Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Mobile Security

No description
by

Faham Usman

on 23 May 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Mobile Security

Information Security
Mobile Security
Awareness Campaign
Agenda
Salim is your Cyber Security Advisor.
Aims at promoting, building and ensuring a safer & secure cyber environment and culture in the UAE.
About aeCERT
One of the initiatives of the UAE Telecommunications Regulatory Authority.
aeCERT is the United Arab Emirates Computer Emergency Response Team.
About aeCERT
Mobile Devices Security
Mobile Computing
Bring Your Own Device
Mobile Device Management
Security on Mobile Devices
Mobile Security Best Practices
Top Threats to Mobile Security
Secure Mobile App Development
Mobile Security Tools
Malwares
Mobile App Security
Mobile Users Security
aeCERT
Salim (aeCERT)
@salim_aecert
For more information
www.aecert.ae
info@aecert.ae
Questions
Tools: Trend Micro Mobile
Security
Mobile Security Tools
iOS Security Testing
Case Study: What’s in your
Binaries?
iOS Backgrounding
Insecure URLScheme
Mobile Devices Security
Android Security Screenshots
Blackberry Security
Screenshots
iPhone Security Screenshots
Tools: Mobile Tracker Security
Tools: GadgetTrak Mobile
Security
Tools: Lookout Mobile Security
Tools: F-Secure Mobile Security
Tools: McAfee Mobile Security
Tools: Kaspersky Mobile
Security Lite
iOS Security Testing
iOS Security Testing
Case Study: What’s in your
Caches?
Insecure Network Connections
Android Security Testing
Android Security Testing
Case Study
- Our database is
safe, right?
Fun with Android
Android OS Weaknesses
Application Controls for
Various Platforms
Mobile Threat Landscape,
2012
Secure Mobile App Development
Mobile Users Security
Gartner Report 2013:
Top MDM Vendors
BYOD – Best Practices
Fun with Apple iOS
Buffer Overflow
Android Security Testing
Android Security Testing
BlackBerry Security
“Freedom of communication by post, telegraph or other means of communication and the secrecy thereof shall be guaranteed in accordance with the law".----UAE Constitution
Privacy Rights of UAE Persons
Global Malware Infection Rates
Mobile Threat Report
Mobile Threat Report
Mobile Threat Report
MDM: Gartner Report 2013
Components of Mobile Computing
Conclusion: Protecting Mobile
Devices
Conclusion: Protecting Mobile
Devices
Mobile OS: Apple iOS
Case Study
– What’s in your
configuration files?
Fun with Android
Identity Decloacking
Insecure Logging
Weak Encryption
Local Data Storage Flaws
Local Data Storage Flaws
iOS Security
Android Security
Best Practices to Protect
Mobile Security Threats
Augmented reality is an example of implementation of ubiquitous network
Augmented Reality
Top Take Away
Potentially Unwanted Mobile
Applications
Potentially Unwanted Mobile Applications
The fraud used malware based on the infamous ZeuS cybercrime toolkit to target the PCs and mobile phones of banking customers.  
Hackers swiped £30 million from the bank accounts of 30,000 customers in Italy, Germany, Spain and Holland using Mobile malware.
Hackers Swiped £30 million
Security on Mobile Devices
MDM: Encryption
BYOD – Best Practices
Why Reverse
Mobile OS: The Big Picture
Today smart phones with better graphics and memory, are same as we used desktop workstation back in year 2000

Malware Case Study
Perform malicious activities in background, download malicious files from the server and send SMS messages

Appears as a game application
Malware: Android/smsagent.a
Major Mobile Malware Discoveries
MDM: Components & Architecture
1
BYOD (Bring-Your-Own-Device) is a policy used in organizations today. It simply permits the employees to work on their personal devices such as their smart phones, laptops and other portable devices.
BYOD (Bring Your Own Device)
Mobile Computing Characteristics
Best Practices: Mobile OS
Developer
Mobile Application Code
Review
Threats to Privacy
Malware Delivering Methods
Games Apps Carrying Malwares
Identify weak security algorithm and encryption keys that are hardcoded
Identify passwords that are hardcoded in an applications and encryption keys
Detect backdoors or suspicious code
Detect injection flaws
Benefits of Mobile Apps
Code Review
Mobile OS: Attack Points
Threats to Privacy
Application
Encryption
General Policy

MDM: Capabilities
If the mobile device is owned by a client i.e. (BYOD device) then its his responsibility to manage the configuration and security of the entire device

If the mobile device is issued by an organization then the client application will be managed as per organization's policy and configurations
01
02
MDM: Components & Architecture
Security
Ownership
Compliance
Data
BYOD – Top Concerns
Mobile Device?
Mobile Security Tools
Solution: Mobile OS Developer
Guidelines
Bluetooth Threats
02
01
They are hidden in the application
and sends unauthorized SMS or
makes unauthorized calls
Malwares are present in various
mobile applications.
Malwares
MDM: General Policy
BYOD – Best Practices
Cell phone
Laptop
Bluetooth headset device
Bluetooth
BYOD – Best Practices
02
01
Mobile Computing
A broad term refers to any means of using a computer or portable device while outside from home or office.
Apple iOS Weaknesses
Cracking Android
Fake App Download
App Stores
Mobile App store
Digital Signed Applications
Synchronization Services
Application Whitelisting
MDM: Applications
BYOD – Best Practices
03
02
01
A centralized mobile device management solution for managing both organization-issued and personally-owned mobile devices used by enterprise users.
A well-implemented BYOD solution helps in addressing security issues and meeting compliance standards efficiently and effectively.
Mobile Device Management
MDM also manages the configuration and security of mobile devices.
BYOD – A Fast Growing Trend
Pop-up Ads
MITM (Man-in-the-middle)
Software Updates
06

05
04
Malware Delivering Methods
Geo-location Threat
04
03
02
01
Remote Lockout policy
Device Account Lockout
policy
Device Account Reset policy
Passcode / Password
Authentication
MDM: Authentication
Apple iOS Architecture
Threats to Privacy
Access to the Device
Card Holder Data
Personal Data
Credentials
What Attacker wants?
Mobile OS: Attack Points
Any device coming in the range of ubiquitous network, is capable of adapting to the environment.
The connectivity to ubiquitous network is always available for devices.
These devices are interconnected and have capability of connecting to any other such networks.
04
03
02
01
Ubiquitous Network
This malware disguise itself as a Fake Gmail app and run silently in the background
03
02
01
It communicates with it’s command & control server through SMS message.
Discovered as a client-side Trojan Malware
Malware: DDSpy
Security
MDM (Mobile Device Management)
App Store
Authentication
Components of Mobile Computing
Ubiquitous Network
Near Field Communications (NFC)
Top Threats to Mobile Security
BYOD Threat Scenario
Ubiquitous Network
Unprotected Bluetooth
Source: http://www.ddarabia.com/infograph/a-glimpse-of-mobile-usage-in-uae/
UAE Mobile Usage Stats
03
It also manages the configuration and security of mobile devices
02
01
Manages both types of mobile devices;
A centralized mobile device management
solution
Mobile Device Management
Rogue Access Point
Unsecured Wifi
Mobile Device : Popular
Manufacturers
How it Happened?
Rogue App
UAE Mobile Usage Stats
Mobile OS: Android
Architecture
Also, includes working remotely by connecting to office or home network through laptop, tablet or smart phone.

Geo-location
Authentication
Ubiquitous network is an advanced computing concept in which different types of devices from gadgets to appliances to homes to automobiles, are implanted with chips capable of connecting them with the network of other devices.
What can mobile application developers do?
Remote Lockout policy
Full transcript