The introduction of personal devices (or Bring Your Own Device) into the workplace brings about issues about control and data protection. BYOD has not only blurred the lines between corporate and personal data but it has also ushered in risks, such as
lost or stolen devices or data breaches via employee-owned devices.
Enter mobile device management (MDM). Mobile device management allows IT administrators to secure and monitor corporate data and apps found in personal devices. And yet, MDM is not without some drawbacks.
Cause for Concern
One of the major concerns for mobile device management remains to be security. A Black Hat conference presentation this year highlighted some of the
possible security risks associated with MDM. Their demonstration revealed that vulnerabilities were present in these security tools. Some of these include “ignoring authentication” and “sending login tokens without encryption.” The researchers even found that it was possible to launch an attack that can mimic a phone’s identity on the attacker’s device.
This isn’t the first time this concern has been raised over MDM. Last year’s Black Hat Europe conference also featured a
presentation about attacks against MDM. This presentation focused on the ways an attacker can extract sensitive information, specifically through the use of “spyphones.”
