Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017...
Transcript of Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017...
![Page 1: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/1.jpg)
April 25, 2017
Beware of Hacking in Your MobileHKBU IS Awareness Seminars
Stephen Chan CGEIT, PMP, CISSP, ISO27001 Lead Auditor
![Page 2: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/2.jpg)
Note to audience:
The information in this document is strictly for educational purpose
within HKBU, and shall not be further distributed or duplicated
without due permission.
![Page 3: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/3.jpg)
Agenda
• Using mobile
• Hacking mobile
• Protecting mobile
• Protecting yourself
![Page 4: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/4.jpg)
USING MOBILE
![Page 5: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/5.jpg)
This is the age of mobile-obsession..
![Page 6: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/6.jpg)
Hey, how often do you use your mobile
• We’re obsessed with our phones, a new study has found. The heaviest smartphone users click, tap or swipe on their phone 5,427 times a day
• The rest of us still touch the addictive things 2,617 times a day on average. No small number.
![Page 7: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/7.jpg)
Do you panic..
Even worse here
Bad..
![Page 8: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/8.jpg)
We craved for mobile
• Sudden change in behavior
• Mood swings; irritable and grumpy and then suddenly happy and bright
• Withdrawal from family members
• Careless about personal grooming
• Loss of interest in hobbies, sports and other favorite activities
• Changed sleeping pattern; up at night and sleeping during the day
• Red or glassy eyes
• Sniffy or runny nose
All the above are:
![Page 9: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/9.jpg)
Data in mobile – who & what?
Browser histories, records of items purchased,
movies watched, and info created by mobile
apps…
![Page 10: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/10.jpg)
Phone misuse
• Mobile Phone misuse in public places creates social problems like
1. In attention blindness: overload – both physical and mental2. Caller Hegemony: asymmetric relationship between the caller and answerer3. Cognitive load4. Accidents
![Page 11: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/11.jpg)
Phone OS
![Page 12: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/12.jpg)
The World
Blurred distinction between human selves and digital selves
Connectivity is Destiny
![Page 13: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/13.jpg)
HACKING MOBILE
![Page 14: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/14.jpg)
A simple App can expose your entire phone
![Page 15: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/15.jpg)
Security features must be kept ON
• To install malicious app, hackers turn OFF security scanning features
![Page 16: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/16.jpg)
The App NOT from authorized app store
![Page 17: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/17.jpg)
Hack an iPhone
“Doesn’t matter how secure the operating system is there is always flaws yon can get around with don’t even have to be a hacker always carefully protect you phone”
![Page 18: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/18.jpg)
One-stop-shop for Cyber Crime
Specialized for both criminals as well as the victims:
- criminal upload stolen data which contains user credentials, credit data, stolen identities and any other kind of cyber-loot
- victims pay for the removal of those stolen data from the Dark Net, where any cyber criminal can buy the stolen data
Business model is quite simple as well as very user-friendly
![Page 19: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/19.jpg)
Symptoms
• Unexpected / strange charges on statements
• Unexpected / unusual data usage
• Rapid battery drain
• Somebody has used your phone (physical access)
• Anti-virus stopped / security switch disabled
![Page 20: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/20.jpg)
PROTECTING YOUR MOBILE
![Page 21: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/21.jpg)
Very simple – Don’t be stupid
• Disabling the lock feature on the phone
• Keeping secrets in phone – plain-text, plain-sight
• Opening an application from an unsecured/unknown source
• Using the phone to access dangerous/risky sites
• Leaving the device open to access
![Page 22: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/22.jpg)
Storing Sensitive data as Plain-text??
• Password is hard to remember
• A lot of them for all the online accounts – shopping, social networking, emails…
• No matter what, don’t store them plain-text in the phone!
Damage of phonebeing hacked Multiplies
through your Online Accounts
![Page 23: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/23.jpg)
Even “legitimate” apps see your data
• Tons of legitimate apps that access contact information:
– Your social network apps
– Your shopping apps
– Utilities, personal productivities
– Emails
– Health and home kits
– Map and driving assistance
• Your data is being used by all these apps on your phone
![Page 24: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/24.jpg)
Don’t root / jailbreak / use untrusted app
• Jailbreaking: The process of bypassing restrictions on iPhones and iPads to install other apps and tweaks not approved by Apple.
• Rooting: A process similar to jailbreaking for hacking Android devices, game consoles, and so on.
• App Store / Google Play / Windows Store
![Page 25: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/25.jpg)
Keep update – it is about hygiene
• There are many critical security fixes that get pushed through these OS and app updates
• If ignored, we leave ourselves to attacks
• They won’t say it over the release notes
![Page 26: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/26.jpg)
Wi-Fi
• Man-in-the-middle attack is a situation in which a malicious eavesdropper (the “man in the middle”) is able to read (or write) data that is being transmitted between you and the website you’re browsing.
![Page 27: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/27.jpg)
Fake Wi-Fi captures your…
• Capture the webpages you are visiting
• Login Credentials
• Hijacking accounts
![Page 28: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/28.jpg)
Wi-Fi
• Do not use Wi-Fi connections that aren’t yours
• Insist to use HTTPS
• Delete Wi-Fi networks from your devices that aren’t yours
![Page 29: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/29.jpg)
A phone is different from a computer by
usage behaviour.. more easily phished
• At their computers, users are:
– Sitting at a desk
– Frequently in an office environment
– Often working
– Sometimes randomly surfing the web
– Often creating content
– Focused on the computer, not so much on their environment
• On a mobile device, however, users tend to be:
– Sitting on the couch at home
– Walking around, inside or outside
– Queuing for something
– Waiting for a bus, train, or plane, or travelling
– Looking for a specific piece of information
– Mostly consuming content
– Easily distracted by their environment
Beware of Phishing
![Page 30: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/30.jpg)
Phishing email on Desktop
Source: berkeley.edu
www.i_am_actually_a_malicious_website.com
On desktop, you can move your mouse over suspicious links and
have a look
![Page 31: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/31.jpg)
Phishing on mobile
1 新一批WhatsApp Emoji又準備推出啦,想知道更多同埋搶先使用?立即點擊以下連結登記試用啦!https://goo.gl/8ABCDEF
3 花1分鐘完成問卷,立即獲得Starbcuks $50現金禮券。https://goo.gl/8ABCDE8
On a mobile, you can just click or not click
![Page 32: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/32.jpg)
Don’t get phished
• Control your fingers
![Page 33: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/33.jpg)
Recap
• Sensitive data in phone / accessible by phone
• Apps
• Devices
• Update
• Wi-Fi
• Your fingers
• Backup
![Page 34: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/34.jpg)
PROTECTING YOUR VERY SELF
![Page 35: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/35.jpg)
Mobile is fixated into our psyche
1. I am my phone?
2. Personas and digital identities
3. Segregate your digital universe
4. Be truthful
5. Turn off your phone and return onto Earth
![Page 36: Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017 · Beware of Hacking in Your Mobile HKBU IS Awareness Seminars Stephen Chan CGEIT,](https://reader033.fdocuments.in/reader033/viewer/2022060419/5f16b34f794515408d38b3b8/html5/thumbnails/36.jpg)
Thank You