As smartphones evolve, they’re subject to the same security threats as desktop devices: loss, theft, application bugs, malware and more. However, technology has made key advancements in hardware, and vendors are making significant additions to high-end phone parts specifically designed to increase overall security.
For Android phones, Google has created a cooperative environment so that the operating system is meshing with more secure hardware, providing protection from the chip up and safeguarding sensitive data. Here are some of the most important features to look for in an enterprise smartphone:
1. Secure Booting
Secure booting traces a path between the hardware and the operating system, and requires all loaded software is digitally signed by an approved author. Some versions of this process, such as Samsung Knox, have additional hardware-based protections, like operating system rollback protection and tamper protection.
This method involves knowledge of what relevant digital certificates need to be burned into the hardware. Each startup step is verified, from base hardware to the software. When properly implemented, attackers can’t get “under” the operating system, which is a popular technique for evading operating system protections.
2. Trusted Execution Environment
It’s also important to consider trusted execution environments (TEEs), since keying and authentication materials need to be protected from exposure, even if the software is completely compromised. These provide a hardware-separated processor, effectively running a different operating system, that cannot be affected by the main CPU.
TEEs can be used to store keying material and take charge of disk encryption and decryption. They may also manage other credential information that can’t be tampered with, such as a burned-in unique system ID. These small applications running inside of the TEE are called trustlets.
Because TEEs manage cryptographic keys, IT departments can securely implement disk encryption on partitioned devices with tools such as Knox Workspace. This level of security allows an IT manager to wipe half a smartphone, while leaving the rest of it untouched. It also allows for the possibility of data recovery, even after erasure or lockdown, by wiping the cryptographic keys.
3. Posture Checking
All of these security advancements make it easier for enterprises to monitor their devices. Hardware-assisted smartphone monitoring, or posture checking, is particularly helpful for this. It is a protocol inside of the TEE that is constantly confirming that the device has not been compromised through system integrity checking.
Another main benefit of posture checking is that data can be sent back to a mobile device management (MDM) or enterprise mobility management (EMM) system, as well as part of a VPN login. This is called attestation, and is a way to alert IT managers when a smartphone is tampered with, or is running an unsafe configuration.
Attestation combines multiple hardware-based features, including the TEE, posture checking and unique device authentication keys, to create a secure channel that can’t be spied on or subjected to a man-in-the-middle attack.
As security threats evolve, users should look for a variety of security capabilities within their devices — from both a hardware and software standpoint. Not only will it add an extra layer of protection, but it can also help them stay proactive about all different types of viruses.
Are unpatched security vulnerabilities worth the risk? A recent report shows just how much known vulnerabilities can cost your business.