Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction Our Topic: Mobile Security Why is mobile security important?

Published byRichard Calvin Morrison Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction Our Topic: Mobile Security Why is mobile security important?"— Presentation transcript:

1 Introduction Our Topic: Mobile Security Why is mobile security important?

2 Research Questions 1. Why aren't current mobile security systems effective at preventing mobile attacks? 2. What is the most effective form of attack vector for todays attackers? 3. What can be gained from attacking a mobile phone? Do hackers attack phones for the same reason they attack computers? 4. Why is mobile security important for the future? 5. What kinds of security standards or methods will best prevent future attacks?

3 Current Risk Communication I Phone o Action Based  An app uses location user will then be asked to allow or disallow G Phone o Permission Based  Lists set of permissions that application is granted

4 Problems with Risk Communications Current methods do not take context into account o Context is related to a file  The context will contain the history of a file and what other applications have access as well.  Very important because helps prevent cover channel attacks o Leaves system vulnerable  especially cover channel attacks

5

6 Why Our Framework? Our framework combines the two most common frameworks (I Phone & G Phone). Our framework takes context into account. We feel the context will allow us to be able to protect users from cover channel attacks.

7 History of Considerations We observed different mobile security systems and found… Pre-download – there is very little straightforward intervention o In Andriod – a list of permissions is present but the user may not understand that o Interventions – Systems try and predict attacks to directly as opposed to providing users with information (similar to computer antivirus) o Theoretical solutions suggest any file modified by a permission should be stopped.

8 What is Considered Dangerous? Risky permissions for possibly fraudulent application Most Dangerous – permission to send through o Phone calls, Internet(WiFi), MMS, bluetooth, and email Medial Danger – access to view personal info o Contacts list, incoming calls, texts, ect Dangerous Enough – access to location or files o Camera, voice, global search, and GPS access

9 Why Intervene at Download Permission to use a sending vector the internet, MMS, bluetooth, or email Inform the user of the possibility of personal information compromise without consent or action In other security systems o It is not explicitly specified what can go wrong by accepting these permissions o The permissions are generalized into allow accept format

10 Why Intervene Otherwise Sending Files Files accessed by a sending vector without user direction are potentially compromising o Many actions can modify files, but that doesn’t directly hurt user User Sends Compromised Files Files modified using permissions can contain personal information We don’t want users to develop bad habits. o Similar to very long terms of service files o Inform the user to make better decisions

11 Attack Scenario You are hanging out on the Android Marketplace

12 You find this cool application called PingDroid

13 This screen comes up before you install it

14

15 Intervention This is the first place where we want to intervene. Instead of listing permissions we might want to say… “Hey, are you sure you want to download an application that can take your location and photographs and send them over the internet?”

16 You say, well ok maybe I still want this. The application is running for a while and you forget about it.

17 Later, you pick up your phone to notice it has a message for you.

18 Intervention – Your phone stopped PingDroid “PingDroid may be sending a picture along with your location to anyone on the internet”

19 What Happens Next? You, the user, have just found your application acting in a way that may be malicious If you decide that is what the application is supposed to do, allow the app to continue If not, you may stop the app from compromising your information The only way our security system intervenes again is if another kind of information is compromised or the sending location changes (IP address)

20 Attacking Scenario 2 This scenario could be used by several applications. Ezimbra is a photo editing application that has the ability to post photos on the internet.

21 Attack Scenario 3 People use more and more passwords and "secure" accounts with growth of technology Bank accounts, e-mail accounts, eBay/Amazon, etc. Palm attempts to help keep these accounts organized, but at what cost?

22 Attack Scenario 3 How does SplashID work? Where are the security issues? How can these issues be averted?

23 Attack Method 4 Our system would inform the user of the level of risk involved with the actions being preformed by the application This could be done prior to the user installing the update or after the update tries to run malicious code

24 Future Work Developing a system that uses past cases to exploit malicious actions Final Goal = Software designed to alert user of adverse actions

25 Research Question Answers 1.Obviously, new attacks and applications are produced daily. Security that tries to stop attacks in the background have not been successful There is no way to predict how an application will attack you, but you can predict the attack vector If the security system doesn’t accurately assess a malicious situation, no action is taken

26 2. Most simply, Web applications account for 41% of all financial and 52% of all tech pathway attacks There are more common vectors of attack, but they are direct (such as bluetooth hacking). These attacks can be easily prevented and are not hidden. They are not the most controversial. Source: http://www.mobileenterprisemag.com/ME2/Sites/dirmod.asp?sid=&nm=&type=MultiPublishing&mod=PublishingTitle s&mid=B4771C6F22F34E4CA3FFFDA61E0EA2C5&tier=4&id=8C626442A70740CFB6A62EC3C7A339E8&SiteID =87D3DA363DA24D189035C60D0D8A4775 http://www.mobileenterprisemag.com/ME2/Sites/dirmod.asp?sid=&nm=&type=MultiPublishing&mod=PublishingTitle s&mid=B4771C6F22F34E4CA3FFFDA61E0EA2C5&tier=4&id=8C626442A70740CFB6A62EC3C7A339E8&SiteID =87D3DA363DA24D189035C60D0D8A4775

27 3. Your Personal information. Contact information Financial information Location Photographs Personal data Compromising information

28 4. In the future, nearly everyone will have a cell phone. In 2009, there were 4.6 billion cell phone subscriptions. That number will increase in 2010. With the growing popularity of smart phones, the cellular network will have a huge market to take advantage of.

29 5. We have seen so many different kinds of attack with new attacks happening each day. If there are new attacks that work, then the current security systems aren’t working. The users informed decision and intuition should be much better for prevention than a system that may take no action

30

Download ppt "Introduction Our Topic: Mobile Security Why is mobile security important?"

Similar presentations

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Unit 1 Living in the Digital WorldChapter 2 Which devices should we take? This presentation will cover the following topic: Which devices should we take?

Unit 1 Living in the Digital WorldChapter 2 Which devices should we take? This presentation will cover the following topic: Which devices should we take?
Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?

Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?
Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.

Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.
Breaking Trust On The Internet

Breaking Trust On The Internet
INTERNET SAFETY.

INTERNET SAFETY.
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
INTERNET SAFETY FOR STUDENTS

INTERNET SAFETY FOR STUDENTS
What you don’t know CAN hurt you!

What you don’t know CAN hurt you!
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Using internet and cell phones safely

Using internet and cell phones safely
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.

Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Opening a bank account.

Opening a bank account.
Basics: Getting Started Uploading and Sharing Videos on YouTube. Basics: Getting Started Uploading and Sharing Videos on YouTube. 1.

Basics: Getting Started Uploading and Sharing Videos on YouTube. Basics: Getting Started Uploading and Sharing Videos on YouTube. 1.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Similar presentations

Ads by Google