isaca denver mobile preso ver1isaca-denver.org/chapter-resources/mobile_security_02-16-2012.pdffeb...
TRANSCRIPT
-
Mobility, New Year, New Challenges
Dan Thormodsgaard VP, Solu3ons Architecture
-
Agenda
§ Mobile Trends § Mobile Threats § Mobile Security Recommenda3ons § Fishnet Mobile Security Offerings § Ques3ons
-
Mobile Trends
-
Mobile Trends
§ Holiday sales § 6.8 million devices sold § 242 million app downloads
§ apple app store -‐ 500,000 apps § android market place -‐ 200,000 apps
-
Mobile Trends
§ Breakdown by PlaOorm § Android -‐~47% § iOS -‐ ~43%
vs
-
Mobile Trends
§ Android -‐ Update § Open Architecture
§ Partner with All Cell Carriers
§ Manufactures § 24 tablet § 35 phone
§ Ice Cream Sandwich
-
Mobile Trends
§ Apple iOS -‐ Update § iOS 5
§ PC free/iCloud § No3fica3on center § iMessage
§ iPhone 4S § A5 processors § Siri
§ APNS process
-
Mobile Trends
§ Email § Contact § Calendar
§ Basic Apps § Social Apps
§ Personal § Professional
§ Transac
-
Mobile Trends
§ Corporate Challenges § Pressure to support personal devices
§ Requirements § What devices to support?
§ Security challenges § Policies § Accessing corporate content § Loss/Thec § BYOD
§ Who is responsible for Mobile Security § Many Different Stakeholders
-
Mobile Trends
§ Corporate Challenges § Business Units Developing Applica3ons § Execu3ves & Business Owners Dicta3ng Technology § All Organiza3ons have a Mobility Ini3a3ve
§ Financial § Healthcare § Government Ins3tu3on § Retail
§ MDM Solving the Problem? § Are Android Devices Enterprise Ready?
-
Mobile Threats § Loss / Thec § Jail Break/Root § Malware § Phishing § Backups
-
Mobile Threats
1. Miami – 52% 2. New York – 49% 3. Los Angeles – 44% 4. Phoenix – 41% 5. Sacramento – 41% 6. Chicago – 40% 7. Dallas – 39% 8. Houston – 37% 9. Philadelphia – 36% 10. Tampa – 36%
-
Mobile Threats
§ Las Vegas -‐ es3mated 5,000 cabs § Average of 2 phones per week § 10,0000 phones per week
§ NYC-‐ Selling iPad’s $200, iPhone $50 § Average 113 phones lost every minute
§ $50 average price for lost/stolen device
Play the odds?
-
Mobile Threats
Jailbreak iPhone Devices § Geohot- Limera1n § Pod2g & Team § Jailbreakme.com § Redsn0w
-
Mobile Threats Root Android Devices § Superoneclick- Works for Android 2.x-3.x
§ Android 4- Dan Rosenberg- http://vulnfactory.org/blog/2012/02/11/rooting-the-droid-4-a-failed-bounty-experiment/
-
Mobile Threats /user/library/keyboard/dynamic-‐text.dat
-
Mobile Threats
§ Data Stored in SQLite in the clear
-
Mobile Threats § Plist Files-‐ Configura
-
Mobile Threats Data Handling: Now, that’s how it’s done!
-
Mobile Threats
§ Phishing Amacks
Source: hmp://www.trusteer.com
§ UI impersona3on
§ Preven3on § Don’t click on links § Type the address
-
Mobile Threats § Android
§ DroidDream § Geinimi § HongTouTou (aka ADRD)
§ Blackberry § Zitmo
§ iOS § Ikee § iPhone.A § Dutch 5€ Ransom
§ Symbian § Cabir.A
-
Mobile Threats Backups
-
Mobile Threats Backups
-
Mobile Threats
§ Breakdown of free apps § What’s the risk?
67%
61%
39% 37% 26%
26%
Android Market
Windows Phone Marketplace
Samsung Apps
Apple App Store
Blackberry App World
Nokia Ovi Store
-
Mobile Threats
=
-
Mobile Security Recommenda
-
Mobile Security Recommenda
-
Mobile Security Recommenda
-
Mobile Applica
-
Forensic Tools Open Source
Name Descrip
-
Forensic Tools • Cellebrite UFED for collec3on • Cellebrite’s Physical Analyzer Tool and Guidance Socware’s Encase forensic
tool for analysis. • Cellebrite Physical Analyzer Tool
• This tool has the ability to perform keyword searches on a one at a 3me basis, and allows for reviewing of collected phone data.
-
Mobile Architecture Security Security
-
Container
Virtual
Compliance, Pure-‐play MDM
Mobile Device Management Strategies
-
MAM
IAM/SSO
Encryp3on
Emerging Mobile Technologies
-
Fishnet Security Mobile Security Offerings
-
Fishnet Offerings
§ Enterprise vulnerability and risk assessment § Mobile policy and program development § Mobile security awareness training § Mobile security roadmap
§ MDM workshop and vendor matrix § MDM implementa3on § MDM proof of concept § Mobile forensics