Post on 23-Jan-2015
description
YOUR MOBILE SECURITY
Nazar Tymoshyk Ph.D, R&D Manager/Security Consultant
always with you!
Always on
Call HistoryMessages
Social Networking
Visited websites
Contacts
Mobile Banking
VideosPhotosDocuments
PINs & Passwords
Who knows more about you than your
smartphone?
You think you are SECUREDenough?
• Resource abuse attacks
• Social engineering attacks
Major Mobile Threats
TYPICAL SITUATION?
DEMOLets look at small
Mobile malware -spyware
• Commercial spyware focus on information spying
• Flexispy(cross-platform commercial spyware)– Listen in to an active phone call (CallInterception)– Secretly read SMS, Call Logs, Email, Cell ID and
make Spy Call– Listen in to the phone surrounding– Secret GPS tracking– Highly stealth (user Undetectable in operation)
• A lot small software made for lawful and unlawful use by many small companies
Application Permissions
Reduced security by hw design
• Poor screen, poor control• User diagnostic
capabilities are reduced. No easy checking of what’s going on
• Critical situation where user analysis is required are difficult to be handled (SSL, Email)
SMS Security
SMS Security
• Easy social engineering for provisioning SMS
Mobile+malware=BOTNET
Mobile Browser attacks
New attack direction
• Racketeering• VPN usage• Spam • Botnets• Contacts stealing• Device blocking• Photo folder stealing• Storage card mirroring• Phishing• Paypal and other payment system
password extraction
Application Backend Security
Application farm security vulnerabilities:• Web server security bugs• Database server security
bugs• Storage server security bugs• Load balancer security bugs
Web application security vulnerabilities-OWASP Top 10 security problems-Advanced Web application attacksWeb service security vulnerabilitiesClient application security vulnerabilities
Mobile security specific issues
• Secure data storage on removable card?
• Multiple user support with security?
• Strong authentication with poor keyboard?Try to type a passphrase: P4rtyn%!ter.nd@‟01
• Constrained browsing environment?• Information disclosure
Mobile security specific issues
How to stay safe?
Control your Wireless environment!
Password protect your device and change this regularly
USE ANTI VIRUS
USE ANTI MALWARE
Regularly update
REMEMBER:About your personal responsibility
for corporate information lost
Do you have anyQUESTIONS?