Mobility Resources & Documents

Resources

Parabal's Mobile Security Whitepapers

Mobile Medical Apps

From wristwatch health trackers to insulin pumps communicating with smartphone apps, Mobile Medical Applications are becoming increasingly prominent. But are these apps safe? Can users truly feel protected? Our research says no. In this paper we show the four categories of Mobile Medical apps and their vulnerabilities, along with some of the problems causing these vulnerabilities.

Click here to read more.

Tizen

Tizen is the newest mobile operating system by Samsung and Intel. What is its purpose? How does the architecture differ from other mobile operating systems on the market? How will current app developers be affected?

Click here to read more and find out.

Fake Android Apps

Android devices have a security problem. Android does not limit where or what applications can be downloaded and installed on a device. Most users will download from the official Google Play Store, but other application stores (such as AppBrain), and a wide range of websites where people may make an application to be downloaded exist. Many users believe that the Google Play Store holds applications that are safe and will not harm their device or expose information, but this is far from the truth.

Click here to read more.

HIPAA Compliance and Mobile

Mobile devices like tablets and smartphones are increasingly being used by healthcare professionals in the workplace. Health Care Professionals use mobile devices for patient real-time management of chronic diseases, where the patient collects and transmits information directly to the care provider, rather than making an office visit. For care providers, the uses can include in exam rooms, administrative areas, and in the field. Rural and disconnected users can collect the data to be transmitted to the medical providers once connectivity is established.

As mobile devices proliferate, so do the associated vectors of potential compromise. Added to this are the risks from employee negligence and organizational policies that have not kept pace with ever-changing technology.

Click here to read more.

Blackberry Migration

For a long time Blackberry’s BES was the only option for mobile devices in the enterprise. That is no longer the case. Blackberry has declined in the competitive mobile phone market, losing ground to its iPhone, Android, and Windows competitors. To take advantage of the benefits of BYOD (Bring Your Own Device), companies now need MDMs (Mobile Device Managers) that can manage not only Blackberry devices, but also the prevailing iPhone, Android, and Windows phone devices.

Click here to read more.

SOX, GLBA and Mobile Devices

The mobile computing revolution is in full swing as organizations look to leverage smartphones and tablet computers to gain a competitive advantage by enabling employees to be more productive. However, these devices are inherently mobile and can hold massive amounts of corporate data, making them highly vulnerable to data loss.

Financial companies have to take extra precautions to ensure compliance with Sarbanes-Oxley (SOX), which requires officers of the organization to attest to having proper security controls in place, and the Gramm-Leach-Bliley Act (GLB or GLBA), which requires organizations to protect consumer information stored in the digital realm. Both SOX and GLB extend to the mobile devices employees use to access corporate email and other services.

Click here to read more.

BYOD Policy Writing

While mobile devices bring the benefit of increased productivity, they also introduce a wide range of dangers into the enterprise. Organizations are increasingly finding that they cannot “tech” their way out of many of these dangers, and that using a layered security approach is the only way to mitigate risk. Creating a strong backbone on which security layers rest is the first step. The basis of that backbone is a solid BYOD Mobile Security Policy. While each organization is unique and must create a policy specific to their data, employees, and risk appetite, the following information will get an organization started in the right direction.

Click here to read more.

ARMv8 Processors in Mobile Devices

ARM architecture have been used in a variety of mobile devices, including several in the Samsung Galaxy series, some Motorola smartphone models, and several models of the iPhone. Until recently, the processors built using the ARM architecture have all been 32-bit processors. ARMv8 is the first ARM 64-bit architecture to be developed. The evolution of the ARM architecture to a 64 bit architecture has granted more processing power and new capabilities to mobile devices.

Click here to read more.

Contactless Mobile Payments Presentation

We are seeing increased interest in contact-less payment systems with the integration of Near Field Communication’s technology in commercially available smartphones. Understanding the features, data transmission and vulnerabilities of these new “mobile wallets” will be important in maintaining data integrity.

Click here to read more.

