Security experts are suggest companies should ban Facebook Home from corporate networks due to the security risks it could pose.
Introduced last week, Facebook Home is an app launcher that replaces the home screen on an Android device, giving user quick access to the key elements of the social network.
Heavily focused on bringing the social media experience to the forefront of the Android OS, the Facebook Home skin brings together Facebook compatible apps like the original Facebook app, Facebook Messenger, the Camera and Instagram.
However, security experts are warning that Facebook Home could pose huge risks for corporations offering a “bring your own device” (BYOD) system to its staff members.
“That’s the first thing I would block on my network,” said Chester Wisniewski, security adviser for Sophos, when asked about Facebook Home.
AS security advisors outside of Facebook have yet to come into contact with the app, the accessibility of the Facebook Home service is unknown. The Android skin could contain vulnerabilities that hackers could use to install malware and attack the corporate systems.
“It just has higher threat levels, because we just don’t know,” said analyst and founder of J. Gold associates, Jack Gold. “It’s an Android device under the covers, but what has Facebook done?”
Corporations wouldn’t be able to entirely block Facebook Home, as the app is designed to allow easy access to the social network’s features.
“If you’re using a phone where your entire experience revolves around Facebook, you’re going to be more apt to share information, either purposely or unintentionally,” said John Grady, IDC analyst. “So much of security isn’t users doing things they shouldn’t be doing on purpose. A lot of it is accidental.”
The Android OS is already the biggest target for cybercriminals looking to implement malware, so Facebook Home could potentially provide easy access to the Android software for more attacks.
Also, due to the new Lock Screen function Coverfeed, one of the key features of Facebook Home, if an employee lost or misplaced their handset, anyone could easily post or like content detrimental to their business’ reputation and image.
Due to this, security experts have said that they don’t expect any company to allow Facebook Home on corporate network until the full security risks have been identified.
“I don’t think the target is really business users, so I wouldn’t be that worried about a lot of prevalence of this in the business community, especially at first,” added Grady. “But it never hurts to double down and make sure the policy is clear.”
Via: CSO