Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Security.

Published byIsabella Morrison Modified over 6 years ago

Similar presentations

Presentation on theme: "Mobile Security."— Presentation transcript:

1 Mobile Security

2

3

4

5 World's Biggest Data Breaches
Selected losses greater than 30,000 records (updated 5th Jan 2017)

6 Agenda Mobile Crime Quick Overview of Mobile Devices
Mobile Threats and Attacks Mobile Security Live Demos

7 Mobile Crime

8

9 Smart - Phone Definition
A cellular telephone with built-in applications and Internet access. Smartphones provide digital voice service as well as text messaging, , Web browsing, still and video cameras, MP3 player, video viewing and often video calling. In addition to their built-in functions, smartphones can run myriad applications, turning the once single-minded cellphone into a mobile computer.

10

11 Some Statistics 6.77 billion people 1.48 billion Internet enabled PCs
4.10 billion mobile phones Mobile phone replacement rate o12-18 month average o1.1 billion mobile phones are purchased per year o13.5% of mobile phone sales are smartphones The number of smartphones will soon compare with the number of Internet enabled PCs

12 What is the Need of Mobile Security
As cell phones are becoming more like pocket-sized computers: Vulnerable to different forms of cyber attacks People want your data! This is a fact of life and it applies to either: Android, BlackBerry, or iPhone Smartphone

13 What do they want ? “Only carry one” Anywhere access
Any device or os supported Transparent Security

14 Business What does management want ? Lower Cost Low support overhead
Increased Productivity

15 Mobile Threats and Attacks
Sensitive Organizational info too Built-in billing system : SMS/MMS (mobile operator), in-app purchases (credit card), etc. Many new devices have near field communications (NFC), used for contactless payments, file transfer, etc.

16 Mobile devices make Attractive Targets

17 People store much personal info on them.

18 Can fit in pockets, easily lost / stolen

19 Mobile device become wallet

20 Hide Location Privacy ?

21 Hide Location Privacy ?

22 Smartphone Risks Easily lost or stolen device, content, identity
Increase mobility → Increased exposure Susceptible to threats and attacks Appbase & Web-based

23 Susceptible to threats and attacks App-Store

24 App Based Risk Mobile devices may contain malware. Consumers may download applications that contain malware. Consumers download malware unknowingly because it can be disguised as a game, security patch, utility, or other useful application. Difficult for users to tell the difference between a legitimate application and one containing malware.

25 SMS / Text Message Based

26 Attacks Based on Communication
Attack based on SMS and MMS Some mobile phone models have problems in managing binary SMS messages. It is possible, by sending an ill-formed block : Phone to restart Leading to denial of service attacks Distributed Denial of Service (DDos) Attacks Another potential attack could begin with a phone that sends an MMS to other phones, with an attachment. A user installs the software, as received via MMS message. Then, the virus began to send messages to recipients taken from the address book

27 Attacks based on the GSM networks Try to Break the encryption of the mobile network
Encryption algorithms belong to the family of algorithms called A5. Due to the policy of security through insignificance it has not been possible to openly test the robustness of these algorithms

28 Since the encryption algorithm was made public: Possible to break the encryption in about 6 hours
Both algorithms are at the end of their life and will be replaced by stronger public algorithms: the A5/3 and A5/4 GSMA (GSM Association) mandated that GSM Mobile Phones will not support the A5/2 Cipher any longer, due to its weakness 3GPP has approved a change request to prohibit the implementation of A5/2 in any new mobile phones

29 Tracing of mobile terminals is difficult
A new temporary identity (TMSI) is allocated to the mobile terminal Once the encryption algorithm of GSM is broken Attacker can intercept all unencrypted data

30 Attacks Based on Wi-Fi Eavesdrop on Wi-Fi
Initially wireless networks were secured by WEP keys Now, most wireless networks are protected by the WPA security protocol

31

32

33 Temporal Key Integrity Protocol
Designed to allow migration from WEP to WPA Improvements in security are the dynamic encryption keys For small networks, the WPA is a "pre-shared key" which is based on a shared key Encryption can be vulnerable if the length of the shared key is short As with GSM, if the attacker succeeds in breaking the identification key, it will be possible to attack not only the phone but also the entire network it is connected to

34 Lasco is a worm that initially infects a remote device using the SIS file format
Can be executed by the system without user interaction Believes the file to come from a trusted source and downloads it, infecting the machine.

35 PRINCIPLE OF BLUETOOTH-BASED ATTACKS
Unregistered services do not require authentication Vulnerable applications have a virtual serial port used to control the phone The attacker sends a file via Bluetooth. If the recipient accepts, a virus is transmitted Worms that spreads via Bluetooth connection

36 Attacks Based on Vulnerabilities in Software Applications
Web browser The mobile web browser is an emerging attack vector for mobile devices Vulnerable Library Phishing and Malicious Websites

37 OPERATING SYSTEM Manipulation of firmware and malicious signature certificates Smartphone's have an advantage over hard drives since the OS files are in ROM When an application is installed, the signing of this application is verified by a series of certificates

38 THE THREE PHASES OF MALWARE ATTACKS
The infection of a host, The accomplishment of its goal, and The spread of the malware to other systems Often uses Resources offered by the infected Smartphone's Bluetooth or infrared

39

40 ACCOMPLISHMENT OF ITS GOAL
Monetary damage, Damage data and/or device Concealed damage Spread to other systems

41 EXAMPLES OF MALWARE CABIR Computer worm developed in 2004
It is believed to be the first computer worm COMMWARRIOR infect many machines from MMS attempts to connect to nearby devices by Bluetooth or infrared under a random name

