Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Security Issues Facing Modern Mobile Devices

Cathal Grennan T00126807 CPGD 400 Research Project 2009/2010 Institute Of Technology Tralee Primary Supervisor Ed Sheldon Secondary Supervisor Peter Given
by

Text Republic

on 13 July 2010

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Security Issues Facing Modern Mobile Devices

Security Issues Facing Modern Mobile Devices Research Project 2009 / 2010 Cathal Grennan CPGD400 Primary Supervisor: Ed Sheldon Secondary Supervisor: Peter Given Research Question: Is it possible to accurately measure the effectiveness of the security features of a modern mobile device, and when tested does a mobile application developed with security as a fundamental concern perform 75% better than one which is unguarded? Methodology: Literature Review

The two mobile systems were then developed.

The key threats were then identified .

Each threat was assigned a score representing the significance of the threat.

Research undertaken to locate and utilize suitable software to perform each threat.

Each threat was then carried out on both the ‘unsecure version’ and the ‘secure version’.

Results were analysed & used to draw conclusions on the validity of the threats and the effectiveness of the security features employed.
Unsecure Application Secure Application Traffic Corps Handheld Application Overview The main application the user will be working with. Common to both the secure and unsecure applications Once the application is run an initial form requires the user to login. The user’s username, password and unique device id are passed to the web service for authentication. A number of consecutive failed login attempts cause the device to be ‘locked out’ for five minutes.

Once logged in the user has two options ‘Register Offence’ and ‘Validate License’.

Data sent to the server is also stored in a local database.

No encryption of communications

No device Lockdown, the user can access all files and programs.

Bluetooth functionality is not restricted.

No restriction on the receipt of MMS messages.

No remote wipe functionality.
Lockdown

Bluetooth

Listen And Filter MMS

GPS broadcasting

Remote Wipe check

No data Stored Locally (Traffic Corps Security) SSL secure communications Testing Method Key Threats Identified BlueBugging, BlueSnarfing
AT Commands Hack
Attempt to send malicious files through Bluetooth
Data Theft Malware
Data Corruption Malware
Infection Via MMS
Packet Sniffing
Brute Force, Dictionary Attacks
Rainbow Tables
Threat Scoring A variation of Microsoft's DREAD method was used Damage Potential Reproducability Exploitability Discoverability •Non sensitive data may be retrieved / destroyed (i.e. SMS, contacts etc) A score of 3 is assigned to the threat.

•Sensitive data (i.e. application data) may be destroyed.
A score of 6 is assigned to the threat.

•Sensitive data (i.e. application data) may be retrieved and used for malicious purposes. A score of 10 is assigned to the threat.
•Required a substantial amount of research and configuration in order to carry out the attack (Greater than 3 weeks)
A score of 1 is assigned to the threat.

•Required significant research and configuration in order to carry out the attack (Between 1-2 weeks) A score of 3 is assigned to the threat.

•Required little preparation and/or customization of hacking software in order to carry out the attack (Less than 1 week)
A score of 5 is assigned to the threat.

•Requires custom code to be written in order to exploit the vulnerability and/or membership/affiliation with a hacking consortium.A score of 1 is assigned to the threat.

•Requires some minor changes to the configuration of the hacking tools. A score of 3 is assigned to the threat.

•Requires no changes to hacking tools or to the attack process.
A score of 5 is assigned to the threat.


•A little known attack, which is unlikely to be carried out by a malicious user.
A score of 1 is assigned to the threat.

•A reasonably well known application entry point which is regularly targeted by hackers.
A score of 3 is assigned to the threat.

•A very popular exploit which is well known by the public and well documented/covered by various authorities on system security.
A score of 5 is assigned to the threat.
Test Method Test Results / Conclusions Conclusions Research Question Bluetooth Mobile Malware Packet Sniffing Password Cracking Collaboration
Full transcript