Among computer operating systems, Windows dominates, followed by MacOS and Linux. But lately, the top trio is being challenged by Google's Chrome OS, which is gaining popularity and recorded a 70% increase in business sales in 2020. Based on a Linux distribution and taking some of the basics of mobile devices, the Chrome environment is available on Chromebooks distributed by different brands.
The Chromebook adoption was greatly driven by the expansion of remote working last year. Because of its simplified functioning centered on office and business tasks, it is especially popular in the education sector and in large companies that usually provided desktops.
What security does Chrome OS offer?
The most notable security feature of Chromebooks is "sandboxing". Indeed, the sandbox mode allows each process (program, browser tab, etc.) to be isolated in its own space, having access only to essential resources (disk, RAM, etc.) for its proper running. This operating mode thus enables, for example, to limit risks coming from malicious web pages or malware.
On the other hand, Chrome OS differs from PC and Android in the way that it manages system updates. By making them automatic by default on all Chromebooks, Google considerably increases the adoption of security patches included in its new versions and thus reduces the exploitation of known vulnerabilities (CVEs).
Like smartphones and unlike computers, Chromebook uses mobile applications and include access to Google Play store. As a result, it gains in competitivity and versatility, an asset for professional use. However, the application model exposes users to malware and other risks of data leakage.
Another weak entry point to Chromebook is the network. As the workforce tends to increasingly work from outside organizations’ premises, network attacks are on the rise. When connecting to open WiFis at the café, the hotel, or the airport, users are exposed to man-in-the-middle attacks, in which a third party intercepts all data transmitted over the unsecure WiFi connection.
Malware and data leakage: threats related to mobile applications
With access to Google Play, the question of application security arises on Chrome OS, as it does on any Android and iOS device. Today, 76% of mobile data breach originate from applications.
There are three types of application threats that affect Chromebooks:
- Malware: programmed to steal sensitive information, extort, commit fraud... Although sandboxing makes some of them inoperable, others such as keyloggers, screenloggers and ransomwares remain effective. It is not rare to discover malware on Google Play, and it is very common in apps found on third-party stores which Chrome OS allows to install.
- Phishing: Now, 80% of all phishing is attempted through mobile messaging applications. This attack encourages users to enter sensitive information such as their password, login, company's banking info...
- Intrusive applications, which silently but yet legally collect a large amount of information about their users such as contact list, call logs, real-time location, etc. to build databases for resale. On average, 70% of devices have at least one application that exfiltrates personal data.
Secure your Chromebook
When members of your organization use Chromebooks, they are exposed to the same cyber threats as if they were working on smartphones. To protect the different entry points to your corporate data (applications, network, phishing...), it is essential to secure them.
The Pradeo Security solution meets the following needs:
- The Pradeo Security application secures your Chromebooks by automatically checking their integrity in real time. It ensures that your most valuable data is protected from application, network and OS threats.
- The secure private store allows you to distribute business applications to your employees in a completely secured manner. If a threat is found on their Chromebook, their access to business apps will be momentarily limited or denied.
- The mobile application audit platform provides a complete security analysis of the applications you want to publish or distribute. With an emphasis on personal data manipulation, hidden behaviors and vulnerabilities, it guides you in patching your applications.