Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smart Phones and Tablets: Security Issues S. Roy 1.

Published byAnais Churches Modified over 10 years ago

Similar presentations

Presentation on theme: "Smart Phones and Tablets: Security Issues S. Roy 1."— Presentation transcript:

1 Smart Phones and Tablets: Security Issues S. Roy 1

2 Acknowledgement In preparing the presentation slides and the demo, I received help from Professor Simon Ou Professor Gurdip Singh Professor Eugene Vasserman Fengguo Wei 2

3 What is a Smart Phone? Smart Phone = Phone + Computer + Sensors Provides various services – phone call, SMS, computation, storage, accessing the Internet, data download, GPS, camera, and so on … OS: Android, iOS, Windows Mobile, BlackBerry OS Make: Google, Apple, Microsoft, BlackBerry Device Make: Samsung, Apple, HTC, BlackBerry Popular models: Galaxy S III, iPhone 5 Connection/Service Providers: Att, Verizon, T-mobile Connection types: 3G, 4G, Wi-Fi, Bluetooth 3

4 What is a Tablet? Tablet is a specialized mobile computer with a big screen – primarily operated by touching the screen – used for reading books, watching videos, accessing the Internet, and so on – wireless connections: 3G, 4G, Wi-Fi, Bluetooth – OS: Android, iOS – popular models: Samsung Galaxy Tab, Apple iPad 4

5 Why to Secure Smart Phones/Tablets? These devices can do most of what a computer (e.g. a laptop) does. Smartphones have extra features, such as GPS, phone calls, SMS. Smartphones/tablets probably contain lot of personal information. There is some chance that we can lose these devices. Recent study shows these devices are a growing target for malware. Smartphones and tablets need to meet the same security standards as any computer. The security issues of a smart phone are similar to those of a tablet. So, without loss of generality, we will focus only on smart phone security in this class. 5

6 Risks a Smart Phone Faces 1.Include risks of insecure Wi-Fi – if this device uses an open Wi-Fi 2.Include risks of insecure Web browsing – if done from this device 3.Include additional risks: – Physical vulnerability (e.g. attacker physically capturing the phone and performing comprehensive scan) – Sensitive information (GPS location, photo, contact list, etc.) leakage 6

7 Installing a VPN Client To avoid the risk of using a smartphone in a public Wi-Fi, you may install a VPN client As an example, visit KSU ITS website to get the instructions for installation – Android : https://www.ksu.edu/its/security/vpn/androidinstall.htmlhttps://www.ksu.edu/its/security/vpn/androidinstall.html – iOS: https://www.ksu.edu/its/security/vpn/iosinstall.htmlhttps://www.ksu.edu/its/security/vpn/iosinstall.html Finally, you can use your KSU eID as the username and KSU password as the password to connect to the KSU VPN server. 7

8 Installing the VPN App on Android: Step 1 8

9 Installing the VPN App on Android: Step 2 9

10 How to Start the KSU VPN Client? 10

11 Connected to the KSU VPN Server 11

12 Accessing the IEEE Xplore Library from any Physical Location 12

13 Now lets do the Hands-On Activity Search the Cisco VPN client app at the App store, and download it on your phone Install it and make the proper setting so that it can connect to the KSU VPN server Start / Run the VPN client; then securely browse web sites (e.g. yahoo email) Take screenshots of your activities Connect your phone to your computer to transfer the screenshots Use a paint/photo edit software to erase any private information present on the screenshots You may need to submit the screenshots while doing the homework 13

14 Minimize the Phone Data Loss Risk: Using a PIN or Password A user should lock the phone screen with a numeric PIN or a password. – How long/complex should this PIN be to thwart cracking in a reasonable amount of time? Set a timeout (after this interval the phone gets locked and the user needs to enter PIN) Before doing the PIN setup, ensure that your Android device has the latest updates. 14

15 Setting Lock in an Android Device: Step 1 Navigate to your devices settings, and select Security, then select Set up screen lock. Acknowledgement: http://xbase.ucdavis.edu/itexpress 15

16 Setting Lock in an Android Device: Step 2 Choose one option among the available ones: a Pattern, PIN, or Password. 16

17 Setting Lock in an Android Device: Step 3 Depending on which option you chose, you will see one of the following three screens: 17

18 Setting Lock in an Android Device: Step 4 Return to the Security settings and set the lockout time. This feature locks your phone after it has been inactive for the length of time you choose. 18

19 Setting Lock in an iOS Device: Step 1 To set a passcode navigate through the following: Settings > General > Passcode Lock > Turn Passcode On. Acknowledgement: http://xbase.ucdavis.edu/itexpress 19

20 Setting Lock in an iOS Device: Step 2 Enter a four digit passcode twice and then return to the Passcode Lock settings page. Acknowledgement: http://xbase.ucdavis.edu/itexpress 20

