Following the news that nearly 1 billion phones can be hacked with a single text due to the Android vulnerability – Stagefright – Itsik Mantin, Director of Security Research at Imperva commented on the Stagefright: Google’s Android Megabug.
Itsik Mantin, Director of Security Research at Imperva :
“Many organizations permit employees to use their smartphones to access privileged company information and applications, a phenomenon called BYOD (Bring your own Device). Like in many cases, the convenience of the employee governs the security concerns that come with making the company resources accessible to unmanaged devices. The Stagefright case is an excellent example. Most of the breaches, from smallest to the largest, start with a foot in the door; a junior level employee opening an infected mail, follows a malicious link, or downloading an infected software, and gives the attacker the ticket into the organization network. In organizations allowing BYOD Stagefright gives the attacker exactly that – a potential foot in the door in dozens, hundreds or thousands of employees’ phones, some of them probably system administrators.
This is another nail in the coffin of the traditional approach of securing your network on the perimeter. The attacker will eventually find a way in, in predictable or unpredictable ways.
Once inside, the enterprise most precious data is at risk, regardless of whether this data is in internal databases, in file shares or in cloud applications. The only way to avoid this is to protect the data itself, wherever it is located.”[su_box title=”About Imperva” style=”noise” box_color=”#336588″]Imperva (NYSE: IMPV), is a leading provider of cyber security solutions that protect business-critical data and applications. The company’s SecureSphere, Incapsula and Skyfence product lines enable organizations to discover assets and risks, protect information wherever it lives – in the cloud and on-premises – and comply with regulations. The Imperva Application Defense Center, a research team comprised of some of the world’s leading experts in data and application security, continually enhances Imperva products with up-to-the minute threat intelligence, and publishes reports that provide insight and guidance on the latest threats and how to mitigate them. Imperva is headquartered in Redwood Shores, California.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.