mobile device security - texas state...
Post on 05-Feb-2020
1 Views
Preview:
TRANSCRIPT
Mobile Device Security
Image from http://appaddict.net
http://security.vpit.txstate.edu itsecurity@txstate.edu
Examples of Mobile Devices
- Phones – iOS (iPhone), Android, Windows, etc.
- USB devices
- Tablets (iPad, Dell/HP running Windows, WebOS, etc.) This area looks to be growing rapidly
- Laptops (usage decreasing)
http://security.vpit.txstate.edu itsecurity@txstate.edu
A Paradigm Shift - Personal vs. Work
A growing number of personal devices are used for work
Work email and documents can be discoverable on personal devices…
http://security.vpit.txstate.edu itsecurity@txstate.edu
A Quick Overview of Laptops…
- The same risks as other mobile devices
However, they have:
- Mature encryption technology- A full keyboard (it’s easier to have good
passwords that way)- The same protections as a desktop
- Antivirus- Regular OS updates- Regular application updates
http://security.vpit.txstate.edu itsecurity@txstate.edu
How Powerful are Smart Phones?
iPhone as a penetration testing tool….
Image from http://www.offensive-security.com
http://security.vpit.txstate.edu itsecurity@txstate.edu
General Current Threats
- Wireless access
- Loss and Theft
- Privacy
- Malware
- Cloud Data Storage
http://security.vpit.txstate.edu itsecurity@txstate.edu
A note on web browsing
Always use HTTPS if you can, even if you’ve already logged in or don’t have to.
https://facebook.com - GOOD
http://facebook.com – VERY BAD
http://security.vpit.txstate.edu itsecurity@txstate.edu
Four Types of Wireless
- “Wifi” or “Wireless” Wireless (802.11x)Texas State Campus, Home, Airport, etc.Medium range, much fasterSometimes encrypted, sometimes not
- Data Service (3G, 4G/WiMAX/HSPA+)Slower but more widespread and more secure
- NFC (Near field communication)Used for mobile payments, public transportation ticketing, etc
- BluetoothShort range, good for device to device communicationWireless keyboards, mobile phone earpieces
http://security.vpit.txstate.edu itsecurity@txstate.edu
Wifi Snooping
Malicious user at coffee shop/airport
Image from: http://blog.meseta.co.uk/
http://security.vpit.txstate.edu itsecurity@txstate.edu
Firesheep
http://security.vpit.txstate.edu itsecurity@txstate.edu
More Wifi Snooping
Google Streetview Cars
Google ClientLogin Issue
http://security.vpit.txstate.edu itsecurity@txstate.edu
http://security.vpit.txstate.edu itsecurity@txstate.edu
VPN Can Help!
http://security.vpit.txstate.edu itsecurity@txstate.edu
VPN Products
VPN can protect you from a majority of wireless threats. Support for mobile devices is limited but growing. We are currently testing Texas State VPN for the iPad.
Texas State VPN
http://security.vpit.txstate.edu itsecurity@txstate.edu
A Wireless Usage Suggestion
Use your data service. Disable wifi/wireless and bluetooth unless you really need them.
http://security.vpit.txstate.edu itsecurity@txstate.edu
NFC (Near Field Communications)
http://security.vpit.txstate.edu itsecurity@txstate.edu
Loss and Theft Consequences
Identity Theft – work email, apps with personal information –saved credit cards, SSNs…
If your phone is used for payment (NFC/Near Field Communications), someone may be able to use your phone for purchases
FERPA violations – work email
http://security.vpit.txstate.edu itsecurity@txstate.edu
Locking Your Phone – Now More Important Than Ever
Download an app, wave your phone in front of a scanner and get a latte…
Image from http://bits.blogs.nytimes.com/
http://security.vpit.txstate.edu itsecurity@txstate.edu
Loss and Theft basics…
- Enable autolock with a password/swipe pattern
- Enable autowipe after a certain number of login attempts
Passwords for an iPhone under Settings, General, Passcode lock:
http://security.vpit.txstate.edu itsecurity@txstate.edu
Android Lock
Image from https://theassurer.com
http://security.vpit.txstate.edu itsecurity@txstate.edu
Image from http://q8geeks.org/
http://security.vpit.txstate.edu itsecurity@txstate.edu
Remote Wipe/Lock
- Mobile Defense for Android – locate, lock, backup and wipe
- Android 2.2 and above support a remote Exchange wipe
- iPhone supports remote wipe through Exchange
- iPhone/iPad also support remote wipe through MobileMe/iCloud
Image from http://www.cellphones.ca
http://security.vpit.txstate.edu itsecurity@txstate.edu
Device Encryption
- iPhone 3GS and newer as well as iPads are encrypted at the hardware level. This encryption is only useful if your passcode is not easy to guess or crack
- Android has software based-encryption (Part of WhisperCore)
- Windows 7 does not look like it supports on-device encryption as of yet
- DARPA has released a request for technology for encrypting many common mobile devices – April 11th, 2011
http://security.vpit.txstate.edu itsecurity@txstate.edu
USBs and EncryptionUse encryption. Ironkey has great (waterproof) and easy to use products. Some USB security is sub-par, make sure the USB has hardware/chip level encryption.
