This page contains a Flash digital edition of a book.
SPOTLIGHT: COVER FEATURE T


hey’re small, sleek, and swipable – but are they secure?


Over the last two years, the developed world has embraced tablet computers like no other device. Eleven percent of Americans own one, according to data from the Pew Research Center’s Project for Excellence in Journalism (in collaboration with The Economist Group). Within three years, that will rise to more than one in three, predicts research fi rm eMarketer.


Not Your Grandma’s Computer John Dasher, senior director of mobile marketing at McAfee, argues that tablet devices are perhaps the fi rst category of computing product that has been built with security in mind from the ground up. PCs and Macs come from an era when security was an afterthought, and companies have spent the last 20 years compensating for those mistakes.


That may have merit, but tablet security still has a long way to go. There are no standard builds for these devices in the same way that there are for corporate desktop computers. “Every time we purchase a laptop, we fl ash it with this corporate disk image”, Dasher says. “We have a starting point. But we don’t really have that capability with mobile devices.”


Chris Burchett, CTO at mobile protection software fi rm Credant Technologies, says that manufacturers could do more. PCs increasingly take advantage of the Unifi ed Extensible Firmware Interface (UEFI), which provides secure booting capabilities for operating systems. Windows


produces UEFI fi rmware, and customized Android distributions for OEMs.


Getting the Keys to the Castle


Custom corporate implementations of tablet operating systems are becoming a more urgent necessity. One of the measures that protects tablet users the most from being compromised is also paradoxically one of the most crippling when it comes to implementing security measures: the lack of administrative access.


“When you purchase a tablet of any kind, by default, you don’t have administrator rights to that device”, explains Rob Shaughnessy, CTO at WAN optimization fi rm Circadence.


Tablets running Google’s Ice Cream Sandwich have full-disk encryption baked in, wheras Apple’s iOS offers only hardware encryption


Although Apple says that it looks for security vulnerabilities in the apps it approves, nobody knows about the process. No one knows what it checks for


Oliver Ng


8 will use it, which means that tablets based on that platform can have safer booting mechanisms. Support for UEFI isn’t evident among modern tablet platforms. Its inclusion, however, could drastically improve security, Burchett says. “If the manufacturer has shipped the device so that the right management capabilities can plug into it, then I can enforce my policies and I can be much more certain about the security posture of the device”, he explains. However, some companies are working behind the scenes on custom tablet OS implementations designed to connect more closely with


the underlying hardware. In November, Intel Capital invested $10 million into Insyde Software, a Taiwanese company that


Restricting administrative rights stops users from doing dumb things, such as installing apps with unknown provenance. “But it also means that you cannot implement the best types of security software unless they are preloaded, and the manufacturer has a pre-existing relationship with the mobile provider”, Shaughnessy points out. “If you want to use a Motorola Xoom with Cisco AnyConnect, you have to root the tablet, and then modify the kernel.” Shaughnessy runs a fi rewall on his Xoom, having rooted the machine to gain administrative access. Yet, he is not a typical user. It will be up to an IT department to root each new Android device and install the necessary security software. But if users are bringing in their own tablets, will they be willing to give the IT department such powers? At least IT departments have a choice with Android, which is why the US Army chose it to operate its smartphones early in 2011. In doing so, it snubbed Apple’s iOS. Like Android, iOS operates on both smartphones and tablets, but it has a notorious reputation for being locked down. Each time a new version ships, there is a frantic battle between Apple and the jailbreakers, who fi nd new ways to root the operating system.


www.infosecurity-magazine.com /// 19


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60