Alleged CIA attempts to defeat smartphone security measures in order to obtain data from phones underscore how seriously companies must take their efforts around enterprise mobility security, solution providers told CRN.
Controversial whistleblower site WikiLeaks posted documents on Tuesday purporting to reveal CIA programs to "hack and control popular smartphones," including Apple's iPhones and smartphones running Google's Android operating system, WikiLeaks said in its news release.
"While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities," Apple said in a statement Tuesday.
Google did not immediately respond to CRN requests for comment.
Solution providers who spoke with CRN said they wouldn't be surprised if the documents are authentic and said the case points to the need for multiple layers of security as part of enterprise mobility strategies.
"Constant vigilance needs to happen on all aspects of your mobile enterprise," said Paul Troisi, chief customer officer at Troy Mobility, a solution provider based in Peabody, Mass.
While troubling because of the alleged government involvement, the case shows why it's important for solution providers to help companies "understand what a fully-loaded mobile security architecture will look like," Troisi said. "It does lend credibility to what mobile solution providers do on a regular basis."
In its news release on the so-called "Vault 7" documents, WikiLeaks describes a specialty CIA unit that develops malware to "infest, control and exfiltrate data" from iPhones as well as from iPads. WikiLeaks describes a "similar unit" for Android devices. The documents stem from 2013-2016.
Kevin McDonald, executive vice president and chief information security officer at Alvaka Networks, an Irvine, Calif.-based solution provider, said "layering as many security options over the top as you can" is the only reasonable response. And he agreed that vigilance is the key for security professionals.
The case "tells me and anyone who is paying attention, that if you think you're secure, you've got a lesson coming to you," McDonald said.