Economic espionage – also known as industrial espionage, corporate espionage and corporate spying – justifiably resides as the top concern of security professionals and persists across companies of all sizes. Whether a company’s knowledge assets or data on its personnel, the odds have long been that someone seeks proprietary information.Today, however, the information is more accessible, exists in various locations and available to devices via the internet. What has also changed is the migration of access to data as it no longer occurs for everyone from a computer terminal in an office. Data now resides in the cloud and may possibly be distributed across a myriad of electronic devices. Moreover, the adoption of mobile computing combined with the explosion of electronic devices has forged a Bring Your Own Device (BYOB) work model that has essentially extended the enterprise’s security perimeter to each employee’s phone providing assailants a greater surface to attack with an easier entrée given the vulnerabilities with smartphones. These devices that have more computing power than what powered a business 40 years ago have but a fraction of the protections. The abilities to access corporate systems, intercept inter-company correspondence, eavesdrop on sensitive conversations, track employees and store precious data now reside on smartphones and reside in nearly every employee’s hand with the first and often only guard of protection to something an enterprise values.
As the internet uses #PasswordDay to celebrate and patronize the 1961 Massachusetts Institute of Technology creation of the password, we at Privoro are working on our goal of ending the use of passwords within our organization.
Personally Identifiable Information, commonly referred to as PII, can be broadly defined as any data that could potentially identify a specific individual. Additionally, it may include any information that can de-anonymize a person from other persons or a set of anonymous data.
We hear this when we discuss the breaches to smartphones with people who are often not government intelligence or security professionals – users who are all too aware of these mobile security concerns. Breaches that are executed by competitors, governments and malicious actors of all types like those mobile surveillance attempts on a human rights activist being or a Mexican journalist. When we elaborate on how everyday apps over-reach their intended purpose to pry into the personal lives of users with mobile tracking to listen in on conversations or to track user location data; people say they have nothing to hide. To help shed some light on smartphone vulnerabilities, your smartphone privacy and what’s really at risk when your phone has been compromised, we set out to hack a smartphone and reveal the information that may be accessed through its sensors.