For many years, we have been pulled into this false sense of mobile security. In early September, that sense of security came crashing down when it was revealed that the App Store had been hit with malicious code known as XcodeGhost. It is malicious code inserted into iOS apps using Xcode, which can then steal data from iOS devices. You ask yourself: “How someone could use Apple’s Xcode to insert malicious code into apps?” The XcodeGhost creators repackaged Xcode installers with the malicious code and published the links to the installers on many sites for iOS/OS X developers. At first, we were told it only effected 30 applications without the developers of the apps knowing. But a few days later, it was revealed that this attack had affected over 1,000 apps. Needless to say, it is the largest attack I have seen on the App Store.
[Related Infographic: The Haunting Reality of Mobile Security]
Finding the Right Solution
Immediately, I was contacted by our information security (IS) team wanting to know what AirWatch could do to protect our mobile devices. Ironically, I was attending AirWatch Connect in Atlanta when the XcodeGhost news broke after the Chinese iOS developers discovered the malware, and it was further confirmed by Palo Alto Networks. The malicious code has hit millions of victims, including myself, since one of the apps attacked was the CamScanner. CamScanner has since come out with an update to fix the malicious code. Our security team wanted to know how AirWatch could help protect Intermountain’s mobile fleet from not only malware attacks, but the other attacks that could be out in the wild. I knew that with just AirWatch, there isn’t much that can be done to detect malware, but there are third-party vendors that can protect mobile devices. Partnering with AirWatch and a third-party vendor, our mobile devices can be protected.
At AirWatch Connect, I took advantage of meeting face-to-face with several of the security vendors and got great information. As a matter of fact, one of the vendors demonstrated with my own device how an attack is done and how easy it is for hackers to steal not only personal data, but also company data. I can just imagine how a person who is not tech savvy can be led to this false sense of security and have their data stolen. Since AirWatch Connect, we have had several calls with different security vendors to get a feel for what each vendor can provide.
More than Malware
Along with IS security, one of our priorities in 2016 will be to come up with a solution of how to better protect our mobile devices. For years, we have protected our desktops and laptops basically saying, “No brainer, right?” But with the demand for more and more mobile devices—and as they are increasingly used in areas with the potential to have sensitive data—the priority needs to be better protecting our mobile devices. We have come to realize it is more than just malware protection. There is physical protection, network protection (man-in-the-middle attacks) and application protection.
Our focus in 2016 will be how can we protect data of over 8,200-plus (and counting) mobile devices from getting into the hands of hackers and criminals and pick the right protection for our customers and devices. I am hoping, as a line from a movie once said, that we choose wisely.
Because you liked this blog:
- New AirWatch & Intel Alliance Levels Up Your Mobile Security
- Tis the Season for Malicious Apps
- Transforming Healthcare: VITAS Embraces the Power of Mobile Devices
About Gordon Smith, Intermountain Healthcare, Client Hardware Engineering & Mobile Supervisor
Gordon has been with Intermountain Healthcare going on 28 years and in his current role for five years, Supervisor Client Hardware Engineering & Mobile team. Gordon’s team implemented AirWatch in April 2013 and continue to use all the tools AirWatch provides in managing Intermountain’s mobile devices.