Transcript: Instructions & Precautions Free camera application for Android devices which has ability to recognize and hide faces It allows you to blur or delete the faces of those you photograph in order to protect their identities Silence/SMSSecure ObscuraCam Setup sim card lock Setup screen lock Setup security lock time Secure Sim card jacket Remember IMEI No. of mobile phone Security of sensitive personal information (E.g: Phonebook, messages) Basic Mobile security SIGNAL Silence (secure text messages) Signal (encrypted call and Messages) Obscuracam (For blurred images) Mobile security firstname.lastname@example.org www.bytesforall.pk Twitter: @bytesforall TALK TO US Security of Mobile phones Android based phones Encrypt messages and calls end-to-end, but function just like you're used to Both party must have signal app. Use normal dialer for calls Free and Open Source Uses wifi or data Encrypt text messages (SMS) as they are sent, or while they reside on your phone. It will prevent anyone to read content but it will not hide that you are sending messages. If phone get stolen, messages will be unreadable. Message charges will be as your company offers. Always logout your all social media accounts after using them Never leave your phone unattended Avoid giving phone to people. It can cost you Always turn off interfaces like Wi-Fi, Bluetooth, GPS Check the required information before giving permission to any app Security for Smart phones
Transcript: Mobile Security: Defeating the Malware Consumer Convenience Mobile Security is born. In most mobile security applications, real time protection is granted. This security application analyzes the stored consumer files on the mobile device. The system then conducts scanning on the incoming texts and blue tooth files Second best option. Acts as an efficient means of improving consumer service delivery and can grant companies a competitive advantage in the market. The Beginning The Front Line Tactic: Secure Employees IT SAVES US MONEY! Secured: the new norm Backup: the new norm Tracked: the new norm Reactive vs Proactive Lot's of Power & Lot's of Risk 2010: only 4% shipped smartware had some security protection... AKA millions of $$ spent on overcoming malware Integrated network security management easily managed updates frequently cost-effective The Battle The Start & The End Secure the one's at the front line of the company. The firm's world is in their hands, let's secure it 3G & LTE networks I've Got a Dollar in My Pocket What do we do now!? Industry growth niche decline Investing in Manageable Security Systems The Success Story Data vs Malware Awards for Mobile Marketing Techniques The Rise 2011 5.4 billion mobile subscriptions 2012 6.8 billion AKA 96% world population.. Developed countries have at least 1 mobile subscription per person IT wins! Consumers win! Businesses win! Market Beginnings Remote back-up systems to the rescue! Blueprinted original information DEVICE LOCATORS GSM has hard time living up to new modern threats In 2002 & across 14 countries, 44% of users wanted to be able to have access to cash transactions via mobile device Mobile transaction availability... Demand, Demand, Demand Mobile networking produces 50 Exabytes (multiple of the unit byte for digital information) annually... Exa=1,000^6 = 10^18 50 exabytes= 50,000,000,000,000,000,000 bytes of data/year Potential to reach the 1.88 billion dollar mark by the end of this year Between 2012-2016 53.2% of shipments will be either smartphones or tablets The Struggle... Stop! Protect & Listen Damage Competition? No Way Jose Bank account numbers, home addresses & social security numbers... hacker-go-happy Norms vs Competitive Advantages So Portable, Yet So Stealable Higher Demand, More IT It's Up Hill From Here Morphing Into Risk: Theft & security breaches, oh my! Create an Industry!
