Security "Bits"

What’s Lurking On Your Trusted Device?

By Annie Wang | November 11, 2014 at 1:06 PM

Home_Depot-data_breachThe idea of “trusted” devices seems to be both overused and misunderstood. For those of you who are not familiar with the term, Trusted Devices are devices that a company has deemed as “secure.” They frequently have unrestricted network access to some of the most secure data in an enterprise. Government agencies and the world’s largest banks all use the “trusted device” security model to give their employees access to sensitive information. 

The Wall Street Journal recently published a report on the massive Home Depot breach that occurred earlier this year. It turns out that Home Depot blamed a vulnerability within Windows for the breach, claiming that attackers were able to steal credentials from the vendor and finagle their way into the retailer’s more secure computer networks. Because of this, Home Depot announced that it will now begin switching their executives over to Apple OS X and iOS devices, citing these platforms’ stronger security. Home Depot’s mass executive movement to using these more “trusted” devices creates it’s own set of problems. I’ll get to that shortly. 

Organizations whose security models involve "trusted devices" are 
naturally prone to breaches.  Employees take their laptops on the go, 
download malware while connected to public WIFI networks, and come back to the office where 
the device is still treated as trusted and allowed to connect to the 
network. The now compromised, but still trusted, device enables the hacker to gain a broader and more permanent foothold inside the network.  

The trusted device model creates an idea of false security causing employees to drop their guard, buying into the idea that the devices are somehow unbreachable. Companies who succumb to this actually end up becoming a risk to themselves. They need to keep in mind that in today’s world, these trusted devices are mobile. This means that they are just as vulnerable to cyber attacks as “untrusted” devices.

For years now, operating systems have taken on similar titles of trusted and untrusted. iOS devices are seen as more secure than Android devices. While there may be some truth to that position, it doesn’t mean that a corporate iPhone is impenetrable. This is simply not true.


The news of Home Depot’s Mac migration comes at a pretty interesting time as OS X and iOS devices have their own set of newly discovered vulnerabilities. 3 brand news ones to be exact. Just last week the world learned of a “Rootpipe” and a new malware called “WireLurker” that may have the power to attack any Apple Device. 

“Rootpipe” was discovered by a Swedish hacker working for a security firm called Truesec. The vulnerability allows an attacker to skip over the password requirement on a Mac OS X device and access the root of the computer. Root is known as the highest level of access on a laptop device.

The “WireLurker” malware travels through USB cables and is the first of it’s kind. Running on an OS X system, “WireLurker” can install downloaded third-party applications or automatically generate malicious applications onto a USB-connected iOS device. 

Another vulnerability was discovered in iOS this week that allows malware to be installed on iOS devices via applications. The vulnerability has been dubbed as “Masque Attack.” All 3 vulnerabilities threaten to destroy Apple’s key advantage. It’s once formidable on-device security. And who knows what new malware will be conjured up next.

But wait, there’s more. Home Depot’s decision to move their top executive employees to Macs may create even more of a reason for hackers to attack them again. Since devices used by executives typically have unrestricted network access, they are the best way for hackers to gain access to a company’s sensitive data. They are essentially the golden ticket to the data kingdom and are some of the most sought after credentials on the black market.

Even the most powerful can’t hide. Executives are under fire even when staying in some of the world’s most prestigious 5-star hotels. A newly discovered malware created by a group called DarkHotel specifically goes after high-profile hotel guests using the hotel’s wifi network. It’s said that the group has been active for over 7 years, targeting high-profile hotel guests in luxury hotels in Asia.

Corporations must migrate to a security model that treats all endpoint devices as suspect in order to defeat sophisticated hackers. You can call a device what you want “trusted” or “untrusted”, at the end of the day it’s not the device you should be looking to secure - it’s the data that the device is attempting to access that needs to be secured.


Chris Hines

Product Marketing Manager @Bitglass



see all