Back in February of last year, we issued a blog post on device location reporting, a topic that often comes up among our AirWatch users. Last week, we received the following email from a client working to troubleshoot an issue that arose when trying to configure this popular functionality.
As per your article, I have set up for automatic request to check in for devices. I can see devices last seen but when I got to the location tab it says the device has not reported any location to AirWatch.
In case you run into a similar issue, we wanted to share some additional tips for ensuring that you can track your devices via GPS Location Services as noted in our response to the client:
I am glad to hear that you read the article and applied it to your environment. There are a couple of things that could be causing the disconnect:
- The Privacy settings in All Settings/Devices and Users/General/Privacy must be set properly for your use types (either BYOD or Company Owned).
- The Agent settings for the device OS (Apple or Android) should be set to have the Background Refresh checkbox checked (for example, All Settings/Devices and Users/Apple/Apple iOS/Agent).
- Location Services must be turned on for the device.Â For Apple devices, tap Settings on the home screen and then Privacy/Location Services, making sure that the AirWatch Agent is listed under the “Share My Location” section. Unless you have your devices managed under a DEP profile, you won’t be able to mandate that the user doesn’t turn that off on his/her own.
I hope the above helps. If you have any further issues or any questions regarding details, you may consider creating a support ticket with AirWatch.
Randy Crenshaw, VP â€“ Mobile Technology
Tech Orchard, LLC
Do you have a question about your AirWatch console we can answer? Or, are you interested in learning tips about a specific mobility issue? Email Randy at firstname.lastname@example.org for assistance and you could be featured in an upcoming blog post.
As we move more of our work and personal lives digital and carry all of it in our pockets, the struggle to secure your smartphone can often feel daunting and confusing. If you follow a few simple steps, you can protect yourself from the vast majority of threats that existâ€”both physical and digital.
Here are seven easy ways to secure your smartphone, plus a few special considerations for enterprise IT folks.
- Disk Encryption
In the event that your device is lost or stolen, encrypting your device prevents malicious actors from getting your private information. If you use an iOS device, automatically encrypt your phone by setting up a pin or passcode. If you use an Android device, head into your settings pane and setup full disk encryption. Android links a password or passcode to the encryption scheme, so even if someone were to copy your data, it would be useless.
- Automatic Updates
Apps make it easy to get work done, keep up with friends and play games on the go. Unfortunately, sometimes these apps leak information or expose vulnerabilities. Set your phone to auto-install new app updates to avoid security risks. An added benefit is that oftentimes these updates include speed improvements and new features.
- Up-To-Date Operating System (OS)
Apple and Google constantly make improvements to iOS and Android. Throughout the year, both release new OS versions. Download these updates as soon as available to take advantage of new security improvements, which often reduce the threat surface for attackers and remove known vulnerabilities.
- Screen Lock
Physical security is just as important as good digital hygiene. Since most devices today include biometric capabilities, like TouchID or other fingerprint readers, the pain of constantly entering your device password is gone. Set your screen to lock with the minimum amount of time available on your deviceâ€”oftentimes 30 seconds. This will prevent someone from grabbing your phone and accessing your data if you step away from your device.
Some dubious websites provide guidance on how to root (Android) or jailbreak (iOS) your device. This allows you to customize your device more than the manufacturer intended. While this might seem nice at first, this compromises the entire security model of the phone and exposes you to malicious actors and security vulnerabilities. By rooting or jailbreaking your device, you could give someone complete control and access to your data without even knowing it. Avoid jailbreaking or rooting your device.
- Malicious Profiles
Configuration profiles allow your corporate IT department or school to make it easier to access specific resources, like email on your smartphone. Sometimes, nefarious websites attempt to install a profile without you knowing. Questionable websites claim to offer free access to apps, games, movies or other content to install a configuration profile on your device. These malicious profiles can give full access to your device and web traffic. Avoid installing configuration profiles that do not come from your corporate IT department or school.
- Avoid Insecure Public Wi-Fi
Using public Wi-Fi is a great way to get mobile access to the web and email without using your data plan. Unfortunately, malicious actors can snoop on this traffic from your mobile device. To prevent this, avoid using unknown public Wi-Fi when possible or use a free solution like Opera VPN. Opera VPN and similar apps are available in app stores and encrypt traffic moving from your mobile device. This means no one can snoop.
Special Considerations for Enterprise IT Administrators
If our organization runs a bring-your-own-device (BYOD) program, provides corporate-owned devices to employees or you are responsible for managing these devices within your organization, take note of some ways you can ensure security for your organization and employees:
- Use a product purpose built for managing mobile devices.
VMware AirWatchÂ is a unified endpoint management (UEM) platform that allows your corporate IT department to manage iOS, Windows, Mac, Android and other devices in a single solution. AirWatch provides all of the tools IT needs to create and manage a mobility program:
- Configure policies including app blacklists, Wi-Fi security, TLS enforcement and more.
- Enforce a device-level passcode with complexity and history requirements.
- Revoke access to company apps and data automatically if compliance policies are violated.
