Why Not Even Google Pixel Can Offer Real Protection

Posted: November 17, 2016 / Author: Dror Liwer

Pixel, the first smartphone made by Google (excluding HTC’s Nexus One) is creating quite a buzz in the marketplace.  Major questions, however, remain regarding the secure nature of the device.  While the waters have yet to be tested, Adrian Ludwig, Android’s director of security, has come out with an announcement declaring  the Pixel to be “as secure as the iPhone.” . While this may reassure some, the comparison between Pixel, iPhone or any other device may not matter at all.

With increasing business related communication and work taking place on a smartphone, security is paramount to success. When it comes to enterprise needs, it’s not going to be the colors or the cameras that will make the difference. Much of it comes down to mobile security. It’s no secret that corporate security admins are struggling to keep their networks clean in the BOYD era. “Off the shelf” smartphones, be it from Apple, Samsung, LG, HTC or Google do not provide safety for your corporate network, here is why.

Smartphones and Secure Hardware

The security hardware found in smartphone devices are similar across the wide range of manufacturers and offer little to no protection. There is a common misconception, for instance,  that iPhones are more secure than Android devices (including the new Google Pixel). This is based upon the understanding that it is not possible (without rooting) to install software outside of the heavily-curated iOS App Store, and that there is a ‘single iOS’ platform as opposed to the myriad manufacturer-customised versions of Android with inconsistent update cycles. The avalanche of apps available for Android are also considered to be a cybersecurity calamity.

Unfortunately for iPhone owners, their confidence is misplaced – a determined hacker will have no more trouble breaking into an iPhone than an Android device or reverse. The reality is that no phone in its off-the-shelf configuration can be considered sufficiently secure for confidential data or voice communication.

Despite encryption hardware security features on the Apple A9 chip, the security enclave is still being used.  The chipsets manufactured by Qualcomm that handle the data flow can be exploited by an attacker to gain access to Android devices using these chipsets, so this vulnerability affects over a staggering 900 million devices.

What about dedicated secure phones? Like Solarin by Sirin labs or Blackphone 2? Unfortunately, these aren’t really effective either. Overall, the selection of secure phones is very limited and their lower-end, outdated hardware comes with a high price tag.

You can read more about hardware vs. software security protection, here.

Smartphones and Secure Software

When looking at software security, three criteria come to light: security against hackers, support updates, and WiFi security according to the OSI model.

Just recently, Business Insider reported on a security flaw in Apple’s iPhones that enables hacking them with text only. In early 2016 the so called Metaphor virus enabled hacking of Samsung, LG and HTC Android phones. Research has proven that 87% of Android phones are just not secure enough.

Google’s Android hasn’t overcome typical security issues such as inconsistent updating cycles and various versions customized by developers and left unchecked. Further, Google’s new Assistant feature (which is being promoted along with the Pixel phone) will make it even more important to keep your data secure. Google has yet to really define how the data will be protected. Avoiding security issues  at the Pixel launch may have been intentional  and for good reasons too. Consider our eyebrows to be raised!

The Google Pixel OS is basically Android 7.0 Nougat. There are rumors that Andromeda OS will be launched soon, but there’s no clear indication as to when this will happen.

Securing the Lower Levels is Key

Whether you go with Apple, Samsung, LG, HTC or Google,  when it comes to security and wireless networks, there’s no difference. This is due to the fact that all Smartphones have an inherent built in flaw -- they’re designed to trust all the networks that they connect to.

As a result, this has created an opportunity for hackers to infect mobile devices with malware that enables them to hack into the data on the phone. Further, they can even see and manipulate transactions, from which standard antivirus can’t protect you.

This makes it crucial to secure the lower levels. But this doesn’t mean that hackers are not finding weaknesses in high levels as well.

The higher levels (application, presentation and session) focus on user experience and interaction, so manufacturers have found it important to focus on that. But they haven’t been able to create a fortress to protect smartphones from breaches at this level.  

Wireless network security breaches are becoming commonplace as low levels of security on WiFi and cell network, data-link, and physical data transmission have been neglected.

If you want mobile devices to be kept secure, you really need to focus not only a high level of security protection, but low-level protection as well. The best way to do this is to have the right software to keep each interaction secure over wireless  data networks.

Unfortunately, regardless of the mobile phone brand your company decides to utilize for sensitive business operations, a third-party solution will be necessary to keep it secure.

To learn more about how to protect your enterprise smartphone, go to Coro.net.

Previous Next