Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smartphone Security and Best Practices

Similar presentations


Presentation on theme: "Smartphone Security and Best Practices"— Presentation transcript:

1 Smartphone Security and Best Practices
19/09/2018 Carfra & Lawton Smartphone Security and Best Practices

2 Overview The Rise of Smartphones Introduction to Smartphone Forensics
19/09/2018 Overview The Rise of Smartphones Introduction to Smartphone Forensics Smartphone Security - Threats - Live DEMO - Best Practices and Recommendations

3 Things have changed! According to IDC, Smartphone manufacturers shipped 100.9 million devices in the fourth quarter of 2010, while PC manufacturers shipped 92.1 million units worldwide. Or, more simply put, Smartphone's just outsold PCs for the first time ever.

4 In the News

5 The Rise of Smartphones
19/09/2018 The Rise of Smartphones IBM Simon (1993)

6 Global Sales Q3 2010 19/09/2018 www.tcsforensics.ca
Source: Canalys August, 2010. 19/09/2018

7 The Vendors Research in Motion Apple Google www.tcsforensics.ca
19/09/2018 The Vendors Research in Motion Apple Google

8 The Software Blackberry OS 7.0.0 iOS 5.0.2 Android Ice Cream Sandwich
19/09/2018 The Software Blackberry OS 7.0.0 iOS 5.0.2 Android Ice Cream Sandwich

9 19/09/2018 Blackberry (BB OS)

10 Blackberry (BB OS) Slowest release cycle First supported by Lookout
19/09/2018 Blackberry (BB OS) Slowest release cycle First supported by Lookout Generally proactive patch policy Strong track record of properly implemented encryption/wiping

11 19/09/2018 Blackberry (BB OS) September, 2011 Elcomsoft – Russian Company cracks Blackberry Encryption. Bypass passwords. January 16, 2012 Cellebrite – We can now recover deleted content from Blackberry’s (including PIN messaging)

12 19/09/2018 iPhone (iOS)

13 iPhone (iOS) Moderate development cycle
19/09/2018 iPhone (iOS) Moderate development cycle Poor disclosure/response to security issues Greatest selection of apps Encryption and lock issues Greatest selection of spyware 16 gig or 32 gig (16-32 pickup truck beds full of paper)

14 19/09/2018 iPhone (iOS) May 2010 Ubuntu Linux Bypasses iPhone Pincode & Encryption July 2009 SMS Message Allows Total Control of iPhone

15 19/09/2018 Android (Google)

16 Android (Google) Most open model
19/09/2018 Android (Google) Most open model Insanely rapid development and adoption Deployed on a wide range of hardware problematic for centralized mobile management Current devices don’t support hardware encryption

17 19/09/2018 Android (Google) November 2010 Jon Oberheide release the Angry Birds Bonus Levels app to as proof of the Android Marketplace’s vulnerability. July 2010 Wallpaper app download 4.6 million times sent users’ SIM numbers, subscriber IDs and voic passwords to China.

18 Smartphone Forensics www.tcsforensics.ca www.tcsforensics.ca
19/09/2018 Smartphone Forensics

19 Like a computer? Smartphones are computers. Where is the data?
19/09/2018 Like a computer? Smartphones are computers. Where is the data? What can be recovered? Forensic process 19/09/2018

20 Smartphones are computers
19/09/2018 Smartphones are computers You can create, edit, and modify documents You can browse the internet You can check, respond, create Online banking Connect to wireless networks Corporate Instant Messaging (whatsapp, msn messenger) 19/09/2018

21 Where is the data? Internal Phone Storage MicroSD Storage cards
19/09/2018 Where is the data? Internal Phone Storage MicroSD Storage cards Phone backups on a computer SIM Card

22 What can be recovered? SMS/MMS Text messages
19/09/2018 What can be recovered? SMS/MMS Text messages Call history (incoming, outgoing, missed) Call duration / date and time Pictures, Video, Audio and Internet History Documents / Attachments Instant messenger chat history

23 What can be recovered? How are files recovered? www.tcsforensics.ca
19/09/2018 What can be recovered? How are files recovered?

24 Analysis and reporting
Forensic Process Preview Acquisition Evidence handling Analysis and reporting

25 Preview Stage Device Assessment & Action Plan
- Can the device be acquired? What do we have? What do we need? - How many devices? Models? Live Analysis: Multinational Company – offices in 150 different countries. Mission Critical Servers. AND Hacker – obtain real time evidence. Offline Analysis:

26 Acquisition The process of mirroring
the contents of a Smartphone and calculating checksum values (Hashing) to ensure integrity.

