SecurityWeek reports on a new and innovative malware that hackers are using against jailbroken iOS mobile devices.
The malicious software, dubbed iOS / AdThief or Spad, modifies various apps' SDK so that whenever an iPad or iPhone user taps on an ad, advertisers send money to the cyber criminals (rather than the app developers).
You have to give credit to the hackers for coming up with yet another way to steal money – this time skimming a little ad revenue.
Ingenuity aside, this hack shows the dangers that mobile devices (especially jailbroken devices) can pose to your client's security. Let's review what IT consultants can do to limit mobile device and BYOD liability.
Why Jailbreaking Phones Makes Mobiles Vulnerable to Breaches
As this latest malware shows, there can be some unintended consequences when users jailbreak their iPads, iPhones, and other mobile devices. Jailbreaking phones removes certain security features and exposes users to more malware attacks.
iOS has built-in security that "sandboxes" apps, meaning one app can't know what another is doing. It's one of the strong points in Apple's iOS security. Unfortunately, jailbroken phones get rid of this feature, which exposes users to malware that can alter other apps and make them insecure.
This malware was sophisticated enough that it could alter 15 different adkits (including Google Mobile Ads SDK) to rewrite their advertisement protocol.
It's smart to remind your clients that any time an employee jailbreaks his phone or downloads pirated apps from outside Apple's App Store or Google Play, they expose their phone to serious risks. And they threaten the entire company's security.
Why BYOD Brings Data Breaches to Small Businesses
Bring-your-own-device (BYOD) workplaces allow users, employees, and clients to log on to a business's network with their personal devices. The risks are obvious. Personal devices can contain malware and compromise a company's security.
In a perfect world, your clients would have the money to supply their employees with work-only devices. But BYOD workplaces have become more common over the last few years as many business owners have taken this approach to save a little money.
Unfortunately, while your clients may save money, that doesn't mean they're saving you from a lawsuit. In fact, cutting corners on IT costs often exposes you to more liability.
As you know, anti-malware software and other security programs aren't perfect. If a client is hacked after malware spreads from an employee's personal laptop to the company's network, you could be sued if the security software you installed didn't catch the malware.
It seems unfair that IT consultants can be sued if their IT infrastructure can't neutralize a malware attack, but that's the way it is. No matter how tight your security is, there will always be the risk of a data breach – and the lawsuit that comes with it. This is one reason many IT consultants get Errors & Omissions Insurance to protect their business from the cost of a lawsuit.
IT Insurance: Keeping Up with Cyber Attacks
This latest news about jailbreaking vulnerabilities won't come as a surprise to IT professionals. The risks of jailbreaking have long been known. It's also not a surprise that hackers have found yet another way to steal money from their victims. That's what they do.
People outside of the IT world often have the mistaken impression that data security is about following a certain set protocol. Unfortunately, it's not that simple. IT security is about limiting risk exposure and having bigger, better, and smarter tools to prevent and neutralize attacks. One tool is IT Insurance.
Given the countless ways your clients can be hacked – spear phishing, malware attacks, SQL injections – you'll want insurance that covers your financial risk. If you're sued for a data breach, you could owe tens of thousands of dollars in damages, if not more. Fortunately, E&O coverage can help pay for your legal expenses, settlement costs, and the monetary damages you owe your clients.
If you need free quotes on business insurance designed for IT professionals, submit an online insurance application with TechInsurance.
