The upcoming general elections in Israel have exposed the vulnerability of cell phones. “People and organizations are not aware how easy it is to hack cell phones”, said Doron Sivan, CEO of MADSEC Security. He referred to the attempt to hack the mobile phone of Naftali Bennett, chairman of a political party.
“The best example is an application called Black Market, which enables users to freely download applications that originally cost money” explained Sivan. “What the user does not know is that installing the application actually installs a very dangerous malware application, which might even cause the theft of the user’s identity. Another method is to inject a ‘Trojan Horse’ through an SMS message. The SMS that was recently sent to the Israeli politician could lead to a hostile take-over on his cellphone. The recommended solution is to combine users’ training with a Mobile Device Management (MDM) system.”
Sivan said that most organizations do not use a Mobile Device Management (MDM) system. They do not encrypt important information that is stored on the cellphone and use weak passwords in order to connect to the enterprise network through a VPN. These vulnerabilities make it easier for hackers to hack the enterprise network and steal business secrets that might be worth hundreds of thousands of dollars. The recommended solution is to combine two elements: a risk analysis – a survey that will include penetration tests aimed at the company’s servers, including email servers; and implementation of procedures.
According to Matan Azugi, Head of the Cyber Research Team at MADSEC, “there is no doubt that working with smartphones and tablets offers its many advantages. However, not everyone is aware of the fact that these devices are actually computers that aren’t managed according to data security procedures that are required for regular computers. These devices hold valuable information and supply a comparatively convenient access into the internal organizational information systems. To counter these threats, we must combines several elements: conduct risk analysis survey for the organization’s information systems; implement security procedures; help the IT team and the CIP integrate these devices correctly and securely with the confidentiality of the organizational information.”
MADSEC Security is a leading Israeli data security company. The company supplies advanced consulting solutions and its service portfolio includes services such as: applicative penetration tests, infrastructure penetration tests, risk analysis surveys, risks management, accompanying and management of data security projects. The company employs experienced experts who hold various credentials in data security”