27 Evidence Handling Stage
Maintain chain of custody Ensure the legitimacy of the evidence presented in court is unquestionable

28 Analysis File Recovery – Deleted/Overwritten Keyword Searching
Detailed Analysis Malware, Virus Evidence of Wiping Smartphone compromise Improper access

29 Reporting Variety of options for production and reports
Full Forensic Report Recovered Files/Documents Only eDiscovery Process ( ) Informal Disclosure We can present the data to you in any format you would like. Skill sets and preferences vary - You tell us how they are comfortable viewing it.

30 Smartphone Security Threats
19/09/2018 Smartphone Security Threats Network Theft Applications Physical Access The User Live DEMO

31 Network Wi-Fi Mobile (2G, 3G, 4G) Bluetooth GPS www.tcsforensics.ca
19/09/2018 Network Wi-Fi Mobile (2G, 3G, 4G) Bluetooth GPS

32 Theft Greatest security threat! Is the stored data secure?
19/09/2018 Theft Greatest security threat! Is the stored data secure? Can the phone be tracked? Can the phone be wiped? What about the SIM card?

33 Applications Avg. of 22 apps on U.S. phones
19/09/2018 Applications Avg. of 22 apps on U.S. phones What do they do with your data? iPhone ~ 350,000 apps Google ~ 300,000 apps Blackberry ~ 15,000 apps

34 Physical Access Can the device be accessed?
19/09/2018 Physical Access Can the device be accessed? What type of data is stored? Is it encrypted? Are the backups encrypted? How easy to install spyware?

35 The User We are our own worst enemies
19/09/2018 The User We are our own worst enemies Default/convenient configurations tend to be less secure Social engineering Phishing Web Vulnerabilities

36 Live DEMO We will now show you what can happen on a compromised wireless network. Any volunteers?

37 Best Practices & Recommendations
19/09/2018 Best Practices & Recommendations Enterprise Fleet Management Policy Monitoring Individual Devices Configuration User Behaviour/Habits Forensic Overview

38 Enterprise: Fleet Management
19/09/2018 Enterprise: Fleet Management Complexity is the enemy Know what’s out there Strive for effective implementation Mobile management server Blackberry Enterprise Server Blackberry Enterprise Server Express

39 Enterprise: Policy Acceptable Use Social Media Encryption/VPN
19/09/2018 Enterprise: Policy Acceptable Use Social Media Encryption/VPN

40 Device Configuration Disable bluetooth when not in use
19/09/2018 Device Configuration Disable bluetooth when not in use Ensure ‘discoverable mode’ is disabled Never configure WiFi to automatically connect, even to trusted networks

41 Device Configuration Set a handset unlock password
19/09/2018 Device Configuration Set a handset unlock password Use the strongest encryption & autowipe settings possible Set autolock Use a security app (Lookout) 19/09/2018

42 Device User Behavior Avoid unencrypted WiFi (no exceptions!)
19/09/2018 Device User Behavior Avoid unencrypted WiFi (no exceptions!) Avoid untrusted apps and websites Don’t let it out of your sight! Don’t install hacked operating systems on your phone. 19/09/2018

43 Forensic Services SIM Card Data Extraction
Phonebook / Contact List Extraction Extraction of Phone Logs Related Records: Call Durations, Numbers, Caller ID (Names), Call Date & Time Call State: Incoming, Outgoing, Missed Calls

44 Mobile Forensics Overview
Extraction of Phone SMS (Text) Messages Related Records: Sender, Receiver, Message timestamp Deleted Text Messages Recovery (Limited to Certain Phone Models)

45 Mobile Forensics Overview
Extraction of Calendar, Tasks and Notes information Phone Lock Code Extraction and Removal - (Limited to Certain Phone Models) File System Dump Support (Physical Memory Dumps) Phone System Files Extraction of Website Visits (Internet History) - (Limited to Certain Phone Models) Webpage Link Address Information, Visit Timestamps Multimedia Files Audio: Ringtones, Music files Video: User Video files Photo: User taken photos and image files

46 Mobile Forensics Overview
Apple iPod, and iPad Specific File System Dump Support (Physical Memory Dumps) Lock Code extraction

47 Mobile Forensics Overview
GPS Device Specific Stored Destinations, Waypoints, Routes Stored GPS preferences

48 Conclusion Smartphones will be increasingly targeted
19/09/2018 Conclusion Smartphones will be increasingly targeted Present a greater attack surface than PCs Organizational security and policy should be considered and handled proportionally Risk can be minimized by appropriate configuration and user behavior RIM currently offers the most robust choice for organizations that require best in breed

49 Certifications First AccessData Certified Examiner in Canada
Certified Computer Examiner EnCase certified examiner Largest independent lab in Western Canada, 24/7/365 service

50 19/09/2018 Questions

51 Thank You! www.TCSFORENSICS.ca www.tcsforensics.com 1312 SE Marine Dr.
Vancouver, BC V5X 4K4 (604)


Download ppt "Smartphone Security and Best Practices"

Similar presentations


Ads by Google