If you own a device running a Linux-based operating system such as Google Android, there’s a good chance you are affected by the recently-discovered Dirty Cow vulnerability. The vulnerability raises alarming questions surrounding bring your own device (BYOD) usage and how it may affect organizations who rely on employees’ personal devices for their operations.
It’s a significant security issue affecting millions of device users, leaving them vulnerable to hackers potentially gaining access through the operating system itself. While patches to close the loophole have been deployed by some major Linux-based operating systems, an untold number of devices are still unsecured.
What is Dirty Cow?
The security vulnerability, officially known as CVE–2016–5195, was actually introduced into the Linux kernel in 2007 but wasn’t noticed until October 2016. It takes advantage of a Linux function called “copy-on-write” that gives hackers access to privilege control on affected devices.
This means that it’s relatively easy for anyone familiar with a Linux file system architecture to gain control of affected devices. So easy, in fact, that Ars Technica calls it “one of the worst privilege escalation flaws ever to hit the open-source OS.”
Learn More About BYOD In The Workplace
These root permissions allow, for instance, unscrupulous app developers to gain potentially dangerous access to a device’s file systems. Hackers can access devices through networks, file sharing protocols such as Bluetooth, or via Wi-Fi.
Key Concerns About BYOD
The key concern to BYOD lies in the ubiquitous nature of Linux-based operating systems. Due to the fact that it’s open source and, therefore, free for anyone to acquire and modify, Linux has become one of the world’s most widely-used source codes for operating systems.
In Addition To This…
Popular open source desktop architectures, such as Ubuntu and Red Hat, Linux forms the basis of the Android mobile OS. With 1.4 billion Android users worldwide, this represents a serious potential security issue.
Another alarming figure is the number of Linux-based servers out there. It’s estimated that out of the top million websites, 98.3% are based on Linux servers.
Security patches are available. However, the major issue lies in the fact that the deployment rate is poor. While most Linux-based operating systems such as Ubuntu and Red Hat have issued fixes, the vast majority of Android devices are no longer supported by their manufacturers.
Newer Android phones and tablets, for instance, receive fairly constant security updates. However, manufacturers frequently stop supporting older devices after a few years. Phones that have been around for more than two years are particularly vulnerable since security fixes are generally no longer issued.
This leaves hundreds of millions of devices that may never receive a security patch. It’s a crucial security flaw that may expose millions of companies and organizations with BYOD policies to unnecessary data security risks.
Dirty Cow and BYOD: What it means
Companies employ BYOD policies for a number of reasons. For one, it results in lower capital costs for the organization as it doesn’t have to supply devices to their employees. Having the employee bear the costs of acquiring and operating the device is one of the reasons why it’s become a popular practice.
As well, employees enjoy device familiarity, which in turn increases productivity. It’s seen as a “win-win” scenario for both sides since employees can work from virtually anywhere.
Despite the advantages, there have always been downsides associated with BYOD. Security concerns form the basis for most of them, and with the Dirty Cow vulnerability, the risks have seemingly multiplied.
While there is a greater risk of potentially damaging data breaches, there are a number of measures that a company can take to mitigate the risk and their liability while still taking advantage of the benefits brought by BYOD.
Implement BYOD Safely & Securely With PCMContact Us
How your company can mitigate the Dirty Cow risks
Your organization’s IT department should be following BYOD best practices in order to ensure that sensitive data remains secure. When it comes to Dirty Cow vulnerability, it’s incumbent on technology personnel to put in place policies that safeguard information.
Take Advantage Of Mobile Management solutions
While many companies have set guidelines in place, others have a lackadaisical approach to allowing employees using their own devices. Having an endpoint mobility management (EMM) plan in place can help ensure that employee devices remain secure.
Ensure Devices Receive Security Updates
Each employee device should be examined by IT personnel to make sure that it has received a security patch for the bug. If it can’t be upgraded or a patch manually deployed, it should be segregated from the corporate network.
Enforce BYOD Policy
Whether you use EMM solutions or not, develop and enforce your organization’s BYOD policy. Employee devices can bring vulnerabilities into the fold, so it’s important for management to make sure that proper best practices are being followed.
Stay Abreast Of Mobile Device Vulnerability
While Dirty Cow is the latest bug to affect open source operating systems, there are always others lurking over the horizon. Keeping informed about the latest potential security issues affecting employee devices is an important step toward keeping your data secure.
The Dirty Cow vulnerability has not only exposed a potential security weakness affecting hundreds of millions of devices worldwide, it’s also shown that companies can be particularly susceptible to a new avenue for data breaches.
It’s vitally important that organizations follow best practices regarding BYOD policy; working to mitigate their risk by ensuring that employee devices don’t expose them to unnecessary risk.
PCM Canada is a leader in providing endpoint mobility management (EMM) solutions, like Microsoft EMS to businesses of all sizes. Contact us to learn how we can help you manage all aspects of your company’s mobile device usage.