – but as you read further on, we’ll explain why it doesn’t have to be.
What is mobile security?
Simply put it is: the protection of smartphones, tablets and mobile computers (laptops) from security threats. While it is typically defined in scope to specifically call out threats associated with wireless computing, this could be misleading as there are threat types that do not rely on wireless communications to be considered successful attacks, like device theft or exfiltrating data locally to a USB Flash Drive.
Why mobile security is important?
Similar to computer-based security, as more users and organizations come to rely on mobile technologies for communication, collaboration and working while on the go, mobile devices are increasingly being leveraged to contain, process and/or transmit sensitive data. While this bares little difference to desktop computers in usage, the difference for mobile security lies in that mobile devices provide new ways of performing personal and professional tasks, in turn introducing new forms of risk that endpoint security solutions designed for desktop computers may not and usually do not address comprehensively.
For example, given the nature of how iOS is designed, most malware targeting iOS-based devices thus far operate within resident memory once executed. Once an iPad is power cycled, the memory is flushed, and the threat removed until it is triggered once again. However, mobile device users seldom reboot their devices, leading these threats to linger one, causing havoc. Conversely, on macOS-based computers, malware works nearly identical, except that there exist multiple ways by which malware authors can establish persistence, allowing them to retain a foothold within the computer even after being rebooted. Therefore, endpoint security for macOS scans memory as well as the system itself for other Indicators of Compromise (IoC). Once identified, the remediation workflow executes to remove the threat.
Though both slightly differ, in the background there are significant differences in how endpoint security operates between mobile and desktop computing platforms. It is this difference, paired with the explosive growth of mobile security and the fact that, after all, mobile devices do utilize network connections to communicate with apps, resources and services over the Internet, that poses a great risk to securing data and end-user privacy, including acting as a conduit to facilitating larger-scale network-based attacks – as well as future attacks being actively developed – if left unchecked.
What are mobile security threats?
Below is a list of key threats affecting mobile security. By no means is this list exhaustive or future proof but should provide insight into various types of threats so that IT and users alike have a better idea of the vulnerabilities and attack campaigns bad actors are currently leveraging when targeting mobile endpoints.
- Phishing: Social Engineering, or campaigns that leverage SMS, email, phone calls, social media and messaging software that tricks end-users into divulging sensitive information, such as passwords or gets them to click on malicious links to compromise mobile devices.
- Malware: Malicious code or applications that compromise the security and privacy of endpoints and users respectively in order to achieve a particular means, or several of them, depending on the malware type or how they’re combined. Examples are:
- Ransomware: Encrypts private data and prompts the user to pay a ransom for the decryption key or risk losing data forever.
- Spyware: Gathers information on users, such as what websites they visit, logs keystrokes and copies cookies to allow actors to attack their device and hijack their sessions.
- Adware: Delivery of advertisements for products and services to get users to click on them to further compromise a device. Also used to deliver malware to devices.
- Stalkerware: Similar to Spyware, data gathering takes steps to include webcam, photos, recording telephone conversions and logging text conversations to track user’s whereabouts, including leveraging GPS to physically track victims.
- Cryptomining: Tiny program that utilizes hardware resources to mine cryptocurrency for bad actors. Reduces performance and may impact normal device operation.
- Potentially Unwanted Program (PUP): While PUPs do not have to be malware, typically unwanted apps are packages together, residing unbeknownst to the user on their device, possibly leading to greater security risks in the future.
- Trojan: Programs that are masking their true intention, such as malware being repackaged as a legitimate app. Additionally, several trojan apps are legitimate apps that have been cracked (has their internal security broken) to include malicious code. These may be distributed via third-party app stores as free versions of commercially licensed software.
- Loss/Theft: Mobile devices, by nature, are typically removed from offices and/or homes, taken to remote locations to work from alternative locations. This increases the likelihood that mobile devices are lost, misplaced or targeted for theft by criminals, placing the contents of those devices – sensitive data and privacy information – at risk of compromise.
- Man-in-the-Middle (MitM): Also known as “eavesdropping”, this attack is quite common wherever unsecured Wi-Fi hotspots are available. This allows unsuspecting users to connect to unencrypted wireless networks, where attackers may intercept their communications and/or leverage it to gain access to their devices.
- App Permissions: Granting apps permissions to resources is not uncommon nor a big cause for concern generally. However, when apps are granted improper permissions or these apps abuse the permissions granted, this may lead to violations of privacy and/or data exfiltration.
- Patch Management: Updates to apps, the operating system and hardware components are made available by developers to fortify the software and hardware, protecting it against known attacks by mitigating vulnerabilities. Without updates in place, devices and apps may become vectors for attack, compromises and further data breaches.
- Weak/No Passwords: Weak passwords that are easily guessed, not changed from their default or simply not enabled at all represent the “low hanging fruit” for bad actors. Sometimes, the only protection standing between a compromised device and one that has not been compromised is a strong, unique password to keep data safe.
- Encryption: Fitting hand in glove with weak/no passwords and device loss/theft above that, encryption is often considered the last bastion of security when a device is no longer accessible. Whole disk encryption scrambles the internal data using powerful algorithms that are nearly unbreakable (or may take a few thousand years, give or take) when a strong, unique password is enabled, utilizing multiple key spaces for greater complexity.
- Unsecure Connections: Open Wi-Fi hotspots do not offer any security protection – just Internet access. This leaves your devices, data and the network connection being used to communicate all open to threats. It also leaves the resources you’re connecting to on the other end open to attack as well. Securing untrusted connections via VPN encrypts transmissions and connects to endpoints within a secure tunnel to keep free from unauthorized access. Zero Trust Network Access (ZTNA) offers the security of VPN, while also providing device health checks before granting access each time a resource is requested.