- Enable device-level encryption, data encryption and hardware security policies.
- Enforce containerization of business apps and data using native OS controls.
- Monitor for malware threats or jailbroken devices and automatically remediate with a remote lock, device wipe or customizable device quarantine controls.
- Use an identity and access management solution with single-sign on (SSO) capabilities.
Reduce password pain for end users and strengthen your organizations security posture with an integrated identity and access management solution.Â VMware Workspace ONEÂ combines identity and access management with UEM. This powerful combination eliminates the need for complex passwords with single sign-on (SSO), a unified app catalog and endpoint management powered by AirWatch.
This article originally appeared on the AirWatch blog.
As smartphones increasingly become the primary computing device for many users, they also present a greater risk for certain cyber attacks. According to aÂ recent report from ESET, ransomware attacks on Android devices rose more than 50% in the past year.
For those unfamiliar, ransomware is a form of malware wherein an attacker encrypts a user’s data and holds it hostage until they pay a monetary ransom. Ransomware has been an actively growing threat for quite some time, with many new tools emerging to counteract it.
The reason behind the growth in Android ransomware is actually quite simple. As more users rely on their phone as a daily computing device, they are storing more sensitive data there, which can be more easily exploited for ransom, the report stated.
According to the report, techniques such as lockscreen ransomware and crypto-ransomware, typically used in desktop attacks, are being adapted specifically for Android users. “ESET researchers have also seen cybercriminals put increased effort into keeping a low profile by encrypting and burying the malicious payload deeper into the infected apps,” the report also noted.
Android ransomware, and other forms of malware affecting the mobile OS, usually spreads by pretending to be another applicationâ€”such as a trending gameâ€”to get the user to download it, anÂ ESET white paperÂ said. However, researchers also noticed a growing trend of attacks coming through email, using social engineering to try and get users to click a link and download an infected app.
Once a device is infected, the white paper said, the attacker can wipe the user’s device, send a message on their behalf, or perform a host of other malicious actions. Some versions of the ransomware even attempt to convince the user that their device was locked by law enforcement for illegal activity.
Geographically speaking, these attacks are growing among users in the U.S. and Asia, the report said.
Being that ransomware is a form of malware, there are a few ways to deal with it. First off, it’s important to make sure that the device’s settings are properly configured,Â especially those that manage app store downloads. There are also some other steps one can take if the device is infected, includingÂ booting in safe mode to remove the malware.
This latest report follows a host of other bad news for malware in Android devices. In mid-2016, a Kaspersky Lab reportÂ claimed that Android ransomware had quadrupled over the previous year. Additionally, a malware version calledÂ HummingBadÂ was reported to have affected millions of devices.
This article originally appeared on TechRepublic.
The future is no longer on a distant horizon: Mobility has overtaken the desktop as a fundamental part of how business is conducted; cloud adoption is prompting businesses to transform how they roll out applications and services with the promise of a more agile and automated IT infrastructure; IoT is connecting greater numbers of devices; and big data is gathering information on everything from telemetry readings of sensors to how many calories have been burned during an afternoon walk. The security implications among all of these elements are significant.
To address key security issues as they arise, several organizations, including our MTP partner Check Point Software Technologies, have banded together to strengthen and formalize a not-for-profit entity called the Cyber Threat Alliance (CTA). Through cooperative work and intelligence sharing, member organizations hope to enhance their products and, ultimately, their customer service by improving the security posture of those they serve. Check Point provided an in-depth overview of the CTA and why the company looks forward to helping lead the alliance to drive more comprehensive and timelier threat intelligence for all members and remain on the cutting edge of critical security issues. Below is a brief summary of the information. Visit the Check Point blog to view the full post.
What is the CTA?
The Cyber Threat Alliance (CTA) is an intelligence sharing marketplace where leading security vendors have joined together in good faith to equitably shareÂ campaign-basedÂ cyber threat intelligence to improve our products and boost the security posture of our customers.Â The CTAâ€™s GuidingÂ Principles are:
- For theÂ greater good:Â Share intelligence to strengthen critical infrastructure and protect our customers.
- Time is of theÂ essence:Â Prevent and circumvent attacks by sharing timely, actionable intelligence.
- Context is king:Â Prioritize the sharing of contextual, accurate intelligence tied to specific campaigns.
- Radical transparency:Â All intelligence is attributed and policies will always be published and clear.
- No pay to play:Â All members must share intelligence to extract intelligence from the CTA.
The enduring value is CTA members improve their products by gaining verifiable, actionable, near-real time indicators of compromise from theÂ CTAâ€™s intelligence marketplace. This in turn â€“ and the overarching goal â€“ makes customers more secure.
Is the threat intelligence good?
