News

#delete Facebook, MDM-agent, CASB-agent ..

887

This post was originally published here by Nat Kausik.

It is now widely known that Facebook takes our personal data and hands it over to advertisers, “app developers,” and others in less than savory pursuits. Then we learn that the Facebook mobile app sniffs your phone calls and text messages. But what about those MDM agents or CASB agents on your BYOD?

When you install an MDM agent on your personal mobile device, you are ceding control of your phone to your employer. As succinctly stated by an MDM administrator:

Here’s the short list of the information you can collect with a MDM system: damn near everything.

I can pull the full hardware and software inventory. I can see your phone number, carrier, IMEI, serial number, OS version, app inventory, GPS location, network IPs, is encryption enabled, do you have a PIN set, etc. I could force a trusted Certificate Authority on your device, set a required proxy, and break SSL on all your web traffic. I could also force your device to connect to my VPN at all times.

Basically, you put your trust in your company to not be evil.

In brief, an MDM agent has access to pretty much everything on your smartphone. Yes, even copies of all your text messages maybe sent to your employer.

On Android specifically, IT can relay SMS messages from the device to corporate email archival systems.

Likewise, CASB agents on laptops can proxy all of your traffic, defeat SSL encryption to inspect all of your communication, both personal and corporate. If your company uses an agent-based CASB, when you log in to a corporate application from your personal laptop, a CASB agent gets installed. Thenceforth, the CASB agent may forward any and all of your traffic via a proxy that inspects both personal and business communication, compromising your privacy, and that of your family, permanently.

If you are concerned about Facebook invading your privacy, you should be very concerned about MDM-agents and CASB-agents on your personal smartphones and laptops respectively.

Only Bitglass agentless architecture respects user privacy!

Photo:Information Security Buzz

Can Ransomware Gangs Be Neutralized? Exploring Strategies to Combat Cyber Extortion

Data privacy and security become most worrisome for AI adoption decision…

Microsoft and Google are top brands misused to scam users

Cyber Threat from Remember Me Checkbox

#delete Facebook, MDM-agent, CASB-agent ..

No posts to display

NEW REPORTS

2024 Security Service Edge Report [HPE]

2024 VPN Risk Report [HPE]

2024 Insider Threat Report [Securonix]

2023 Content Security Report [Votiro]

Block title

EDITOR PICKS

The Digital Future Needs Cybersecurity Leaders

What to Take into Consideration When Choosing a SAST Tool for...

How to Safeguard Your Data Through Security Awareness Training?

POPULAR POSTS

List of Countries which are most vulnerable to Cyber Attacks

Top 5 Cloud Security related Data Breaches!

Top 5 PCI Compliance Mistakes and How to Avoid Them

RECENT POSTS

Can Ransomware Gangs Be Neutralized? Exploring Strategies to Combat Cyber Extortion

Possible Cyber Attack on 911 of 4 American States

Data privacy and security become most worrisome for AI adoption decision...