Hackers Only Need One Android To Breach Your Network

The growing trend of BYOD, Bring Your Own Device, means that more and more employees are using their personal smartphones on company networks. The initial concern surrounding BYOD is that sensitive and valuable information will be stored on personal devices and potentially lost or stolen. But, as Sam Narisi points out for IT Manager Daily, there’s another significant threat to consider.

A security researcher for Tripwire recently demonstrated how a single compromised Android device could be used to hack into a company’s IT infrastructure. This is possible through Google apps, which many companies use for cloud computing and email.

Android uses a “single sign-on” feature, which means that users aren’t asked to continuously authenticate their Google account with a password. Instead, the Android device stores a cookie the first time you authenticate your account and remembers that your device and your account are linked.

The problem is similar to forgetting to log-out of your email or social media account on a shared computer. For example, if you’ve ever checked your Facebook page at a computer lab or library and forgotten to sign-out when you left, you probably ended up with some joke statuses on your account. College students know exactly what we’re talking about.

For this Android flaw, when an employees device is lost or stolen, their accounts remain active. Whoever holds that device has access to everything stored in Google apps, including the employee’s email account.

An intelligent hacker, however, doesn’t even need to physically hold the Android to access Google apps. If they are able to infect the device with malware, they could also gain similar access to Google accounts.

The simplest fix for this security flaw is to keep anyone from accessing corporate Google apps with their Android device. Failing that, keep from downloading any extraneous apps, especially outside of the Play Store. That will go a long way in keeping malware off your smartphone.

For more help keeping your smartphone or other device safe and secure, contact Geek Rescue ta 918-369-4335. We offer a variety of security solutions for both home and business.