Do you like football? Beware of APPs!

Do you like football? Beware of APPs!

As football fever sweeps across Europe due to the 2016 UEFA European Championship, the SmartWire Labs Team at Wandera has been analyzing the mobile data traffic patterns across our network of enterprise customers in the European countries that make up this year’s tournament. By investigating the billions of daily data inputs that are scanned by our Secure Mobile Gateway, we’ve made some startling discoveries about data security and mobile phone usage in the lead up to and during the tournament (Research period 25 May to 24 June 2016).

MALICIOUS WEBSITES AND DATA LEAKS

With the tournament in full swing, users are becoming more active on their mobile devices, by exploring new content and being exposed to an increasing number of online ads. As a result of this spike in activity, SmartWire Labs discovered an increase in the number of malicious websites being accessed by smartphones. Worryingly, it seems that the host country has been actively targeted by hackers with 72% of malicious websites and 41% of exposed passwords being detected on smartphones in France.

During our research period, the number of data leaks observed by our research team increased. We predict this number will continue to rise as the tournament goes on as a result of more people travelling across Europe and using unfamiliar apps and websites to access match information. Our research suggests that data leaks will peak in late June towards the end of Euro 2016 before going back to normal levels in late July.

 

UEFA APP FOR FANS IS LEAKING DATA

One of the most startling discoveries by our researchers relates to the ‘UEFA EURO 2016 Fan Guide’ App. It’s one of the official UEFA mobile applications for Euro 2016, designed to provide practical tourist information for fans that are travelling to France for the tournament.

We have discovered that user credentials (including username, password, address and phone number) submitted to the online UEFA store website, are being transferred by both the iOS and Android versions of the app, over an insecure connection. The app itself has over 100,000 downloads on the google play store alone, and a very high rating. The implications of this are huge with potentially thousands of people having their personally identifiable information exposed and possibly stolen.

CONCLUSION

Overall, the increased data usage during the beginning of Euro 2016 will come as no surprise to anyone. The risks associated with this increase in traffic however have huge implications. With more people traveling across Europe, using unfamiliar websites and apps, as well as the shocking discovery that the official UEFA app is leaking data could all lead to serious security breaches with thousands of fans’ data being put at risk.

UEFA’S RESPONSE

Since SmartWire Labs exposed the treat UEFA have acknowledged the problem and fixed the issue. A UEFA spokesperson confirmed:

It is correct that there is an issue with the fan app, concerning a third party component in the myfanzone section, where the contact details of around 4,000 users (name, email and phone number) were not fully protected.

Within a few days UEFA made the following statement:

All security vulnerabilities have been solved. Data exchange between the mobile App and the server are now encrypted.

Download report

Download “Euro_Paper.pdf” Euro_Paper.pdf – Downloaded 354 times – 778 KB

Enterprise Mobile Device Management

Enterprise Mobile Device Management

Security & Application Management for your Mobile

Enterprise Mobility Management (EMM) is the set of people, processes and technology focused on managing mobile devices, wireless networks, and other mobile computing services in a business context. EMM typically includes all of MDM Standard functions, but with the security services and additional tools create a more comprehensive solution.

C.H. Ostfeld sells VMWare AirWatch EMM, world market leader in this kind of solution.
The sale and technical support staff  are certified by VMware AirWatch.

In addition we offer Wandera  solution for the management and security of mobile devices. The solution enables deep integration with  AirWatch.

The solutions provided are:

AirWatch EMM
Wandera

 

VMWare AirWatch

VMWare AirWatch

AirWatch® was founded in 2003 and achieved early success in managing wireless endpoints and rugged devices. In 2006, as smart devices entered the enterprise and employees required access to corporate information, the AirWatch leadership team strategically pivoted the company’s focus to manage any device in an organization’s mobile fleet. Today, AirWatch is the leading enterprise mobility management provider. In 2014, AirWatch was acquired by VMware. With the combined power of AirWatch and VMware, organizations have a complete solution that allows end users to work at the speed of life from any device, anywhere, anytime.

Open/Close all the descriptions
>

VMware AirWatch Enterprise Mobility Management

Scalable enterprise mobility management platform
AirWatch® by VMware® is the global leader in enterprise-grade mobility solutions across every device, every operating system and every mobile deployment. Our scalable enterprise mobility management platform integrates with existing enterprise systems and allows you to manage all devices, regardless of type, platform or ownership,from one central console.

Support multiple operating systems including AndroidTM, Apple® iOS, BlackBerry®, Chrome OS, Mac® OS and Windows® across your organization.

Enable deployments with multiple device ownership models, including corporate, employee-owned, line of business, kiosk and shared.