The CTAâ€™s new threat sharing platform is highly sophisticated.Â TheÂ platform analyzes and validates the shared input to ensure excellent and useful intelligence is the produced output.Â All members must remain in â€śgood standingâ€ť to receive threat intelligence from the CTA.Â To maintain good standing, members must submit a minimum-value of cybersecurity information each business day and will be assigned an ongoing â€śvalue ratingâ€ť based on the information shared.Â Further, members must maintain the technical capabilities to share and receive information via the CTA platform.Â The minimum value of threat intelligence that members must share daily consists of:
- Indicators of Compromise such as: Observables like file text; Kill Chain Stage; Context such as malware name
- Contextual information such as campaign or threat actor
All submitted intelligence is evaluated by a value-based algorithm.Â The algorithm assigns points for every vendor submission,Â correlates it with other intelligence for mutual validation and points are added/subtracted based on correlation or contradiction by other members.Â The value of the data submitted by a vendor determines how much data the vendor can receive in return. A governing body oversees and manages the algorithm.Â This body will review and periodically update the algorithm to incentivize sharing and minimize gaming in the marketplace.
As output, participatingÂ members can choose what data they receive in return.Â The key options are:
- Which member submitted the data
- Affiliation with a threat actor
- Date of data submission or detection
- Verification/validation by other members
- Data type such as malware, domain
Clearly the algorithm is central to the platform in ensuring members â€śgive to getâ€ť as well as ensuring theÂ shared output is valuable.Â It is living algorithm which the CTA members oversee and manage for the benefit of all and to drive better security for all of our customers.
For more than a year, the intense debate surrounding data access and control has raged on. After the San Bernardino massacre in December 2015, Apple and the FBI feuded about access to data on the iPhone 5C used by one of the attackers. Several other court cases touched on the subject of digital privacy throughout last year, including one we covered in our blog in December 2016 in which the Florida Court of Appeals bucked the trend of siding on behalf of protecting users by ruling that the government can force an iPhone user to release the passcode to unlock his/her phone. This week, privacy proponents have been dealt another blow.
On Friday, Feb. 4, a U.S. magistrate ruled against Google, ordering the tech giant to cooperate with FBI search warrants demanding access to user emails stored on servers outside of the United States. Given a recent ruling in favor of Microsoft in a similar case, the battle is likely far from over.
U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.
The judge said this was because there was â€śno meaningful interferenceâ€ť with the account holderâ€™s â€śpossessory interestâ€ť in the data sought.
â€śThough the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,â€ť Rueter wrote.
Google and others had been hoping that the Microsoft ruling would create some legal guidance for similar cases, as the laws on the books pertaining to such issues, including the Stored Communications Act of 1986, are outdated and insufficient. As abstract property in the form of data continues to be a bone of contention, intervention by Congress or the Supreme Court may be necessary to help put an end to the data access debate. In fact, Judge Susan L. Carney who presided over the Microsoft case highlighted this in her ruling:
â€śWe recognize at the same time that in many ways the [Stored Communications Act] has been left behind by technology. It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.â€ť
In the meantime, companies are encouraged to take steps to protect the data on company-owned and BYOD devices through enterprise mobility management to help avoid unnecessary conflict that continues to surround this critical issue. Contact our team for help determining the right solution for your organization.
At Tech Orchard, weâ€™ve spoken with clients and written about the importance of taking precautionary security measures to protect mobile devices. For most users, the first step is setting a password to lock their smartphone or tablet. PINs and thumbprints are options available on devices from various manufacturers, while pattern lock is widely used as a mechanism for authentication and authorization on Android devices. Unfortunately for pattern lock users, this security method may be anything but secure.
Researchers from Lancaster University in the United Kingdom presented findings at The Network and Distributed System Security Symposium 2017Â of a study indicating that video and computer vision algorithm software can typically crack a pattern lock in fewer than five attempts. Whatâ€™s worse, it can do so without even seeing the screen itself. Tests of video-based attacks were successful in reconstructing Android lock patterns from video footage filmed using a mobile phone camera 95% of the time, and 97.5% of the time when more complex patterns were used.
Using footage of a user inputting his or her Android pattern lock, computer vision algorithm then analyzed the fingertip movements to infer a pattern. Researchers tested 120 patterns collected from 215 users and found that more complex patterns are even more vulnerable because they limit the number of working possibilities. AÂ Phys.org articleÂ detailing the research indicated that mobile video can produce accurate results from up to 2.5 meters (or just over 8 feet) away, or up to 9 meters (nearly 30 feet) away using SLR footage. Though researchers only discussed these two types of video, the application for security camera footage could indicate the potential for more serious, widespread threats in the future.
The research paper suggests that users consider covering their hands when entering their pattern lock to avoid making their fingertip patterns traceable, or to set the screen brightness to change quickly to throw off any recording.
â€śSince our threat model is common in day-to-day life, this paper calls for the community to revisit the risks of using Android pattern lock to protect sensitive information,â€ť researchers stated.
Ultimately, Android users may want to consider an alternative form of device lock, or implement two-factor authentication to better protect themselves from potential adversaries. Businesses leveraging enterprise mobility may want to keep these recommendations in mind when developing policies and procedures for employees who are using mobile devices as part of their jobs. If you need help identifying ways to keep your organizationâ€™s devices safe regardless of operating system or device type, contact our team for help.