Bitglass News

MDM Invades Privacy, is Capable of Exposing Private User Data

By Bitglass | Jun 23, 2016 5:00:00 AM

CAMPBELL, CA--(June 23, 2016) - Bitglass, the Total Data Protection company, today released the results of its “MDMayhem” experiment. Bitglass tracked personal mobile devices of several willing employee volunteers with mobile device management (MDM) software to understand how MDM could be misused and to assess the true extent of access employers have over personal data and user behavior.

Bitglass researchers configured the MDM software to route mobile data traffic through a corporate proxy and installed corporate-issued certificates on employee devices to decrypt SSL traffic. This, a common configuration in enterprise MDM deployments to inspect traffic for malware, enabled researchers to see the contents of employees’ personal email inboxes, social networking accounts, and even banking information. Notably, the usernames and passwords used to log into sensitive accounts, including personal banking accounts, were transmitted through the corporate network in plain text. MDM also gave the Bitglass team visibility into users’ app downloads and browsing history, which exposed sensitive search queries, including several health-related searches.

Third-party apps were also susceptible to packet sniffing. Even on iOS, where some believe app sandboxing limits employer visibility into user behavior, researchers were able to intercept personal communications sent through widely-used apps including Gmail and Messenger.

The MDM solutions tested could force GPS to remain active in the background without notifying the user, pinpointing the locations of managed devices in real time while draining battery power in the process. Location data also revealed user habits – where employees went after work, where they traveled on weekends, how frequently they visited their local supermarket, and more.

"The invasion of privacy by MDM is a key reason that there are two billion mobile devices on the planet, but only a few million devices managed by MDM" said Nat Kausik, CEO, Bitglass. “IT leaders looking to enable BYOD must focus on a data-centric, agentless approach that respects user privacy.”

67 percent of employees would participate in a BYOD program if employers couldn’t view or alter personal data and applications according to Bitglass’ most recent BYOD report. Without a security solution that respects user privacy, employees will simply work around IT. To protect data on unmanaged devices, organizations are now adopting agentless, data-centric solutions that provide employees more flexibility without the privacy implications of MDM.

Download the full results of the experiment here



About Bitglass

Bitglass’ Cloud Access Security Broker (CASB) solution provides enterprises with end-to-end data protection from the cloud to the device. It deploys in minutes and works with any cloud app on any device. Bitglass protects mobile devices without the hassles of MDM and enables enterprises to enforce corporate data security policies across apps like Office 365, Salesforce, and Exchange. Bitglass, based in Silicon Valley, was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.