WEBVTT

00:00.420 --> 00:06.080
If you're an organization that's deploying mobile devices you have a lot of responsibility.

00:06.210 --> 00:08.040
And that's what this episode is about.

00:08.130 --> 00:10.030
What I call mobile enforcement.

00:10.110 --> 00:12.920
So I want to break this episode into two big pieces.

00:13.020 --> 00:19.140
The first one are some of the evil actions that your users can do to your individual devices.

00:19.140 --> 00:21.830
And the second part is some of the monitoring.

00:21.850 --> 00:27.390
In fact a little bit kind of Big Brother type of monitoring that enterprises should at least consider

00:27.690 --> 00:33.270
to cover themselves from potential liability depending on how their users use their phone.

00:33.270 --> 00:37.350
So let's go and start off with some of the evil things that people can do.

00:37.350 --> 00:40.060
First of all there's something called side loading.

00:40.080 --> 00:45.210
Now normally when you're installing software you take advantage of whatever the name of the store is

00:45.210 --> 00:46.320
for your platform.

00:46.350 --> 00:49.430
For example with an android it's called the Google Play store.

00:49.650 --> 00:52.000
And that's the only place you can install software.

00:52.020 --> 00:58.890
So the reason we do that is because Google and then Apple work very hard to make sure that the software

00:58.920 --> 01:00.390
that's installable is good.

01:00.390 --> 01:03.030
It's not doing evil things it doesn't have malware.

01:03.030 --> 01:09.120
It's not stealing your social security number whatever it might be side gloating is the process of getting

01:09.120 --> 01:10.270
around that store.

01:10.320 --> 01:12.750
Now on Apple's this is very difficult to do.

01:12.750 --> 01:16.760
You have to set up a developer account and all this stuff on Androids.

01:16.830 --> 01:18.550
It's actually pretty easy to do.

01:18.780 --> 01:23.730
And you can actually go to certain Web sites and you can download a particular file downloaded onto

01:23.730 --> 01:30.090
your Android device and double tap on it and you install it just like you would install a program on

01:30.090 --> 01:31.850
a Windows desktop.

01:31.890 --> 01:34.770
Now side loading can be a good thing or a bad thing.

01:34.770 --> 01:39.330
A lot of people who are doing development work they're not ready to go to the store.

01:39.480 --> 01:42.830
And so you do side loading to test things out and that type of thing.

01:42.990 --> 01:48.330
But it can also be incredibly incredibly dangerous and it's something we want to try to prevent our

01:48.330 --> 01:50.550
users from doing so.

01:50.580 --> 01:54.630
The quick and easy answer is get an apple and it's going to be really really hard.

01:54.630 --> 01:59.790
Also there are certain tools we can use within the Android world to monitor and to stop side loading

02:00.740 --> 02:04.550
much safer is something called Carrier unlocking.

02:04.550 --> 02:09.830
Traditionally these individual smartphones were distributed by a particular carrier here in the United

02:09.830 --> 02:16.460
States they have names like AT&amp;T Verizon and T-Mobile and basically they are locked to that particular

02:16.460 --> 02:22.640
carrier by being locked it means you can only put if it's AT&amp;T locked you can only put AT&amp;T sims in

02:22.640 --> 02:22.930
it.

02:23.120 --> 02:30.920
If it's Verizon locked you can only put Verizon sims in it and in the United States you are actually

02:30.920 --> 02:36.650
required by law to be given a way to unlock the phone if you want by unlocking the phone you can do

02:36.650 --> 02:37.980
some pretty cool stuff.

02:38.000 --> 02:45.140
For example you can take advantage of third party folks like Google fi anting who will provide you their

02:45.140 --> 02:45.980
sims.

02:46.000 --> 02:51.590
Now these guys will piggyback on major carriers and you can often get very very inexpensive rates can't

02:51.590 --> 02:58.370
tell you many people have seen you're using AT&amp;T or something like that and paying a 70 80 90 100 dollars

02:58.370 --> 03:03.860
a month and all of a sudden now they're down to 35 simply by yanking out a sim and putting in another

03:03.860 --> 03:04.180
one.

03:04.220 --> 03:08.360
The security issues that you might run into this are pretty small.

03:08.390 --> 03:14.240
The only real downside that I would be concerned is that if I issue a phone on an AT&amp;T account I would

03:14.450 --> 03:19.460
have the ability to track things and if I were in a scenario where suddenly a particular phone that

03:19.460 --> 03:25.840
I issued had no data use had no voice use I might be wondering if they unlock that phone.

03:25.940 --> 03:31.470
That phone far more nefarious is the concept of routing.

03:31.510 --> 03:37.990
If it's an android or jailbreaking if it's an apple you've got to remember that when you are handed

03:37.990 --> 03:41.350
a smartphone you don't have root access.

03:41.350 --> 03:49.750
You don't have the administrator super user account that's actually held in control by the actual distributor

03:49.750 --> 03:51.080
of the software itself.

03:51.340 --> 03:53.710
And they do this for some really good reasons.

