Your SlideShare is downloading. ×
  • Like
2013 05-21 --ncc_group_-_mobile security_-_the_impending_apocalypse…_or_maybe_not
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

2013 05-21 --ncc_group_-_mobile security_-_the_impending_apocalypse…_or_maybe_not



Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Mobile Security – The impending apocalypse… or maybe not ISF Summer Chapter
  • 2. Before we begin… Hopefully not a lesson in sucking eggs
  • 3. Agenda •What the press would have you believe •The reality
  • 4. Before we begin… Who is this guy? • Information Cyber Security for > 15 years • Consultancy – 1997 – 2005 • Research – 2005 – 2011 • Symantec / BlackBerry • Research / Consultancy – 2012 • Recx / NCC Group
  • 5. What you are led to believe •Mobile is as insecure the desktop •BYOD is insecure •Malware is rampant •Mobile security needs augmenting
  • 6. Motivations •.… something to sell •…. exposure
  • 7. Mobile is as insecure as the desktop •Incentivised •Defence in depth •App stores •Ubiquitous sandboxes •Security policy APIs •Vendors adopting SDLs
  • 8. BYOD is insecure •BYOD is CHALLENGING •Extending your security perimeter •Loosening your control (potentially) •Mixed domain devices •Policies
  • 9. Malware is rampant •Malware is present NOT rampant •Trojans (re-packaged apps) •Trojans (unique appealing apps) •App store revocation  •People using third party app stores 
  • 10. Malware is rampant
  • 11. Mobile security needs augmenting •Platforms have rich security stories •Samsung KNOX •BlackBerry Balance •MDM APIs / Policies .. •Some augmentation may be needed •on iOS •On device AV is not one of them
  • 12. But it is no utopia
  • 13. SDLs cost •Vendors don’t have •limitless funds •limitless people •limitless time •Market driven by features •not secure code •Skills in short demand •Not evenly deployed
  • 14. Vulnerability v patching frequency •No monthly patch Tuesday •Carrier certification •desire •capacity •Vendors •desire •capacity
  • 15. Vulnerability v patching frequency •Handset cycle 12 to 36 months •HTC 10 Android models •ZTE 18 Android models •Samsung 12 Android models •Apple 1 iPhone model •BlackBerry 3 BB10 models •Sustainment costs huge..
  • 16. Vulnerabilities can be exploited
  • 17. But… criminals are lazy …
  • 18. But… there are motivated enablers..
  • 19. Devices are complex •Peripherals •Radio •OS •Apps = a large and complex attack surface
  • 20. Rapid change
  • 21. Use cases are different •Physical interaction •Usage patterns
  • 22. Mobile security – the future
  • 23. Thanks? Questions?
  • 24. UK Offices Manchester - Head Office Cheltenham Edinburgh Leatherhead London Thame North American Offices San Francisco Atlanta New York Seattle Australian Offices Sydney European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland Ollie Whitehouse