How Enterprise-Managed iOS Devices Put Data at Risk

In the latest news surrounding data security – or lack thereof — in the enterprise setting, researchers have found a vulnerability in the iOS sandbox for third-party applications.

As reported by CIO.com on Thursday (Aug. 20), the vulnerability that was uncovered by researchers with the mobile security firm Appthority centers on the iOS “sandbox” for apps that are installed on employee devices. Those third-party apps can in turn put what the research firm termed “sensitive configuration settings and credentials” at risk.

The apps themselves that lie behind the stated vulnerabilities are deployed on mobile devices through mobile device management platforms which let administrators “push” apps and data access to the devices. But before that can happen, an MDM account is created and a client application is installed on the device. The analysts at Appthority found that apps pushed to devices this way can expose configuration settings that can show – in a manner readable to hackers – server URLs, usernames and passwords.

Cyberthieves could reach that data by creating a “rogue app” that taps into the managed configurations, perhaps disguising the app as a work-related program, said the research firm, which said it scanned millions of apps, uncovering the key vulnerabilities through MDM clients. Roughly half of the managed settings logged by Appthority had data that including user names, and even access tokens, while a total of 67 percent had info that could be used to identify servers.

“We also found apps used in the health care industry, giving doctors access to patient data and records,” Appthority said of its findings, which might stand as violations of the Health Insurance Portability and Accountability Act (HIPAA).

Health care-related fraud is a hot topic nowadays, with cyberthieves eager to get their hands on patient data.

“There needs to be put in place a more secure environment that protects against these cybercriminals that are playing games with us,” said Philip Andreae, Vice President, North America, at Oberthur Technologies, in a recent interview with MPD CEO Karen Webster. “What’s telling is that the amount of fraud in the card payments industry pales in comparison to fraud in even one small section of the health care industry.”

As noted by CIO.com, Apple patched the vulnerability in the latest iOS that was released earlier this month. But Appthority said that based on its earlier research, as much as 70 percent of devices do not get updated for months after new versions of operating systems are released.

[vc_row full_width=”” parallax=”” parallax_image=””][vc_column width=”1/1″][/vc_column][/vc_row][vc_row full_width=”” parallax=”” parallax_image=””][vc_column width=”1/1″][vc_separator color=”grey” align=”align_center” style=”” border_width=”” el_width=””][vc_single_image image=”148412″ alignment=”center” style=”vc_box_shadow_3d” border_color=”grey” img_link_large=”” img_link_target=”_blank” css_animation=”left-to-right” img_size=”full” link=”http://www.pymnts.com/whats-hot-today/”][vc_column_text css_animation=””]

To check out what else is HOT in the world of payments, click here.

[/vc_column_text][vc_separator color=”grey” align=”align_center” style=”” border_width=”” el_width=””][/vc_column][/vc_row]