- Misconfigurations: Misconfigured devices, those that have keep default configurations in place or have fallen out of compliance are at a greater risk to being compromised by threats than those that have been hardened against common threats by limiting the available attack surface of your mobile device.
What are types of mobile security solutions?
If you haven’t guessed yet, there are a lot of real and potential threats affecting mobile security. And if it continues its rate of growth, it is estimated that approximately 8+ billion mobile devices will exist globally by 2024. While it’s unlikely that every single one of them will be attacked, any attempt to quantify a figure will be pure speculation given the number of variables.
What is known are the mobile security solutions available, how they work and why they’re necessary to protect your mobile fleet and keep your users, devices and data safe and secure.
- Zero Trust Network Access: ZTNA as its referred to, secures network communications similar to VPN, while providing additional safeguards that protect resources, such as apps and services. With built-in device health checking, IT gains granular insight into devices, including patch levels, if devices are compromised or affected by malware and whether they meet organizational requirements, before access to individual resources is approved. Resources is segmented from others for the purposes of maintaining security, this way, if a user’s access has been compromised for particular app, only that app is affected and users may continue to work on other resources without fear of lateral movement compromising other resources. Devices failing health checks are denied access, then placed into remediation where the issues are mitigated before access can once again be granted.
- Mobile Endpoint Protection: Preventing malware is just one part of the mobile security equation. Mitigating threats from phishing, by identifying and blocking domains that leverage malicious URLs in their campaigns and zero-day attacks is a significant step forward in protecting your mobile fleet. Further security from network-based attacks, such as MitM, as well as compliance checking that allows organizations to align requirements to Acceptable User Policies (AUPs) to minimize misconfiguration of settings through policy-based management further strengthens your device’s security posture and that of your infrastructure – regardless of whether it is local, cloud-based, public and/or private – or a combination thereof.
- Website Content Filtering: Implementing intelligent content filtering of malicious websites to not only minimize the threat from phishing websites, but additionally the reduction in legal exposure from inappropriate use and/or illicit websites while leveraging network-aware security controls that safeguard cellular, wired, roaming and Wi-Fi connections provide an additional layer of protection. Seamless scaling across multiple management models, such as BYOD/CYOD/COPE, for enforcing AUPs on company-owned and personally owned devices alike ensure that organizational resources are protected equally as is end-user privacy – not at the cost of one another.
- Patch Management: No device management would be complete without discussing the apps and devices through their lifecycle. Ensuring that both are sourced and updated, that critical configurations are set properly and consistently across all device types. All while providing a centralized management platform that allows end-users the flexibility to do their work from anywhere, at any time without placing limits on their efficacy – and simultaneously permitting IT and Security teams to quickly respond to any number of issues in real-time. And let’s not forget the capability of supporting the very latest security features, new functionality and software updates from day one.
How to secure mobile devices with Jamf?
Jamf provides Apple-focused solutions that deliver on its promise to help your organization succeed with Apple. And Jamf’s mobile security solutions offer industry-leading capabilities and security features that ensure your organization’s mobile fleet is protected and critical data safeguarded, permitting your employees to focus on being productive without impacting the much-vaunted Apple user experience.
- Jamf Pro: Designed to automate device management, while simultaneously driving end-user productivity, our management tool empowers IT and the users they support by providing powerful, yet easy to use tools that deliver maximum performance in the device and application lifecycle management. Additional support for standardizing device configuration, including patch management capabilities to keep your Apple mobile devices secured without user interaction.
- Jamf Threat Defense*: Advanced threat protection + minimal impact on the end-user experience = a complete endpoint security solution that protects your mobile devices through threat detection, malware and zero-day phishing prevention. Including network-based protection and advanced machine learning engine, named MI:RIAM to provide real-time insights in risks, while mitigating them through policy-based tasks for automated mobile threat protection and remediation.
- Jamf Data Policy*: Move beyond the basics of device management with the ability to customize and control how mobile devices are used in your environment with advanced controls that work to block risky websites with content filtering. Also, leverage security controls to enforce AUPs and eliminate shadow IT, all while providing a flexible platform for managing any modern device – over any network connection – on any device ownership model, like BYOD or COPE, including granular insight into device usage and data pool cap management.
- Jamf Private Access*: The power to access work resources on any device, from anywhere and at any time means users can securely connect to the apps and data they need, when they need it. The key term being “secure”, with next-generation remote connectivity powered by ZTNA to ensure user devices are compliant and accessing exactly what they need to in order to remain productive – nothing more, nothing less. Cloud-based and integrated with IdP, SSO enables users to spend more time getting work done and less time jumping between resources and managing multiple accounts while risk-aware policies determine if device health checks meet organizational requirements before access is granted to users and/or compromised devices.
- Jamf Threat Labs: Comprised of experienced threat researchers, cybersecurity experts and data scientists, the job of the Jamf Threat Labs team is to continuously hunt for vulnerabilities, threats and data exposures – leveraging MI:RIAM, our machine intelligence engine, alongside their findings, to build up the security capabilities of Jamf solutions.
*As of February 2023, Jamf Data Policy and Jamf Threat Defense capabilities are included with Jamf Protect. Jamf Private Access capabilities are included with Jamf Connect.
Don’t just take our word for it, put our solutions to the test!
Contact Jamf, or your preferred reseller to test Jamf’s solutions and start defending against threats, protecting your organization with comprehensive mobile security today.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.