Image from: http://www.topreviewshop.com/
http://security.vpit.txstate.edu itsecurity@txstate.edu
An Important Tip!Keep your device in a pocket or in some way attached to you. This can be annoying but much better than the alternative.
VERIZON SAMSUNG FASCINATE 6/13/2011 16:20iPhone 4 in blue case 6/13/2011 9:09
NIKON D50 CAMERA, LENS, 2 SD MEMORY CARDS IN BAG 6/13/2011 8:27nokia cell phone 6/13/2011 6:45LG Rumor Touch cellphone 6/12/2011 6:43blackberry curve 6/11/2011 17:05IPOD TOUCH 32 GB BLACK in a black "rubber" case 6/11/2011 17:03Blackberry curve 6/11/2011 14:51Droid 6/10/2011 22:57iPhone4 6/10/2011 15:43Steel I-pad in black "InCase" case 6/10/2011 14:52Steel I-pad in black "InCase" case 6/10/2011 14:52iPhone 6/10/2011 10:46White iPhone 3Gs, white sticker on back, cracked top 6/10/2011 9:02Nikon D3100 Camera in black case 6/10/2011 0:00Two backpacks, laptop, Australian passport 6/8/2011 21:12iphone 4 lost in Northside cab service 6/8/2011 10:33Gucci sandal 6/8/2011 9:32Black Purse with ID, Phone, Ipod, etc. 6/7/2011 16:44iphone 4 with white case 6/7/2011 8:36Cell Phone 6/7/2011 6:45Small Cingular cellphone 6/6/2011 13:07Iphone 4 6/6/2011 10:54
REWARD Black iPhone 4G with Black Case mountain on screen 6/6/2011 6:31iphone 4 6/6/2011 6:04LG Optimus black cell 6/5/2011 14:05cell phone (DROID) 6/5/2011 6:58Silver Sony Viao in black case lost on 5/30 6/4/2011 21:57Samsung phone 6/4/2011 20:02Black 32gb iPhone 3GS 6/4/2011 15:39REWARD: Lost Sony Vaio laptop and bag 6/4/2011 13:44iPhone 4G black w/ black case 6/4/2011 7:22iPhone black 6/4/2011 6:40iphone4 6/4/2011 6:33
http://security.vpit.txstate.edu itsecurity@txstate.edu
Mobile Devices and Malware (viruses, worms, trojans, oh my…)
Image from http://www.mobiletopsoft.com/
http://security.vpit.txstate.edu itsecurity@txstate.edu
USBs and Malware
- Incidents on campus with plugging infected USBs in to machines and vice versa
- Social engineering is an issue – leave a USB lying around at an organization and it’s highly likely someone will pick it up and plug it in…
http://security.vpit.txstate.edu itsecurity@txstate.edu
Desktop malware migrates to mobile platforms
Image from http://techgeek.com.au/
http://security.vpit.txstate.edu itsecurity@txstate.edu
Android Gemini
- Comes from third party app store in China
- Steals most information:Installed/Running applicationsSubscriber information (IMSI number, SIM serial number, network provider, etc.)Phone information (IMEI number, manufacturer, model, etc.)Current user’s location (via GPS)
- Probable precursor to a mobile botnet
http://security.vpit.txstate.edu itsecurity@txstate.edu
Jailbroken iPhones
Jailbroken phones are at much higher risk for attack and infection. It’s HIGHLY recommended that you don’t do this.
Image from http://www.tipb.com/
http://security.vpit.txstate.edu itsecurity@txstate.edu
Mobile Security
http://security.vpit.txstate.edu itsecurity@txstate.edu
Privacy - User tracking….
From the Wall Street Journal in December of 2010
Of 101 iPhone apps:56 transmitted phones unique device ID without users’ awareness or consent47 transmitted the phone’s location5 sent age, gender and other personal details
Also, Google makes a very large amount of money through advertising. More target advertising tends to be more profitable, therefore the more they know about your habits the more profitable they are…
http://security.vpit.txstate.edu itsecurity@txstate.edu
What is Cloud Storage?
Image from http://www.agent-x.com.au
http://security.vpit.txstate.edu itsecurity@txstate.edu
Cloud Storage products
From the Dropbox terms of service:
“You acknowledge and agree that you should not rely on the Site, Content, Files and Services for any reason. You further acknowledge and agree that you are solely responsible for maintaining and protecting all data and information that is stored, retrieved or otherwise processed by the Site, Content, Files or Services.”
http://security.vpit.txstate.edu itsecurity@txstate.edu
More Cloud Storage
http://security.vpit.txstate.edu itsecurity@txstate.edu
Q & A
top related