2013 05-21 --ncc_group_-_mobile security_-_the_impending_apocalypse…_or_maybe_not

489 views
435 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
489
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2013 05-21 --ncc_group_-_mobile security_-_the_impending_apocalypse…_or_maybe_not

  1. 1. Mobile Security – The impending apocalypse… or maybe not ISF Summer Chapter
  2. 2. Before we begin… Hopefully not a lesson in sucking eggs
  3. 3. Agenda •What the press would have you believe •The reality
  4. 4. Before we begin… Who is this guy? • Information Cyber Security for > 15 years • Consultancy – 1997 – 2005 • Research – 2005 – 2011 • Symantec / BlackBerry • Research / Consultancy – 2012 • Recx / NCC Group
  5. 5. What you are led to believe •Mobile is as insecure the desktop •BYOD is insecure •Malware is rampant •Mobile security needs augmenting
  6. 6. Motivations •.… something to sell •…. exposure
  7. 7. Mobile is as insecure as the desktop •Incentivised •Defence in depth •App stores •Ubiquitous sandboxes •Security policy APIs •Vendors adopting SDLs
  8. 8. BYOD is insecure •BYOD is CHALLENGING •Extending your security perimeter •Loosening your control (potentially) •Mixed domain devices •Policies
  9. 9. Malware is rampant •Malware is present NOT rampant •Trojans (re-packaged apps) •Trojans (unique appealing apps) •App store revocation  •People using third party app stores 
  10. 10. Malware is rampant
  11. 11. Mobile security needs augmenting •Platforms have rich security stories •Samsung KNOX •BlackBerry Balance •MDM APIs / Policies .. •Some augmentation may be needed •on iOS •On device AV is not one of them
  12. 12. But it is no utopia
  13. 13. SDLs cost •Vendors don’t have •limitless funds •limitless people •limitless time •Market driven by features •not secure code •Skills in short demand •Not evenly deployed
  14. 14. Vulnerability v patching frequency •No monthly patch Tuesday •Carrier certification •desire •capacity •Vendors •desire •capacity
  15. 15. Vulnerability v patching frequency •Handset cycle 12 to 36 months •HTC 10 Android models •ZTE 18 Android models •Samsung 12 Android models •Apple 1 iPhone model •BlackBerry 3 BB10 models •Sustainment costs huge..
  16. 16. Vulnerabilities can be exploited
  17. 17. But… criminals are lazy …
  18. 18. But… there are motivated enablers..
  19. 19. Devices are complex •Peripherals •Radio •OS •Apps = a large and complex attack surface
  20. 20. Rapid change
  21. 21. Use cases are different •Physical interaction •Usage patterns
  22. 22. Mobile security – the future
  23. 23. Thanks? Questions?
  24. 24. UK Offices Manchester - Head Office Cheltenham Edinburgh Leatherhead London Thame North American Offices San Francisco Atlanta New York Seattle Australian Offices Sydney European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland Ollie Whitehouse ollie.whitehouse@nccgroup.com

×