Transcript: Where does it stand? Types of Attacks Packet Sniffing, IP Spoofing, and Ping of Death Bluetooth Security Issues What can be done without user knowledge: Bot-Net Ping of Death GPS Location Read Text Messages, etc Mobile Security You Don't rely on your senses What damage can be done? IP Spoofing Ping of Death Packet Sniffing Bluejacking Bluesnarfing All of these become very real when a user gains root access to their devices (Android). Rooted devices have access to low level system calls (just like Linux). Almost every command you can use in unix is available for android. The only problem lies with application support. Most of these commands are not well documented (if at all). "tcpdump" - dump raw packets into file specified by user "ping" - who to ping, how many times Protecting your Pocket Computer Matthew Philpot Keep Bluetooth/Wifi off when not in use Monitor Data Usage Keep personal information off of device Read application privileges before installation What can be stolen: Contacts Personal Information Keylogging Cookies Protecting Yourself Procedure Key Exchange and Authentication To put this in perspective, the Exynos 5 Dual is about as powerful as top of the line Pentium 4's from 2003/4 while consuming 60x less power. Mobile phone usage grows every day Originally vulnerable through XOR attacks Maximum key length of 128 bits since v2.1 Weak encryption algorithm Key Replay attacks still work Don't wait until you feel something is wrong Mobile processors are already getting powerful enough that users will not be able to detect if malware is causing their system to slow. Smart attackers will only utilize device when not in use or there is low usage. These statistics are tracked by the phone, so can be transmitted anytime to attacker. Types of Vulnerabilities The importance of it continues to grow every day. Change of link key Mutual Authentication Encryption Key Exchange One Master Device, with which the clock of all other devices synchronize. These devices are called Slaves. Security protocols always performed between Master and Slave, never between Slaves. Reauthentication and Key Exchange allowed at any time during communication. Tips The most popular methods include:
Transcript: Rogue Applications Something you have (mobile device itself) Something you know (passwords/pattern) Something you are (biometrics) Mobile Security Lost/Stolen Devices Personal Devices Old SIM cards Most mobile platforms now adopt an application based infrastructure. If the distribution of applications is not properly controlled, rogue applications may be downloaded onto mobile devices. These applications may impersonate an existing app, or may be entirely fake. They can then be used as a means of infecting the device with malware. Physical Threats Two Factor Authentication Biometric Solutions Rogue Applications These solutions have their benefits and disadvantages and this is reflected in the range of implementations which currently exists within industry. Samsung Face-unlock Apple Touch ID May be faster Cannot lose them More unique than passwords Acceptance rates Two Factor Authentication Physical Threats Questions Conclusion Applications which impersonate an exisiting app. Fake apps. Hidden malware within rogue apps. Compromised sensitive data. Mobile Security What are the overall strengths and weaknesses of mobile security presently. Which solutions are most successful? Mobile platforms are at additional risk mostly due to fact that they are portable personal devices. Biometric Solutions Questions? Samsung Face-unlock Apple Touch-ID Universality Permanence Collectability Performance Acceptability Circum-navigatibility Existing Implementations 'Something you have' 'Something you know' 'Something you are' Mobile devices as tokens One-time passcodes and There are a number of solutions available to mobile platforms, including two factor authentication and biometrics. Mobile devices are easily lost/stolen Apple "Track your iPhone" Activation lock Devices contain huge amounts of personal data
Transcript: Android Virus Android 6 - FinSpy PDA iOS Native applications 2 - Information filtering unintentionally Application Scanner and SD Card Privacy Advisor Apps Manager Web navigation Shield Call & SMS Filter Firewall (requires root) Anti-theft device Antivirus scanner Task Scheduler GPS Locator Anti-theft system Backups Safe Surfing Privacy Advisor Estadistics Celular Not all applications make proper use of system resources (camera, network connections, gallery, etc.). Therefore it is necessary to respect certain controls such as informing the user of the permissions required by the application when installed. Communication Protocols Conclusions 4 - RootSmart Appearance in the 70 '. They were very large and could only .make calls. Today functionality and processing power that resemble those of desktop PC. Number of applications Security Control Send in hidden SMS message with the phone number of the new SIM Finds the terminal from the author's website Backs up contacts Terminal Blocks Devices working within corporate environments new technologies