Keep the data on your phone safe, by keeping it off your phone.
The allegation that the crown prince of Saudi Arabia, Mohammed bin Salman, had a hand in hacking Jeff Bezos’s personal cell phone is stunning. One of the most interesting aspects of this story is that Bezos’s phone was a state-of-the-art iPhone with Apple’s best security. The phone was hardened, the user was savvy, and Apple has earned its reputation for being the most secure handset in the industry. None of that mattered, the phone was still hacked, so what went wrong?
More than one thing went wrong, but the biggest issue was not something that went wrong.The biggest issue was that there was something worth attacking on the phone. If there was nothing worth hacking on the phone, it would not have been hacked in the first place, or at least it would not have had any impact.
Data is a Target
A phone is not a target. A person is not a target. Data is a target, because it’s the only thing that matters in cases like these. Gaining access to a device with no data on it, is the same as not gaining access to the device.
The malware used against Bezos was sophisticated, expensive, and risky. All of the expense and risk was worth it however, because the target phone contained sensitive data. If people like Jeff Bezos want to keep their data secret they should set up a Virtual Mobile Infrastructure (VMI) which keeps sensitive data off the phone, but still at hand.
In a VMI instance the data stays safely on the company’s server, so the phone or tablet can be lost, hacked, stolen, or whatever, and no data is at risk. The user or their IT group can simply break the authorization for the device, and just like that, no data on the phone, nothing to hack, nothing to steal, no reason to attack in the first place.
Hard Targeting and Target Hardening
There are two concepts in security and defense work – target hardening, and hard targeting. Target hardening is the type of security that people are most familiar with. These are components like firewalls, vulnerability management systems, teams of security operation specialists, network operation centers, sensors, and the list goes on. Hard targeting is the security concept of making a target harder to find. A good comparison is the camouflage used by the military to make troops harder to see in the field of battle. Hard targeting comes in many forms as well, like masking network and server names, using generic filenames and conventions, and keeping critical information off of social media. It means a smaller target surface, which is harder to find.
On a normal phone data is spread across a host of apps, all with their own bugs, gaps, and issues. Protecting a variety of data in a variety of apps, for every version of the phone in existence is challenging. So the smart thing to do, is to consolidate the data behind a single entry point, and guard that point of entry well.
VMI solutions fit nicely into both security concepts. By keeping the data off of the device, and in a more tightly controlled and monitored environment, they make it much harder to view or move data undetected. VMI solutions also create a smaller target for attack. Since all useful data is only peeking out from a single window, with dedicated security architecture to detect and deter attacks, the attack surface is extremely small.
The data on a VMI supported phone is visible to the user; it is certainly “on” the phone in their hand. However, the data is also not on the phone.
As we’ve discussed the data in question never leaves the security of the parent network, it is just viewed through the VMI instance. You can see the pages, but you can’t do anything to the text. You can’t copy it, move it, or corrupt it.
In VMIs the data is viewable in pixel form like the printed pages of the book, you can’t change the text, you can only view it.
If we applied this concept to the compromise of Bezos’s phone, it becomes pretty clear that any exposure of data would have been minimized, or non-existent.
VMI is the superior security, not because it is better than Apple’s security, but because it makes the phone’s security irrelevant. It is also superior because it removes the incentive of the attack by eliminating the phone as a viable target, and you don’t need to be a billionaire to afford it.