42 PHAGE: First Palm OS virus that was discovered
Embeds its own code to function without the user and the system detecting it. REDBROWSER Trojan based on Java allows the user to visit WAP sites without a WAP connection if the user accepts, RedBrowser can send sms to paid call centers

43 WinCE.PmCryptic malicious software on Windows Mobile which aims to earn money for its authors
CardTrap Virus: which aims to deactivate the system and third party applications

44 COUNTERMEASURES SECURITY IN OPERATING SYSTEMS first layer of security
establish the protocols for introducing external applications and data without introducing risk Concept of Sandbox

45 FILE PERMISSIONS process can not edit any files it wants
Method of locking memory permissions Not possible to change the permissions of files installed on the SD card from the phone

46 SECURITY SOFTWARE Layer of security software
various vulnerabilities : prevent malware, intrusions, the identification of a user as a human, and user authentication.

47 ANTIVIRUS AND FIREWALL
To verify that it is not infected by a known threat: By signature detection software that detects malicious executable files VISUAL NOTIFICATIONS If a call is triggered by a malicious application, the user can see, and take appropriate action

48 RESOURCE MONITORING IN THE SMARTPHONE
Battery Some malware is aimed at exhausting the energy resources of the phone Memory usage Because of inherent applications Network traffic Many applications are bound to connect via the network: Lot of bandwidth Services: One can monitor the activity of various services of a Smartphone

49 USER AWARENESS Being skeptical advisable to check the reputation of the application Permissions given to applications It is necessary to clarify these permissions mechanisms to users, As they differ from one system to another, and are not always easy to understand

50 Be careful through simple gestures and precautions, such as locking the Smartphone when it is not in use Ensure data The user must be careful about what data it carries and whether they should be protected

51

52

53

54

55 Business Implications/Questions
Is the organization willing to securely support a mix of personal/business data and smartphones/tablets? Remote access - to whom? how much? Authority over data? Is the value worth the cost?

56 No Easy Answers What are your organization’s security compliance requirements ? Which rewards does management want to balance against risk and cost? Compliance Strategic mobility Employee productivity/ creativity/ retention

57 Is confidential data allowed on mobile devices ?
Are personally-owned mobile devices allowed access? Who has authority/responsibility for… Who gets company-issued smartphones Who gets access from smartphones, and to what? Purchasing smartphones Provisioning smartphones Securing/monitoring smart phones? Support of Organization-owned (O)? Personally-owned (P)?

58 What are Org mobile devices allowed access to
What are Org mobile devices allowed access to? Is it different for Personal? Will you list specific devices & OS versions supported? Who is going to test all the new devices & OS versions? How often? What about application maintenance? Do you wipe a Personal phone at employee termination?

59 Best Security Practices
Password protect Passcode protect Pass swipe protect?

60 Simple tips with help keep your phone protect
Install Security Software Anti-virus and anti-malware available for mobile devices Keep your apps up-to-date Install a phone finder app Enroll in a backup program Set device to wipe contents after specified number of failed login attempts Get apps from a trusted source Wi-Fi Network & Bluetooth devices Backup your data

61 When installing apps Take time to read the small print What information does the app require access to? Where are you downloading the app from? Is it the app store location set by default on the phone?

62 Be mindful of how you use your device
Follow same guidelines as you do for your computer Double check URLs for accuracy Don’t open suspicious links Make sure the Website is secure before giving any personal data

63 Limit your activities when using public WiFi
Your cellular network connection is more secure than WiFi Check URL’s before making a purchase is secure; is not Use Security for Mobile device

64 Mobile Device Security
WWW is Major source of infection Mobile Device Security help in protection against known threats (80% - 90% threats).

65 Many web threats are device-agnostic making them dangerous and extensible to all types of devices. To protect against web threats, the MDS service ensures that all mobile device traffic, including from native and mobile web applications, is routed through a secure, encrypted VPN tunnel to the MDS service. The service uses WebFilter technology, to scan all transmissions, including encrypted traffic. By identifying and blocking malnets, the infrastructures used to launch new malware attacks, web security proactively stops attacks by blocking malware at the source.

66 How it Protects : Encrypt all communication between end-point
Block traffic from Mobile device Mallicious Websites, Infected websites Block traffic from WWW to Mobile device if File is found infected with malware File risk rating is high File type is not allowed as per Policy

67 What is Mobile Security
Protection from the networks they connect Threats and vulnerabilities connected with wireless computing There are a variety of security threats that can affect mobile devices

68 Challenges of Mobile Security
Threats Data Integrity Availability A Smartphone user is exposed to various threats when they use their phone

69 Consequences of an Attacker
When a Smartphone is infected by an attacker, the attacker can attempt several things: Zombie machine (used to send unsolicited messages (spam) via sms or ) Smartphone to make phone calls Record conversations between the user and others Steal a user's identity

70 The attacker can remove: Personal photos, music, videos, etc.) or
Professional data (contacts, calendars, notes) of the user. Reduce the utility of the Smartphone, by discharging the battery Stops the operation and/or starting of the Smartphone by making it unusable

Download ppt "Mobile Security."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
To the ISSA Las Vegas Chapter April 13, 2011. Definition People Technology Policy.

To the ISSA Las Vegas Chapter April 13, Definition People Technology Policy.
Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
THREATS TO MOBILE NETWORK SECURITY

THREATS TO MOBILE NETWORK SECURITY
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

Similar presentations

Ads by Google