03:53.770 --> 04:02.220
It's a lot harder to have people do bad things to their system to reformat the firmware to install malware

04:02.230 --> 04:03.610
all kinds of things like that.

04:03.730 --> 04:05.520
If you don't give them access to it.

04:05.650 --> 04:12.340
However there are situations where a very technical person like me would like to get what's known as

04:12.520 --> 04:14.320
root access.

04:14.320 --> 04:20.350
When I get root access I can install very very powerful software that should not be in the hands of

04:20.350 --> 04:21.730
normal people.

04:21.730 --> 04:24.430
And I can do a lot of really interesting things.

04:24.460 --> 04:29.110
For example one of the things I can do is called custom firmware.

04:29.110 --> 04:31.750
So I want you to take a look at the screen right here.

04:31.750 --> 04:38.140
So what we're looking at is this particular phone has been routed.

04:38.160 --> 04:44.780
So every time I booted up it gives me a screen that looks like this that screen is just Google's way

04:44.780 --> 04:50.180
of saying I really really don't like the fact that you have routed this phone.

04:50.240 --> 04:54.290
So with my phone I also do things like install custom firmware.

04:54.380 --> 04:58.760
So if you take a look at this screen in essence what you're looking at right here with the little robot

04:58.790 --> 05:06.090
on his back that is the equivalent of going into the phone's bias and they just call it firmware here

05:07.110 --> 05:13.190
what I'm doing is I'm getting rid of the firmware that came with the Android device and putting in a

05:13.190 --> 05:15.730
custom firmware.

05:15.860 --> 05:18.680
Now custom firmware sounds like a great idea.

05:19.390 --> 05:23.470
It does have some big benefits for example with my phone.

05:23.580 --> 05:26.940
There's a lot of companies that put out what we call crapware.

05:26.940 --> 05:32.820
Lots of little applications that you can't uninstall and do things that you're uncomfortable with.

05:32.820 --> 05:39.240
And because I have a level of sophistication I use these custom firmwares to get rid of that.

05:39.270 --> 05:41.160
I also use these to take advantage.

05:41.240 --> 05:47.070
There's all kinds of hardware inside my phone that is turned off by default and using custom firmware

05:47.070 --> 05:48.430
allows me to turn them on.

05:48.540 --> 05:55.300
You know every Android phone comes with an FM radio using a custom firmware I can turn that radio on.

05:55.300 --> 06:00.670
Now these sound like a good idea but it also exposes you to a lot of issues.

06:00.720 --> 06:06.810
For example once you've routed a phone and install custom firmware all those wonderful automatic updates

06:06.810 --> 06:09.510
that you enjoy so much they stop working.

06:09.600 --> 06:13.420
Also a lot of times you have trouble accessing the store.

06:13.500 --> 06:18.960
Now for me it's worth it because I've got an extra phone that I do extra stuff with my primary phone

06:18.960 --> 06:24.190
that I live on a day to day basis that if you called me this is what I'd pick up I've never routed that.

06:24.390 --> 06:32.340
So as the person who is issuing the phone routing devices is a really really bad idea if somebody wants

06:32.340 --> 06:37.800
to read a phone let them go get their own phone and go about routing it routing exposes you to all kinds

06:37.800 --> 06:40.440
of malware to all kinds of dangerous programs.

06:40.560 --> 06:47.770
And it's a risk that I'm not willing to take if I'm offering somebody else a phone.

06:47.780 --> 06:53.680
So those are the issues that we can run into that individuals can do to our devices.

06:53.680 --> 06:58.890
Now let's take a moment and let's talk about what I'm just going to call Big Brother.

06:59.240 --> 07:00.620
Hi I'm evil Mike.

07:00.620 --> 07:03.290
OK so evil Mike is an unfair thing to say.

07:03.500 --> 07:10.400
If I'm issuing smart devices to people there are a lot of features on there that I should be actively

07:10.460 --> 07:12.850
monitoring to look for misuse.

07:12.860 --> 07:17.900
So what I want to do is just run through these really really quick so you understand why we need to

07:17.900 --> 07:18.590
avoid them.

07:18.590 --> 07:20.090
Do you mind if I get this.

07:20.290 --> 07:24.220
How do I put a mustache on a mustache OK.

07:24.230 --> 07:24.980
Real quick.

07:24.980 --> 07:31.160
First of all is firmware over the air updates now firmware does get updated and that's usually going

07:31.160 --> 07:36.570
to be dispersed by the actual people who run the operating system themselves.

07:36.680 --> 07:40.430
Although in some enterprises if you're big enough you can control that.

07:40.460 --> 07:45.770
The downside to firmware over the air updates is that it can cost outrageous sums of money.

07:45.800 --> 07:51.770
So if you just want to double your data bill any one given month just make sure everybody has firmware

07:52.010 --> 07:55.030
over their updates turned on so they can do it.

07:55.100 --> 08:00.620
Make sure that that's turned off across the board and on all of these different smart operating systems.

