Convenience product security Collin Busch. What is a convenience product? A convenience product is a...
-
Upload
meagan-harrell -
Category
Documents
-
view
214 -
download
0
Transcript of Convenience product security Collin Busch. What is a convenience product? A convenience product is a...
Convenience product securityCollin Busch
What is a convenience product?• A convenience product is a device or application that makes
your life easier• For the purpose of this presentation, we will examine different
cell phones, apps, and the security behind them• Security software such as findmyphone• Browser security on mobile devices
The default• By default, a brand new phone or tablet will not have basic
levels of security• There will be no password or lock until it is set up• Different applications on the phone may handle their own
security• Email clients may use SSL/TLS depending on the client/server• Browsers accessing certain websites may use https instead of http• Certain programs such as banking apps may have built in
encryption
Default vulnerabilities• If you keep your device or
program at base security, your entire phone is vulnerable.
• In the case of an iPhone or iPad, one swipe will let anyone access all of the data stored on your phone.
• The most important thing you can do to a mobile device to keep it safe is to require a passcode or pattern
Security Breach in IOS 7• Even if your device is protected by a password lock, it may still
be accessible.• Due to bugs or bad programming, a sequence of actions may
allow you access to a mobile device.• On an iPhone running IOS 7, you could bypass the lock screen
without a passcode, and have access to the camera and stored photos as well as any app that would share these photos, such as Twitter, Facebook, and email apps.
Patching IOS 7 breach• In IOS 7.0.2 it was documented that this breach was now
closed, and that you could no longer bypass the IOS 7 lockscreen
• 7.0.2 was released September 26 2013, 8 days after IOS 7 was release and 7 days after the exploit was discovered.
• For an entire week, brand new software release by a huge and experienced software company had a gaping security hole
• A simple lock screen is not enough.
Android vulnerabilities • Many android users are still using the “gingerbread” operating
system, which is version 2.3.3 to 2.3.7, which was released in 2011.
• This out of date OS has a number of vulnerabilities, including”• SMS message trojans which continually text a premium rate
unknown to the user, resulting in extremely high charges that are usually only noticed at the end of the month/billing cycle
• Rootkits: in 2011 a software developers rootkit was found on millions of android phones, which logged keystrokes, passwords, and user location data without the user’s knowledge
• Malicious google play software- the play store is not as strictly monitored as the Apple store, so there are a number of malware programs masquerading as legitimate programs.
Biometric bypassing• The iPhone 5s implemented a fingerprint biometric scanner to
allow “secure” access to the phone• This biometric scanner was fooled when a hacking team
photographed a fingerprint that had been left on a glass surface.
• Retina scanners can also be bypassed because the scanner reads the “code” of the retina without checking that there is actually an eye.
• Synthetic retina “codes” can be used to bypass most retina scanners, such as the one available for android.
• As demonstrated in the previous vulnerabilities, you need some sort of security past lock screens
How to protect yourself• During web browsing, try to use sites that have https:// in
their header.• You may be able to download software such as
httpseverywhere to further secure browsers (this is also relevant on computers)
• Disable automatic connections so that your device does not automatically connect to what could be a wifi network that will steal data from your phone
• Encrypt your data so that if it is transmitted it is not realistically usable.
• Consider anti malware software- malware for both android and IOS exists
Works cited• http://www.bbb.org/blog/2013/09/warning-security-holes-fo
und-in-new-iphone-ios7-update/
• http://en.wikipedia.org/wiki/IOS_7• http://www.businessinsider.com/android-security-vulnerabilit
y-2013-8#!JOv0m
• http://publicintelligence.net/dhs-fbi-android-threats/• http://www.entrust.com/bypassing-fingerprint-biometrics-not
hing-new/
• http://allgsmtips.com/default-security-code-of-all-mobile-phones/