Why iOS & Android UDIDs Are Susceptible to Breach

In a clearly worded acknowledgment, digital publishing firm Blue Toad confirmed that it was the source of Apple UDID leaks reported last week by Reuters. On September 3rd, under their AntiSec operation, the hacker group anonymously released over 1 million Apple Unique Device Identifiers (UDIDs). Blue Toad calls itself “the leading technology provider in the digital publishing industry.” It sells services to publishers that allow them to move content to mobile devices, including converting a magazine PDF into a Flash or HTML file or an iOS app.

Click here to read more.

Mobile Device Management: A Survey

Mobile Device Management is the software suite responsible for monitoring, administering and securing mobile devices such as Cellular Phones, Tablets, and Computers on a corporate environment. Mobile Device Management allows for not only corporate device enrollment, but also BYOD (Bring Your Own Device) enrollment. BYOD enrollment occurs when an employee’™s personal device is enrolled into the corporate environment while also still able to access his personal data from the same mobile device.

Click here to read more.

iOS and Android Security: Mobile Device Plan for Enterprise

PaRaBaL has a six step methodology an enterprise follows to introduce mobile devices into it's environment. 1.) Understanding iOS and Android security. 2.) Implementing a MDM (Mobile Device Management) Solution. 3.) Selecting the correct MDM for your enterprise. 4.) Controlling your Mobile Device Management Solution. 5.) Writing your Mobile Device Security Plan and Document. 6.) End User Training for iPad use in the Enterprise, iPhones for the business user, Android Devices for employees.

Click here to read more.

Preventing Exploits with Security Enhanced Linux

Early thinking on methodology in splitting the operating systems for mobile devices. Bifurcation of iOS or Android operating systems for the iPad, iPhone, Smartphones, or Tablets could allow for better security. Academic paper discusses splitting the Linux Kernel to prevent exploits. Same methodology could be applied to mobile device operating systems.

Click here to read more.

Mobile Awareness Training

Mobile devices provide a plethora of opportunities for sensitive information to be accidentally leaked into the public or into your competitors’ hands. To help mitigate some of these risks, PaRaBaL offers an Enterprise Mobility Training course that lays the foundation for any technical Enterprise Mobility planning.

Click here to read more.

Corporate Mobile Policy Creation

The use of mobile devices for business is growing exponentially and is definitely here to stay. However, few companies actually have mobile policies. In an effort to quickly put policies into place, many organizations simply try to port over their existing policies, which creates an issues since these policies were originally created for desktop/laptop computers. Since mobile devices are “always on”, always mobile, and often owned by the employee, many of these policies do not address issues like who owns the data on the device, upgrade policies, and backup policies.

Click here to read more.

MobileIron System Administrator Training

PaRaBaL's custom MobileIron System Administration training covers the common core skills needed to support enterprise mobile devices throughout the entire MobileIron lifecycle.

Click here to read more.

Risk Paper

Understanding the differences between BYOD and Corporate Owned is crucial when deploying mobile policy. Understanding the risks of both is crucial when deciding which policy to implement

Click here to read more.

Enterprise Mobility Planning

Enterprise Mobility planning and strategy can be daunting for any organization. There are a lot of things to consider and work through. This outline is intended to help an organization start or continue the planning process.

Click here to read more.

BYOD Preparedness

Nearly everyone relies on mobile devices to keep them connected at work and at home. And while it used to be standard procedure for many companies to issue a “work-authorized” device separate from an employee’s personal mobile device, the trend toward Bring Your Own Device (BYOD) is growing

Click here to read more.

Parabal Webinars:

Parabal's Training Videos

While researching, we've also put together a few short how-to videos for people interested in that sort of thing. If you're interested, a few of our videos are listed below. If you want to find a few more videos, you can also check out our youtube channel at https://www.youtube.com/user/PaRaBaLInc. Enjoy!

How to use Intercept-NG and Wireshark to intercept traffic on mobile devices:

OS X Lion Error With Jailbroken iPhone App

Accessing an iOS File-System through SSH.