Security experts have identified a major kernel vulnerability which affects Samsung devices that use Exynos processors. The flaw can be exploited to root the device and cause some serious damage.
According to experts, this incident once again highlights the risks posed by the Bring Your Own Device (BYOD) trend.
Nick Cavalancia, vice president of SpectorSoft – an employee activity monitoring software provider – explains that the security holes that plague popular devices expose the valuable information stored on them by their owners. The risks are even greater when corporate data is involved.
“Almost daily now, we are reading about newly discovered vulnerabilities on popular BYOD mobile phones that are used by millions of employees to access sensitive and regulated corporate information. These vulnerabilities are opening doors to information that cybercriminals are walking right through,” Cavalancia told Softpedia.
“The bottom line is that at this point in time, BYOD, security and compliance can’t coexist. There will be no measurable degree of security within organizations that allow BYOD until Android, iOS and other mobile operating systems that rely on high-degrees of openness to function are able to harden their security capabilities.”
Organizations need to be aware of the risks and they should follow some basic guidelines in order to maintain effective security and compliance over corporate data accessed by mobile devices.
More precisely, they should only allow their employees to utilize mobile devices that can be centrally managed and controlled by the company’s internal security teams.
Furthermore, staffers should be able to access corporate data via mobile devices only if the gadgets can be configured to block consumer application downloads, and if they can be remotely secured and wiped.
Businesses should only rely on mobile technology whose compliance and security capabilities have been demonstrated in high-risk environments.
Last, but certainly not least, companies should develop a compliance and security policy for the use of personal mobile devices, and they should properly train the employees who would utilize them to access corporate data.