Mobile Security and 2FA
The reality from the trenches…
Ollie Whitehouse, Associate Director, NCC Group
Before we begin…
• NCC = iSEC Partners in the USA
• FTSE listed ~99 million GBP revenue
• Independent security experts
• W...
Agenda for the 15 minute positioning..
•Mobile Security
•Reality and Elephants
•Future Enablers
•Authentication and mobile...
Mobile Security – Security threats
• Hardware
• Platform
• Android, iOS, Windows etc.
• Vendor Customisation
• Undermining...
Mobile Security – Challenges
• Mobile vendor fragmentation
• Vendor spend on security
• 18 to 24 month device life cycles
...
Mobile Security – Future
Mobile Security – Future
• The security arms race is starting..
• BlackBerry, Samsung,
SEAndroid (Generic),
Apple and Wind...
Mobile 2FA – Concerns
• Satisfying ‘Something you have’
• SMS latency
• The ‘NYE’ problem
• The ‘malware’ issue
• For seed...
Mobile 2FA – Drivers for mobile 2FA
Mobile 2FA – What we’re seeing
Mobile 2FA – Satisfying the concerns
• Today
• Jail break detection
• Device unique IDs
• Device lockdown
• Dual persona d...
Mobile 2FA – Result (one solution seen)
Circuit Switch and Voice for Last Chance Fall-back
Mobile 2FA – Tomorrow?
Upcoming SlideShare
Loading in...5
×

2013 04-04 --ncc_group_-_voice_biometrics_conference_-_mobile_security

160

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
160
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2013 04-04 --ncc_group_-_voice_biometrics_conference_-_mobile_security

  1. 1. Mobile Security and 2FA The reality from the trenches… Ollie Whitehouse, Associate Director, NCC Group
  2. 2. Before we begin… • NCC = iSEC Partners in the USA • FTSE listed ~99 million GBP revenue • Independent security experts • Working in hardware, software and higher level business functions • Trusted advisor to many • ~ 250 technical security consultants • ~ 80 business security consultants
  3. 3. Agenda for the 15 minute positioning.. •Mobile Security •Reality and Elephants •Future Enablers •Authentication and mobile •2FA – what it looks like today •Voice biometrics and its Role
  4. 4. Mobile Security – Security threats • Hardware • Platform • Android, iOS, Windows etc. • Vendor Customisation • Undermining platform security • Apps • Poorly designed / implemented • User activity • Hygiene with regards to apps / jail breaking
  5. 5. Mobile Security – Challenges • Mobile vendor fragmentation • Vendor spend on security • 18 to 24 month device life cycles • Carrier certification of updates • User awareness / education • User experience for security patches • Carrier / user desire for security patches
  6. 6. Mobile Security – Future
  7. 7. Mobile Security – Future • The security arms race is starting.. • BlackBerry, Samsung, SEAndroid (Generic), Apple and Windows • Platform features • TrustZone • Virtualisation / HyperVisors • Software security • Improving rapidly..
  8. 8. Mobile 2FA – Concerns • Satisfying ‘Something you have’ • SMS latency • The ‘NYE’ problem • The ‘malware’ issue • For seeded / on-line • Jail breaking • For seeded / on-line • Connectivity • For on-line
  9. 9. Mobile 2FA – Drivers for mobile 2FA
  10. 10. Mobile 2FA – What we’re seeing
  11. 11. Mobile 2FA – Satisfying the concerns • Today • Jail break detection • Device unique IDs • Device lockdown • Dual persona devices • Tomorrow • TrustZone and friends
  12. 12. Mobile 2FA – Result (one solution seen) Circuit Switch and Voice for Last Chance Fall-back
  13. 13. Mobile 2FA – Tomorrow?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×