Infographic: Are You a Mobile Security Master?

23 Aug 2018

As mobile devices take on more instrumental roles in the workplace, threats to these vulnerable endpoints can pose serious risks. Yet many critical elements of a mobile security program are easy to overlook. Take this assessment to find out how your mobile security knowledge stands up to the facts.

Accessibility note: The infographic is translated below the graphic.

Are You a Mobile Security Master infographic

Strengthen your approach to mobile security.

See how Insight and Symantec can help reduce your risk of a targeted attack.

Learn more

Infographic text included for screen readers:

Are you a mobile security master?

Take this quick quiz to assess your mobile security knowledge.

  1. Which of the below statements about mobile security is generally true?
    1. iOS devices generally do not require additional security since iOS is a secure architecturing support, tools and resources
    2. Mobile containers are an effective mobile strategy for keeping your corporate information safe
    3. Sensitive data is safe from a mobile breach as long as it is not stored on the device
    4. None of the above
  2. Approximately how many iOS vulnerabilities were publicly disclosed in 2017?
    1. ~50
    2. ~200
    3. ~400
    4. ~600
  3. What is the name of the advanced iOS attack, discovered in August of 2016, that exploited three separate vulnerabilities to remotely jailbreak a device and obtain unlimited access to all activity of that device?
    1. Pegasus
    2. Wirelurker
    3. YiSpecter
    4. Stagefright
  4. If your mobile devices automatically connects to “My Home Wi-Fi” when you are miles away from your home, this is an example of:
    1. Karma attack
    2. Drive-by attack
    3. Evil Twin attack
    4. ARP spoofing
  5. Which of these functionalities are generally NOT offered by Enterprise Mobility Management solutions alone (e.g. Airwatch, MobileIron, Intune, etc.)?
    1. Policy enforcement on the device
    2. Protection from malware, network threats and vulnerability exploits
    3. Mobile content distribution and access control
    4. App containers, including distribution and communication security
  6. Which of the following is not intended to be done with an iOS profile?
    1. Inventory and distribution of enterprise apps
    2. Policy enforcement, such as passcode enforcement and system wipe
    3. Take malicious control of the device and spy on the user
    4. Detect a man-in-the-middle network attack
  7. What percentage of Android devices didn’t receive a single security update in the last reported 12-month period (2016)?
    1. >10%
    2. >25%
    3. >50%
    4. >75%
  8. Which native Android feature, that can see the content of and perform actions on other apps, was successfully used by malicious attackers in the past?
    1. Messaging
    2. Accessibility services
    3. App multitasking
    4. Bluetooth
  9. What is the most common social strategy for hackers to breach mobile devices?
    1. Obtaining physical access to the device – theft
    2. Social engineering exploits – tricking the user to grant access
    3. Posting malware on a public app store – like viral games or utilities
    4. Offering to send money from an African prince
  10. Which statement is generally true about enterprise security and mobile BYOD strategy?
    1. BYOD devices have all the same security requirements as corporate devices
    2. In order secure a BYOD device, the user must sacrifice privacy
    3. Security IT admins can prevent users from uninstalling security software
    4. A mobile device management (MDM) solution must be in place in order to secure BYOD devices

Answers: 1)d 2)c 3)a 4)a 5)b 6)d 7)c 8) b 9)b 10)a

How well did you do?

Are you a Master (8+), an Expert (5-7), an Apprentice (4-6) or a Novice (3 or less)?

Become a Mobile Security Master and take your company’s mobile security to the highest level. Contact us to learn how you can develop an effective enterprise mobile security program at your company.

Explanations to answers:

  1. iOS is just as susceptible to attack and compromise as Android, as demonstrated by growth in OS vulnerabilities discovered every year for both platforms. Mobile containers are a useful security layer but do nothing to protect sensitive information on a compromised device. A risky or compromised device will endanger not only data stored on the device, but any data and services that the device may have access to.
  2. There were 387 iOS vulnerabilities identified in 2017, more than double the 161 discovered in 2016.
  3. Pegasus is an extremely sophisticated spyware exploit that was discovered on the iPhone of a civil rights activist in United Arab Emirates, suspected of being planted there by a government entity. Pegasus is one of the only known exploits to leverage 3 separate iOS vulnerabilities.
  4. A Karma attack takes advantage of the fact that most mobile devices will probe for familiar networks that it has been connected to before. The Karma attack will listen for those probes, then pretend to be one so that the device will connect automatically, often without the user’s knowledge or permission.
  5. EMM solutions are designed to manage the physical device and apply policies around accessing apps, content and corporate systems. They have no ability to observe or protect against risky or threatening activities around the device itself, like analyzing malware, networks and vulnerabilities.
  6. iOS profiles were developed to support the management and control of devices in a business environment, but they can also be used in a malicious attack. However, they cannot detect a network attack.
  7. Google reported* that in 2016 less than half of all active Android devices received any security patches. *Android Security 2016 Year in Review
  8. Accessibility services, designed for users who need assistance interacting with the device, like sight impaired users, has broad access to text and content and also device controls. Tricking a user to activate this service for a malicious app allows attackers to steal a lot of information.
  9. Most malicious exploits utilize social engineering strategies because the attacker needs to enlist the help of the user in order to circumvent native protections. Some exploits will have broad appeal, like offering fast Wi-Fi, while others will be very targeted to a specific person following intense research about them and even their family.
  10. BYOD and corporate devices often have similar access to corporate information and credentials, so should not be viewed differently from a security standpoint. Mobile security solutions, unlike management solutions (i.e. MDM), do not require the same level of control and access into the device itself, so even for BYOD, privacy can be maintained. Users are always able to uninstall software, even if it results in reduced corporate access.

©2018 Symantec — All rights reserved