Container
AirWatch® Container provides complete separation of corporate and personal data on devices, securing corporate resources and maintaining employee privacy. AirWatch enables organizations to standardize enterprise security and data loss prevention strategies across mobile devices through our flexible approach to containerization..

Devices
AirWatch® Mobile Device Management allows you to gain visibility into the devices – including smartphones, tablets and laptops – connecting to your enterprise network, content and resources. Quickly enroll devices in your enterprise environment, update device settings over-the-air, and enforce security policies and compliance across your entire device fleet.

Apps
AirWatch® Mobile Application Management enables you to manage internal, public and purchased apps across devicesenrolled in your organization. Distribute, update, track and recommend apps with AirWatch® Catalog. Build custom business apps with the AirWatch® Software Development Kit or by following AirWatch-sponsored ACE documentation, or wrap existing internal applications for advanced security with AirWatch® App Wrapping

Contents
AirWatch® Mobile Content Management secures document distribution and promotes content collaboration anytime, anywhere with AirWatch® Content Locker. Access your corporate content in a secure container with advanced data loss prevention policies. Promote collaboration with editing, annotation and commenting capabilities for shared files.

Email
AirWatch® Mobile Email Management delivers comprehensive security for your corporate email infrastructure. With AirWatch, you can control which mobile devices access email, prevent data loss, encrypt sensitive data and enforce advanced compliance policies. Containerize email and provide a consistent user experience with AirWatch® Inbox, a secure email client.

Browsing
AirWatch® Browser is a secure browsing alternative to native browsers and provides organizations with the ability to configure customized settings to meet unique business and end-user needs. Define and enforce secure browsing policies for intranet sites without a device-level VPN. Enable secure browsing with whitelists and blacklists or kiosk mode.

Telecom
AirWatch® Telecom Management enables IT to easily monitor data, voice and roaming usage alongside devices from the admin console. With AirWatch, IT has insight into telecom usage to help save time, money and resources. Roaming restrictions, automated compliance enforcement and self-service options for end users simplify telecom management for IT.

Workspace ONE

Extend the AirWatch platform with integrated identity and app management

Extend the AirWatch platform with integrated identity and app management to enable employees with a complete digital workspace.
VMware Workspace ONE combines identity and mobility management to provide frictionless and secure access to all the apps and data employees need to work, wherever, whenever and from whatever device they choose.

Why Workspace ONE?

Identity-defined Self-service App Catalog
Deliver the right apps to the right people. Workspace ONE combines VMware Identity Manager and AirWatch Enterprise Mobility Management to deliver the widest variety of mobile, cloud and Windows apps to any device.

One-touch Single Sign-on
Access to apps is only a touch away. Workspace ONE leverages device trust, PIN/biometric timeout settings and built-in two-factor authentication (2FA) to remove the friction of access security with one-touch convenience.

Self-service On-boarding for BYO
On-boarding new employees couldn’t be easier. The Workspace ONE app authenticates new employees and gives them instant access to a personalized app catalog where they can subscribe to virtually any app from their own smartphone, tablet or laptop.

Contextual Access Management
Protect even the most sensitive information. Workspace ONE offers identity and device-based policies to enforce access decisions based on authentication strength, data sensitivity, user location, device compliance and more.

I Dispositivi mobili e la gestione del traffico dati

I Dispositivi mobili e la gestione del traffico dati

Gestire i dispositivi mobili e’ ormai prassi comune in tutte le realta’ che hanno visto proliferare nelle aziende, in questi ultimi anni, l’utilizzo di smartphone, tablet, etc.
Fino a qualche tempo fa si riteneva anche che IOS fosse una piattaforma molto sicura mentre Android fosse piu’ vulnerabile.
Tutti gli sforzi dei produttori di MDM in particolare AirWatch erano quindi orientati nel rendere piu’ “blindata” la piattaforma Android in modo da utilizzarla con maggior tranquillita’ in azienda. In questo senso AirWatch ha collaborato strettamente con Samsung e con gli altri produttori hardware su piattaforma Android per fornire garanzie di sicurezza alle aziende che adottavano questa piattaforma.
Un aspetto meno in evidenza e’ invece stato quello relativo alla sicurezza e alla gestione del traffico dati.
In questo campo si evidenziano parecchie brecce di sicurezza anche su piattaforme considerate sicure come Apple.
Alla gestione del traffico dati si dedica Wandera una soluzione integrata in AirWatch che affronta proprio il campo del traffico dati, la cui crescita esponenziale pone nuove sfide ai reparti IT, Security e Governance.
Wandera si occupa anche di contenere i costi del traffico affrontando la questione del roaming ma anche della riduzione tramite compressione dei dati stessi in transito.

Scarica il documento

Download “Wandera_Overview_Datasheet.pdf” Wandera_Overview_Datasheet.pdf – Downloaded 416 times – 3 MB