08:00.620 --> 08:03.950
That's a policy you can turn off from one control point.

08:03.980 --> 08:05.720
Second is Camerer use.

08:05.730 --> 08:09.080
Now this is a little bit maybe I should put the mustache back on.

08:09.110 --> 08:12.790
I get nervous about monitoring my people's camera use.

08:12.920 --> 08:17.570
I've discovered that usually the better thing to do is have a written policy saying we are monitoring

08:17.630 --> 08:22.040
all of the things you're doing on your camera and you'll be surprised how much more careful people would

08:22.040 --> 08:22.760
be.

08:22.760 --> 08:29.710
However there is some serious litigation issues involved with mis use of cameras and don't go think

08:29.710 --> 08:31.400
in naked pictures.

08:31.410 --> 08:37.640
There's all kinds of other things that can go on that are far more nefarious taking pictures of competitors

08:37.820 --> 08:44.240
products stealing barcodes there's all kinds of things and direct monitoring is really the only way

08:44.300 --> 08:46.790
you can watch for stuff like this.

08:46.850 --> 08:51.330
The next one I want to talk about is this and then basically texting.

08:51.440 --> 08:58.340
The issue we run into these is number one what are people as a messaging and texting out between each

08:58.340 --> 08:58.970
other.

08:59.330 --> 09:03.040
But more importantly than that is really again just cost.

09:03.140 --> 09:09.140
It's shocking how much people can overrun in terms of their bills just by texting.

09:09.140 --> 09:11.820
It depends on what your billing system is.

09:11.900 --> 09:17.300
But I have seen nightmare scenarios specially when people kick into roaming things where they're in

09:17.630 --> 09:22.410
another geographical area and suddenly bills go absolutely sky high.

09:22.430 --> 09:26.730
So be sure to watch for that next as external media.

09:26.730 --> 09:30.360
Now what we're talking about external media we're talking about two different things here.

09:30.360 --> 09:39.230
Number one have you actually plugged in a external storage device to your particular phone or more commonly.

09:39.300 --> 09:44.670
What are we talking about an extra SD card that you can slide onto your phone to do whatever you might

09:44.670 --> 09:45.920
want to do.

09:45.930 --> 09:52.260
The downside to these is that if this phone is being used for company information there is no easy way

09:52.260 --> 09:58.490
to prevent a user from copying that data from your phone onto the external media.

09:58.500 --> 10:04.680
So if you've got proprietary information if you have confidential information you need to either get

10:04.680 --> 10:10.560
phones that absolutely turn it off or at the very least have a good policy that people understand what

10:10.560 --> 10:13.110
they can and can't do in terms of external media.

10:14.030 --> 10:17.580
Now the next to it I'm going to kind of hit him at once.

10:17.600 --> 10:24.620
Our recording microphone and GPS tag and the reason I'm putting these two things that sound disparate

10:24.620 --> 10:29.450
together is because these are used for that scariest of situation.

10:29.540 --> 10:36.200
When somebody loses a phone all operating systems have some kind of find my phone feature and that's

10:36.200 --> 10:36.810
great.

10:37.010 --> 10:39.590
But you can often take that a step further.

10:39.590 --> 10:45.200
There are third party apps and tools out there that for example if you press a button three times in

10:45.200 --> 10:48.070
quick succession it will turn on the microphone.

10:48.110 --> 10:50.390
It will send out GPS tagging.

10:50.450 --> 10:55.880
It will start pinging via text two or three or four different people until someone else can come in

10:55.880 --> 10:57.220
and punch in a code.

10:57.350 --> 11:02.120
If somebody is in a scary situation where they're uncomfortable those types of tools can be incredibly

11:02.120 --> 11:02.830
important.

11:02.840 --> 11:11.290
So it goes way beyond simply losing a phone and last payment methods payment methods are amazing.

11:11.310 --> 11:15.530
I love taking advantage of my Google pay features.

11:15.840 --> 11:18.930
I'm not an Apple person but I know Apple has one as well.

11:18.960 --> 11:24.870
Even things like Pay-Pal provide all kinds of incredibly easy payment method tools where your credit

11:24.870 --> 11:27.970
card or your bank account is connected to these things.

11:28.050 --> 11:33.720
In many situations direct real time monitoring is absolutely required.

11:33.720 --> 11:38.480
All of the tools that I use have real time tracking to them.

11:38.490 --> 11:44.550
Now luckily I don't have a ton of employees but in my situation if anybody uses any of these devices

11:44.550 --> 11:51.570
the moment they use it I instantly get a text showing the amount and the device and the source what

11:51.570 --> 11:54.870
store they went to to be able to get something like that.

11:54.900 --> 11:59.700
This is the first place that bad guys go to if they steal a phone is they're going to try to use some

11:59.700 --> 12:00.960
of these payment methods.

12:00.960 --> 12:06.880
Granted most payment methods take advantage of fingerprint tools and pass codes but it's never a guarantee

12:07.260 --> 12:12.180
specially if somebody is under duress with a very very scary person.