Allows you to connect to a mobile service provider.
The service provider can track the location of your mobile device.
Your traffic on the cellular network may be monitored by the provider.
Provides internet access over a wireless 2.4Ghz or 5GHz frequency.
If a Wi-Fi network is open, is unsafe as anyone is able to connect and capture traffic.
An attacker is able to perform a de-authentication attack on the Wi-Fi network without being connected.
Satellite Communication.
This technology is used in remote location where is not cellular signal.
This technology allows you to transfer data across the network.
The receiver device is open to operating system vulnerabilities and other types of cyber-attacks.
Near field communication.
This allows 2 devices to exchange data within very close range.
Commonly used on payment systems.
Allows you to quickly establish a Bluetooth connection with a Bluetooth device.
An attacker can capture traffic between a sender and receiver devices.
Data is not encrypted during transfer.
This a wireless signal that operates on the 2.4 GHz ISM band.
Designed to be very low-powered to such Internet of Things (IoT) devices.
Commonly used on health and fitness monitors.
Infrared
Found on mobiles devices.
Allows you to transfer data between 2 devices.
Universal Serial Bus (USB)
Uses a cable between the computer and mobile device.
Since it’s a physical connection, it's considered to be more secure than a wireless connection.
Data can be exfiltrate using a smart device.
Companies are supporting Bring-your-Own-Device (BYOD).
Installing an MDM application allows an Administrator to centrally manage the device.
Allows you to configure and apply policies remotely on to the device.
Centralized point of management of all mobile devices.
This is integrated into the Android security model of the operating system.
Denies all actions by default unless allowed by the user.
Handles sandboxing of mobile applications
Functions in 2 modes: Permissive and Enforcing.
When placed in a mobile devices, it secures the mobile device.
Performs network authentication, data encryption, end-to-end communications.
Mobile apps can be installed from any source.
Sometimes a person many download and install a malicious app on their device.
The mobile device management (MDM) can control which apps are authorized.
The MDM also allows remote wipe of the device.
Whitelisting application
Mobile Content Management (MCM)
Secure access data between a remote location and the mobile device.
Support Data Loss Prevention (DLP)
Locate a mobile device using a GPS.
This feature can be disabled.
Can be managed by the MDM for asset tracking.
This feature restrict features on the device to be used within a certain geolocation such as within the office area only.
All device should always be locked when not in use.
Password, passphrase, pattern or pin.
Apps sometimes push notifications onto a device's screen.
Notification may contain sensitive information.
Apps allow notifications to be disabled or hidden.
Used to access a device.
A recovery option is available in the event you are not able to access the device.
The MDM can also reset the password or pin by the IT team.
Uses yourself to authenticate on a device.
Examples of biometrics includes Fingerprint scanner, facial recognition, iris scanner.
Some mobile apps support biometric authentication.
Checks for additional authentication to ensure the mobile device is really within the possession of the right person.
Use multiple factors such as IP address of the device and even GPS location.
Allows you to keep data separated within contains.
Useful when keep personal data and application separate from business/work-related data on the same device.
All data stored on the device is encrypted.
If the device is lost or stolen, the data is safe once it's encrypted.
On Android 10, full device encryption is enabled by default.
Google Play
Apple App Store
Microsoft Store
Not all applications are equally secure.
Sometimes users may download apps from another application store.
The MDM can control which application are allowed on a device.
Gain administrative level access on a device.
On Android it's called rooting.
On Apple iOS it's called jailbreaking.
Allows a person to flash the device with their custom operating system.
Many mobile phones are carrier locked.
Will not work on another carrier network.
The device can be unlocked only if allowed by the carrier.
A manufacturer release Over The Air (OTA) updates to their mobile devices.
Provides updates and security patches to the mobile operating system.
Cameras may be restricted within a corporate network.
Cameras can be used to capture pictures of sensitive documents.
Short Message Service (SMS)
Multimedia Messaging Service (MMS)
Allows a person to send messages and pictures.
Data exfiltration may occur via SMS/MMS.
Allows you to store data on a memory card or a mobile phone.
Data exfiltration can occur.
The OTG cable allows you to connect a USB device to your mobile phone.
OTG support is available on Android devices.
The microphone can be used to record sensitive conversation.
The microphone can be disable via the MDM.
The GPS features allow us to find our way around.
Allows us to track the mobile device.
While taking pictures and videos, GPS tagging may be applied on your picture.
A person can use the geolocation information on the picture to track your whereabouts.
This feature allows 2 or more devices to be connected over a Wi-Fi connection with an AP or wireless router.
One device acts as a Wi-Fi hotspot, while other devices are able to join the network.
Since the security on managed independently on each device, it’s a security vulnerability to maintain such connection.
Tethering allows you to share the Internet on your phone over a Wi-Fi hotspot
When creating a hotspot/tethering, ensure you implement a passphrase to only allow authorized persons to join.
Many apps allows us to perform payment transactions using NFC.
Android Pay.
Allows employees to bring their personal device to work.
Enables the employee to connect the personal device on the corporate network.
Personal devices are not managed by the IT team of the organization and this creates a risk.
The personal device many not have the latest security patches, anti-virus updates, and so on.
The BYOD policies determine what happens when a personal device is connected to the network.
Corporate owned, personally enabled.
This device is purchased by the company and is used for both business and personal uses.
The company has full control over the device and security policies are implemented.
Choose your own device (CYOD) - allows the user to choose the device.
Strictly for business uses only.
Company own and managed the device.
Does not allow personal uses.
Virtual Desktop Infrastructure
A user able to access a virtual workspace.
All data is stored on the virtual workspace and not on the mobile device.