Our society runs on technology. We all rely on smart phones, laptops, and iPads and other tablets, all of which are linked to one another via the internet and a multiplicity of software programs. Technology is embedded in our credit cards, cars, and alarm systems. Our vendors are co-located in our work environments virtually and physically.
Increased technological capability brings increased technological vulnerability. Making technology secure is a continuous battle; some cyber threats are stealthy and insidious, popping up before developers have a chance to analyze and neutralize them. Most vulnerabilities however are known but unnecessarily go unaddressed due to a lack of risk assessments and monitoring. To get you started, download this free risk assessment template. You should also familiarize yourself with regulatory requirements such as how to comply with the SEC’s cybersecurity guidelines.
Massive new Android operating system vulnerability found
Zimperium, an Enterprise Mobile Security company, recently discovered a serious new threat – affecting hundreds of millions of phones – with Android’s operating system. This flaw enables a hacker to take control of a victim’s phone with something as simple as a text message. Keep in mind the fact that more than 80% of smartphones are Android phones.
To clarify, the takeover can occur even if the corrupted text is not opened; all it takes is to have the unfortunate phone receive the message, which occurs fractions of a second before the text alert comes through.
Joshua Drake, security researcher at Zimperium, says a successful hacker can essentially do anything, even take over the microphone and camera in order to eavesdrop, according to NPR.
It seems like something only a villain in 24 could pull off, but the risk is real.
At risk not only are personal text messages, emails linked to or viewed with the phone, and any and all data stored on the device, but with today’s connectivity, everything is connected especially business systems, vendor supply chain systems and our customer systems.
Issues exist for a long time before they rear their heads
Andrew Ludwig, Android’s lead security engineer, and his team are just now working to completely eliminate the text-to-hack threat. What are other risks are we exposed to?
Although we can’t know the future, we can and must take precautions to avoid facing our own cybersecurity disasters. Has your company examined what data is on your employee’s personal mobile devices? What access or connectivity do your employees have from their mobile devices? What technologies are embedded in your products and services? What technology does your company depend on and what risks do those technologies bring to your business processes? Have you done an audit on your key vendor’s security systems, which they claimed to have in place during the RFP process?