Mobile 2012 Ben Forsyth

  • 802 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
802
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
30
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Moving to Mobilewith Effective SecurityMobile & Emerging Tech.Measures in PlaceCeBIT Mobile Conference 2012Ben Forsyth 4 Oct 2011
  • 2. Overview – what we’ll cover todayThings you need to be aware of Web-based and network-based attacks Mobile malwareThings you need to do App code quality & dev best practices App distribution User education
  • 3. Web & Network Based AttacksFive general categories Browser exploits Phishing scams Drive-by downloads Network exploits Wi-Fi sniffing
  • 4. Mobile Malware – prevalence is risingTotal mobile malware samples Total Malware Samples at the end of 2011 (inc Desktop) 75M Source: McAfee Threats Report: 4th Quarter 2011 – McAfee Labs
  • 5. Mobile Malware – who is under attack?Malware Statistics by Platform Source: Mobile Threat Report Q4 2011 – F-Secure
  • 6. Mobile Malware – motivationMobile threats motivated by profit Source: Mobile Threat Report Q1 2012 – F-Secure
  • 7. Mobile Malware – what does it look like?Droid Dream (Feb 2011) Attacker infected and redistributed 58 legitimate apps in the Google Market Affected up to 200K users in just 4 days Once installed, attempted to gain admin control of the device via 2 vulnerabilities Installed other software and harvested sensitive user data
  • 8. Mobile Malware – what does it look like?Zitmo (Mobile ZuesS) / Spy Eye Attacker compromises user account via PC trojan Victim’s mobile phone receives a text message with arequest to install an updated security certificate The link in the TXT message installs mobile version ofZeuS Attacker makes a transaction via PC and the mobileZueS forwards the SMS security code Blackberry, Win mobile, Symbian & Android susceptible
  • 9. Mobile Malware – what does it look like?Remote-Controlled Banking Trojan Targets specific banks posing as a Token Generator app User must enter their password to generate a one time token Sends password & device details to a control server Listens for SMS auth codes and forwards them to a constantly changing number
  • 10. Mobile Malware – why it is likely to get worseProblems with mobile platforms Underlying platform vulnerabilities Patch management Lack of attention to security by users Ease of gaining root access Differing app curation Unofficial distribution of apps
  • 11. App code quality & dev best practicesConsiderations: Who is writing your code? Do they adhere to secure coding principles? What data is being stored on the device? Is your app code independently reviewed/pen tested? Who has access to your appstore accounts? What is the process to publish the app? Can you disable features without a release? Do you have appropriate support agreements in place?
  • 12. App Distribution – getting to your usersKeep it official Having a presence in official distributionchannels is the first line of defence Do not distribute app directly or via3rd party properties or even your own Monitor official and unofficial channels forbrand infringements and take action if itoccurs
  • 13. User education – help your users stay safeThey need all the help they can get Keep the device locked with a PIN or passcode Only install apps from trusted sources Carefully review what apps have access to Keep the device patched Educate on the risk of Jailbroken/Rooted devices Be wary of public Wi-Fi and turn off networkconnections when not needed. Install a mobile security app
  • 14. Final thoughts Mobile threats are multidimensional andincreasing in line with adoption Be aware of malware evolution and respondwhere appropriate Security needs to be at the forefront of yourmobile strategy. Your apps need to be rock solid Promotion and education of consumers on threatabatement techniques is critical
  • 15. Thank You Questions? Ben Forsyth Head of Mobile & Emerging Technologies – NAB ben.x.forsyth@nab.com.au @benforsyth