Confidence in "The Cloud" Loss or theft Privacy Wi-Fi Bluetooth Nexus 4 vs iPhone 5 vs Nokia Lumia 920 Windows Mobile Introduction Developed in 1992 by Apple. First to incorporate working tools. Internet access available Very vulnerable Devices Little awareness of users Risks and growing threats Market Place Mobile security Tablet iOS All feature the same main applications. Some, like the Android speech recognition, are taken offline. All allow easy integration with social networks 5 - Spyware Attacks 2 - Botnets 7 - Monitoring attacks Number of applications Security Control Triangulation position by telephone stations Bug in iPhone 5 - MTAS Hunt Antivirus Controlling access to resources by applications 4 - Identity theft through false applications 6 - Attacks on public networks Number of applications Security Control 3 - Overhaul of devices whose data were not deleted properly 7 - Red October Characteristics It became popular in 2000 with the Microsoft Tablet PC. Currently oriented multimedia content. Usually use the same OS that the cell. 8 - Scams by SMS and phone calls Nexus has NFC as Lumia, iPhone not. iPhone and Lumia have 4G (LTE), Nexus no. Only the Nexus has integrated Wi-Di. None has infrared. 1 - Loss of information due to lost or stolen device Threats Security Comparation of SO Windows Mobile 9 - Financial malware In late 2011, 65% of the threats were directed against the Android platform, while at the end of 2012, this figure reached almost 94%. Highly portable Functionality and processing power approaching that of desktop PCs Several types (PDA, phone, tablet) Very vulnerable to cyber attacks Contains sensitive user information Protection and Prevention 3 - Foncy PREGUNTAS ? Tracking of Mobile Devices 1 - Troyanos SMS Malware Scanner Theft Protection Web navigation Shield SMS Filter Process Manager Anti-theft device Call & SMS Filter Privacy options The ENISA (European Agency for Network and Information) developed a list of the most important threats based on private information that smartphones contain. Virus Types Over 60% of mobile malware backdoors consists of (is a backdoor) and SMS Trojans.
Transcript: presented by : Ali Khdir Abdullah Mabast Mshir Sabr Parwar Salam Abdulrahman Taba Luqman Taha Amad qarani Mobile Security Supervised by : Miss. Dina Yousif Introduction INTRODUCTION The term mobile security is a broad one that covers everything from protecting mobile devices from malware threats to reducing risks and securing mobile devices and their data in the case of theft, unauthorized access or accidental loss of the mobile device. Threats Mobile security threats include both physical and software-based threats that can compromise the data on smartphones, tablets and similar mobile devices. Threats and ATTACKS ATTACKS ATTACKS Attacks based on the GSM networks The attacker may try to break the encryption of the mobile network. The GSM network encryption algorithms belong to the family of algorithms called A5. Attacks based on Wi-Fi These common wireless network attacks are easy on older routers, such as those using WEP encryption. Wi-Fi access used to be something you had to pay for, but now free WiFi is something that is taken for granted. Visitors to a hotel, coffee shop, bar, retail outlet, or restaurant now expect WiFi to be provided. Bluetooth-based attacks Security issues related to Bluetooth on mobile devices have been studied and have shown numerous problems on different phones. -Bluesnarfing -Bluejacking -Blue bugging Web browser The mobile web browser is an emerging attack vector for mobile devices. Operating system Sometimes it is possible to overcome the security safeguards by modifying the operating system itself. As real-world examples, this section covers the manipulation of firmware and malicious signature certificates. These attacks are difficult. Malware Malicious software A malware is a computer program that aims to harm the system in which it resides. Trojans, worms and viruses are all considered malware. Viruses and Trojans Viruses and Trojans A Trojan is a program that is on the smartphone and allows external users to connect discreetly. A virus is malicious software designed to spread to other computers by inserting itself into legitimate programs and running programs in parallel. Ransomware Mobile randsomware is a type of malware that locks users out of their mobile devices in a pay-to-unlock-your-device ploy, it has grown by leaps and bounds as a threat category since 2014. Ransomware Spyware Flexispy is an application that can be considered as a trojan, based on Symbian. The program sends all information received and sent from the smartphone to a Flexispy server. Spyware How Can Secure Our Smartphone? How Can Secure Our Smartphone? Lock your phone Use two-factor authentication Only use apps from the Google Play Store and app store Use a Virtual Private Network Use anti-virus software. Ex av test Turn off connections when you don't need them If you don't use an app, uninstall it 1. https://www.cse.wustl.edu/~jain/cse571-11/ftp/mobiles/index.html 2. https://www.slideshare.net/idamakantijaswanth/mobile-phone-security-45174148 3. Ruff, Nicolas (2011). Sécurité du système Android (PDF). 4. Schmidt, Aubrey-Derrick; Schmidt, Hans-Gunther; Batyuk, Leonid; Clausen, Jan Hendrik; Camtepe, Seyit Ahmet; Albayrak, Sahin (April 2009a). Smartphone Malware Evolution Revisited: Android Next Target? (PDF). 5. - https://en.wikipedia.org/wiki/Mobile_security#cite_ref-1 References References
