Mobile Security Tom Taylor
Roadmap Security Risks Security Risks Examples of Attacks Examples of Attacks Personal Protection Personal Protection Business Protection Business Protection Measures companies taking to protect users Measures companies taking to protect users
Types of Attacks Malware Malware Premium SMS Billing Premium SMS Billing -SMS Phishing -SMS Phishing Spyware Spyware Malicious Sites Malicious Sites
Malware Android highest risk Android highest risk 90% kernel with vulnerability 90% kernel with vulnerability Applications “Apps” Applications “Apps” Malicious code Malicious code
Spyware Installed on your phone Installed on your phone Can track your location, track calls, messages etc Can track your location, track calls, messages etc May be hidden from lists of applications May be hidden from lists of applications
Attacks Ralf-Phillip Weinmann discovered compromise unprotected smartphones Ralf-Phillip Weinmann discovered compromise unprotected smartphones Gemini Gemini Zitno Zitno DroidDream DroidDream
Gemini Attached to legitimate applications Attached to legitimate applications Chinese app stores Chinese app stores Official apps not effected Official apps not effected
Zitno Zeus in Mobile Zeus in Mobile Trojan targeting banking Trojan targeting banking Captures SMS Messages Captures SMS Messages Windows Mobile, Symbian, Blackberry Windows Mobile, Symbian, Blackberry
DroidDream Android Market Android Market Hiding Look-a-like versions Hiding Look-a-like versions 200,000 downloads in few days 200,000 downloads in few days
Defense
General Rules Do not loose your phone Do not loose your phone Install “finding” software Install “finding” software Password Protect your phone Password Protect your phone Checking application permissions Checking application permissions
The Specifics Block options for SMS billing through carrier Block options for SMS billing through carrier Safe Browsing Safe Browsing VPNS VPNS
Business Security Work issued cell-phones Work issued cell-phones Zenprise – scan all smartphones in infrastructure Zenprise – scan all smartphones in infrastructure Mobile Security Policy Mobile Security Policy
Company Procedures Google – Android Bouncer Google – Android Bouncer Remote removal of malware Remote removal of malware Sandboxing Sandboxing iPhone – strict approval process iPhone – strict approval process
Anti-Virus Lookout Lookout Mcafee Mcafee Kasperspy Kasperspy Avast Avast Norton Norton
Conclusion Types of Attacks Types of Attacks Attacks that have happened Attacks that have happened Defense – General and Specific Rules Defense – General and Specific Rules Company Procedures Company Procedures
References “Android Trojan with botnet capabilities found in the wild”. Help Net Security. Help Net Security. Dec Web. Apr “Android Trojan with botnet capabilities found in the wild”. Help Net Security. Help Net Security. Dec Web. Apr “App kill-switch: the last line of defence”. European Network and Information Security Agency.ENISA. n.d. Web. Apr “App kill-switch: the last line of defence”. European Network and Information Security Agency.ENISA. n.d. Web. Apr Brustein, Joshua. “Smartphone Security Blankets”. The New York Times. The New York Times Company. Feb Web. Apr Brustein, Joshua. “Smartphone Security Blankets”. The New York Times. The New York Times Company. Feb Web. Apr Gahran, Amy. “Mobile phone security: What are the risks?”. CNN. Turner Broadcasting System, Inc. Jun Web. Apr Gahran, Amy. “Mobile phone security: What are the risks?”. CNN. Turner Broadcasting System, Inc. Jun Web. Apr King, Rachel. “Many Mobile users are uneasy about smartphone security”. ZDNet. CBS Interactive. Oct Web. Apr King, Rachel. “Many Mobile users are uneasy about smartphone security”. ZDNet. CBS Interactive. Oct Web. Apr Lockheimer, Hiroshi. “Android and Security”. Google Mobile Blog. Google. Feb Web. Apr Lockheimer, Hiroshi. “Android and Security”. Google Mobile Blog. Google. Feb Web. Apr Rose, Brent. “Smartphone Security: How to Keep Your Handset Safe”. PCWorld. PCWorld Communications, Inc. Jan Web. Apr Rose, Brent. “Smartphone Security: How to Keep Your Handset Safe”. PCWorld. PCWorld Communications, Inc. Jan Web. Apr Swanson, Kris. “Just how smart is your smartphone security strategy?”. VentureBeat. VentureBeat. Mar Web. Apr Swanson, Kris. “Just how smart is your smartphone security strategy?”. VentureBeat. VentureBeat. Mar Web. Apr Thompson, Jon. “Smartphone Security: what you need to know”. Techradar. Future Publishing Limited. Feb Web. Apr Thompson, Jon. “Smartphone Security: what you need to know”. Techradar. Future Publishing Limited. Feb Web. Apr Security.jpg?t= Security.jpg?t= Security.jpg?t= Security.jpg?t= content/uploads/2009/07/Custom-Application-Development.jpg content/uploads/2009/07/Custom-Application-Development.jpg
Questions