Most enterprise Mobile Device Management (MDM) solutions advertise some degree of security to protect personally owned devices brought into the corporate network. However, these features are usually not the core offering of a solution meant to make mobile fleet management easier. Depending on the implementation parameters, the advertised security of popular MDM solutions may be inadequate, misconfigured or simply ineffective. Given the high number of attack vectors for mobile devices, companies extending sensitive device access to personally owned devices need to ensure the controls they’re paying for work as advertised.
Due to the increasing reliance on mobile technologies—and the lack of adequate enterprise controls—Level Nine created a team that specializes in mobile assessment. We have assessed every popular MDM solution and found critical vulnerabilities in many implementations. Using these vulnerabilities our team demonstrated the ability to steal corporate data, attack MDM administrators, and bypass the jailbreak or root detection often relied upon for total data security. Working closely with the client and MDM providers, Level Nine advised on the anatomy of the attack that defeated the advertised solution security and how the implementation could change to thwart similar attacks in the future.
After engaging Level Nine and remediating outstanding MDM issues, clients find a greater confidence in their BYOD program. With the assurances from Level Nine assessments, enterprises can extend their program to more users, maximizing the cost-saving and productivity benefits of BYOD without embracing unknown risks.
Have a similar project?
More Case Studies
© 2019 Level Nine Group