Transcript: Differences of Android, iOS, Windows Phone Pros/cons IT security seminar - University of Szeged - 2014 Gábor Nagy Farkas Overview of mobile operating systems Contents What is jailbreaking? Why would anyone use it? What are the risks/benefits? How it is done? What is happening under the hood? Is it legal? evasiOn What is rooting? Why would anyone root his/her phone? What are the risks/benefits? How it is done? What is happening under the hood? Is it legal? Cyanogenmod References: http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=8&qpcustomd=1&qptimeframe=M http://seasonofcode.com/posts/how-rooting-works-a-technical-explanation-of-the-android-rooting-process.html http://seasonofcode.com/posts/android-rooting-a-developer-s-guide.html http://www.xda-developers.com http://www.cyanogenmod.org http://www.forbes.com/sites/andygreenberg/2013/02/05/inside-evasi0n-the-most-elaborate-jailbreak-to-ever-hack-your-iphone/ http://anshu.quora.com/How-jailbreak-actually-works http://evasi0n.com https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Home The threat model is designed as an outline or checklist of items that need to be documented, reviewed and discussed when developing a mobile application. Mobile Application Architecture Mobile Data Threat Agent Identification Methods of Attack Market share as of November 2014 M1: Weak Server Side Controls M2: Insecure Data Storage M3: Insufficient Transport Layer Protection M4: Unintended Data Leakage M5: Poor Authorization and Authentication M6: Broken Cryptography M7: Client Side Injection M8: Security Decisions Via Untrusted Inputs M9: Improper Session Handling M10: Lack of Binary Protections Overview of operating systems Smartphone usage from an advanced user's perspective Android root iOS jailbreak Mobile security from a developer's perspective OWASP Mobile Security Project Phone/sim lock What if it's stolen? Recent issues iCloud photos Heartbleed Malware Mobile security OWASP Top 10 mobile risks Android root Mobile Application Threat Model - Beta iOS jailbreak Security risks
Transcript: White hat hackers : an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.(Ethical hacking Mobile security ..! Security software : 1)Attack based on SMS and MMS 2) Attacks based on the GSM networks 3) Attacks based on Wi-fi 4) Principle of Bluetooth-based attacks Grey hat hackers : who reveal vulnerabilities ,Their goal is to expose vulnerabilities of the device. Grey hat hackers do not intend on damaging the device or stealing data. Mobile security or mobile phone security has become increasingly important in mobile computing. All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses related to smartphones that can come from means of communication a)Security in operating systems b)Security software Black hat hackers : who specifically attack availability.Their goal is to develop viruses, and cause damage to the device attacks based on communication WATCH IT !! a)Data:may contain sensitive data like credit card numbers,authentication information, private information b)Identity:the device or its contents are associated with a specific person. c)Availability:by attacking a smartphone one can limit access to it and deprive the owner of the service. a) Antivirus and firewall b) Biometric identification Types of attackers ! a) Process isolation (sand box) B) Development through run time environments mobile security.... security in operating systems : three prime targets for attackers : Types of security:
Description: A well-organized lesson plan is the difference between getting things done and things getting out of hand. This vibrant, customizable, easy-to-use Prezi presentation template features a sticky note theme, so you'll be able to keep track of topics, assignments, exams, and more without missing a beat.
Description: For grant requests, funding pitches, program proposals, or any other kind of education or nonprofit presentation, this Prezi template is the way to generate interest and momentum. Like all Prezi education templates and Prezi nonprofit templates, it’s easily customizable.
Description: Rise way above the stacks and stacks of two-dimensional paper resumes on the hiring manager’s desk with a Prezi resume template. Simply personalize this Prezi presentation template to create your very own “Prezume” and impress them with your dynamism, originality, and cool.
Description: For grant requests, program proposals, or any other nonprofit or education presentation, this globe-themed creative Prezi template is the way to generate interest and momentum. Like all Prezi education templates and Prezi nonprofit templates, it’s easy to customize.
Now you can make any subject more engaging and memorable