21 Setting Lock in an iOS Device: Step 3 You can create a more complex passcode with spaces and alphanumeric characters, not just numbers. You can also change the Require Passcode timing. This feature locks your phone after it has been inactive for the length of time you choose At this location you can also enable the Erase Data feature, which will wipe your personal information from your phone after 10 failed passcode attempts. Acknowledgement: http://xbase.ucdavis.edu/itexpress 21

22 Unlocking an iOS Device Your passcode should unlock your iOS device once the screen has been turned off for the specified Require Passcode timing. Acknowledgement: http://xbase.ucdavis.edu/itexpress 22

23 Further Improvement on Security Back up data on the device – to be sure the data can be recovered Turn off unused services if any – such as Wi-Fi, Bluetooth or VPN. – unused services could expose your device to unwelcome remote connections. – turning off unused services can also prolong the devices battery life Label the device with minimal contact information – such as an email address or office phone number. – If you lose the device, report the loss to police. 23

24 Encryption and Remote Wipe Options An iPhone (and an android phone) can encrypt all the data stored using the users passcode. – by using the feature available on your smartphone – or consider using a reputable data encryption app. You may protect yourself for when you lose a mobile device – by using the remote wipe feature, which can work via a Microsoft Exchange server – but the benefit of remote wipe feature is debatable 24

25 How an App can Exploit the Security Model An example with Android: – the user installs a third-party app P from the Android market – P does not demand (to require) Internet permissions during the installation time, so the user does not suspect P – later P sends a request (called Intent) to the standard browser app to open an Internet connection on behalf of P – thus P exploits the permission model and can harm the user (e.g. by leaking the users sensitive information to outside). Mitigation: – Android market or you should have a tool for rigorous vetting of an app before the user install/use it – User should think twice before granting critical permissions during the app installation – We should always upgrade the apps and the system 25

26 Comparing the Security Model of Android and iPhone (iOS) Android allows anybody to develop an app and make it available in the market with minimal vetting process; – On the other hand, Apple claims to rigorously vet a third-party app before it goes into the App Store. The user grants permissions to an Android app during the installation time (all or none permission policy) and there is no run-time monitoring – iOS may ask the user for permission in run-time (and an app can run with partial permission set). 26

27 Managing the Phone Settings In the default setting, numerous apps open themselves in an automated fashion on a smart phone. The user needs to be informed. As an example, on an Android phone all Google apps (Gmail, Google Plus, etc.) are always ON by default. The user needs to modify the settings to securely manage the apps: email apps, social network apps, messaging apps, etc. 27

28 Summary We discussed common security issues of smart phones/tablets. We presented a few standard countermeasures to mitigate the risks Remainder: – the next homework is due before the next class (1pm on March 7) – the next class will be held in Room 128 28

Download ppt "Smart Phones and Tablets: Security Issues S. Roy 1."

Similar presentations

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Follow the instruction to install the PC Suite from the SD card: 1.Go to the settings -> SD Card & phone storage -> Enable the mass storage only mode 2.Connect.

Follow the instruction to install the PC Suite from the SD card: 1.Go to the settings -> SD Card & phone storage -> Enable the mass storage only mode 2.Connect.
Copyright © 2003 Pearson Education, Inc. Slide 9-1.

Copyright © 2003 Pearson Education, Inc. Slide 9-1.
Introduction Lesson 1 Microsoft Office 2010 and the Internet

Introduction Lesson 1 Microsoft Office 2010 and the Internet
Microsoft Office 2010 Basics and the Internet

Microsoft Office 2010 Basics and the Internet
DCT Retail Mode for Live Demo

DCT Retail Mode for Live Demo
Speaker Name, Title Windows 8 Pro: For Small Business.

Speaker Name, Title Windows 8 Pro: For Small Business.
Accessing Public Wi-Fi: Security Issues Sankar Roy Department of Computing and Information Sciences Kansas State University.

Accessing Public Wi-Fi: Security Issues Sankar Roy Department of Computing and Information Sciences Kansas State University.
Mobile Device Security and Control 2012 NSAA IT Conference and Workshop Fourth Session: 2:45pm – 4:00pm _____________________________________.

Mobile Device Security and Control NSAA IT Conference and Workshop Fourth Session: 2:45pm – 4:00pm _____________________________________.
Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
Security for Mobile Devices

Security for Mobile Devices
November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
Discovering Computers Fundamentals, 2012 Edition

Discovering Computers Fundamentals, 2012 Edition
Implementing Cognos Mobile

Implementing Cognos Mobile
Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.
AITS Client Services Support University of Illinois July 2010.

AITS Client Services Support University of Illinois July 2010.
In The Name Of Allah, The Most Beneficent, The Most Merciful

In The Name Of Allah, The Most Beneficent, The Most Merciful
COM Orientation The template can be used to create presentations for community, civic, advocacy and government relations groups. It is also appropriate.

COM Orientation The template can be used to create presentations for community, civic, advocacy and government relations groups. It is also appropriate.
Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.

Similar presentations

Ads by Google