Minimizing Risk Between a Zero-Day Attack and the OS Patch
When University of Toronto’s Citizen Lab announced the discovery of a new “zero-click, zero-day" cyberattack against Apple® devices in September, it unleashed a familiar routine.
First, headlines around the world warned of the exploit, which is being used to install Pegasus spyware onto Apple devices. Next, Apple issued emergency patches for Macs, iPads, iPhones, and Apple Watches to close the vulnerability Citizen Lab discovered — as well as a second vulnerability uncovered by Apple. And then a third. Now, organizations around the world are waiting for their executives and employees to update devices to limit the security gaps.
Sound familiar? Even in the best-case scenarios, with rapid and efficient response for internal and external teams, there is a period of time when devices are vulnerable.
Depending on OS Vendors for Security
This time it was Apple; next time it might be Android™. These are widely deployed mobile operating systems, and zero-day vulnerabilities are to be expected, which means depending solely on mobile OS vendors for security can leave significant and highly exploitable gaps. Consider the recent number of common vulnerabilities and exposures (CVEs) for mobile OSes during 2022, according to VulnDB:
- iOS: 271 CVEs, where 68 were found to be exploited
- Android: 1,022 CVEs, where 49 were found to be exploited
How long did each of these vulnerabilities remain unpatched on mobile devices connected to your network?
Despite these numbers and the uncertainty they create within your environment, the mobile security picture is far from hopeless — if you know how to fill the gaps. For example, BlackBerry® UEM customers know that their corporate data is secured with patented elliptic curve cryptography, even in BYOD (bring your own device) environments. Using BlackBerry Dynamics™, provisioned by BlackBerry® UEM (unified endpoint management), lets them remain secure even in the face of zero-day attacks while minimizing exposure from dependence on OS vendor patches.
We think that’s one reason BlackBerry was designated as the Gartner® Peer™ Insights 2023 Customers' Choice for unified endpoint management tools.
BlackBerry Innovations in Mobile Security
Over the course of BlackBerry’s almost 40-year history, we wrote the book on mobile security. We're still innovating in that space, and today we offer the most highly certified mobile security platform in the world: BlackBerry UEM. It’s used by the world’s most security-conscious organizations – governments, banks, law firms, and more. These organizations realize that mobile security threats are significant — and so is the ability to defend against them.
Mobile malware is on the rise according to recent BlackBerry research. The Quarterly Threat Report highlighted that financial services, for example, are facing persistent threats through smartphone-centric commodity malware, ransomware attacks, and the rise of mobile banking malware. And given the latest widespread threats targeting popular mobile OS products, it seems like a good time to revisit exactly how BlackBerry protects mobile apps and data.
Data Isolation on Mobile Devices
Let’s say an employee uses their mobile device to conduct business in your IT environment. If you depend on your mobile OS security alone, and their mobile device becomes compromised, so does your corporate data, as well as your clients’ sensitive data.
We've also seen plenty of cases where 2FA (two-factor authentication) on a device is treated as a security plan; there are known vulnerabilities with that strategy as well. For these reasons and more, BlackBerry approaches things differently. We view everything — except the BlackBerry UEM secure enclave that protects corporate applications — as insecure and potentially a threat.
For example, even if an employee accidentally installs malware on their phone, corporate data housed on that compromised device is still protected because BlackBerry Dynamics containerizes approved apps and their associated data, segmenting them away from other hostile actions that may be taken against the device. In addition, BlackBerry actively defends against common tactics used to exfiltrate data, and MTD (mobile threat defense) is included, backed by BlackBerry’s patented AI cybersecurity.
Another stark difference between BlackBerry and other cybersecurity offerings is in the way mobile platforms handle encryption. BlackBerry delivers “encryption within encryption,” and here’s how it works: Every app in BlackBerry Dynamics has its own unique encryption key, held in memory only when that app is in the foreground. When the employee closes out or even minimizes an app, the key is destroyed — not merely deleted — minimizing the risk of abuse by bad actors. This level of security is not commonplace, but it can mean a world of difference if and when a compromise occurs.
In addition, we encrypt the encryption key. So even if a threat actor obtains that key and wants to compromise corporate apps on the device, they can’t access it unless they also have the second key. This is why your data and apps stay protected, even if there is malware running in the background on the mobile device.
Added to this is the fact that BlackBerry Dynamics encrypts the entire secure enclave, so even if someone has a key needed for a certain database, they won’t have the encryption key to decrypt it. This is unique to BlackBerry.
This just gives you a small taste of what makes BlackBerry UEM an incredibly secure mobile device platform, and in fact, the most security-certified UEM in the industry. Customers also have full access to our application marketplace, which contains more than 125 trusted apps from the biggest names in employee productivity. We do in-depth analysis on each app offered in our marketplace, including Veracode verification, penetration testing, API (application programming interface) checking, and more.
All of this reflects our history and track record in the industry: BlackBerry pioneered mobile device security and our innovative approach confirms we still do.
Make Mobile Device Security Part of Your Overall Plan
Given the increasing demands for remote and mobile access to sensitive and regulated data, the risk to organizations is growing exponentially. It underscores a critical need for us all to include mobile endpoints in our overall cybersecurity strategies — because more and more, that’s where the data resides.
Learn more about BlackBerry Dynamics and BlackBerry UEM.