Your SlideShare is downloading. ×
2013 05-21 --ncc_group_-_mobile security_-_the_impending_apocalypse…_or_maybe_not
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

2013 05-21 --ncc_group_-_mobile security_-_the_impending_apocalypse…_or_maybe_not

315
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
315
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Mobile Security – The impending apocalypse… or maybe not ISF Summer Chapter
  • 2. Before we begin… Hopefully not a lesson in sucking eggs
  • 3. Agenda •What the press would have you believe •The reality
  • 4. Before we begin… Who is this guy? • Information Cyber Security for > 15 years • Consultancy – 1997 – 2005 • Research – 2005 – 2011 • Symantec / BlackBerry • Research / Consultancy – 2012 • Recx / NCC Group
  • 5. What you are led to believe •Mobile is as insecure the desktop •BYOD is insecure •Malware is rampant •Mobile security needs augmenting
  • 6. Motivations •.… something to sell •…. exposure
  • 7. Mobile is as insecure as the desktop •Incentivised •Defence in depth •App stores •Ubiquitous sandboxes •Security policy APIs •Vendors adopting SDLs
  • 8. BYOD is insecure •BYOD is CHALLENGING •Extending your security perimeter •Loosening your control (potentially) •Mixed domain devices •Policies
  • 9. Malware is rampant •Malware is present NOT rampant •Trojans (re-packaged apps) •Trojans (unique appealing apps) •App store revocation  •People using third party app stores 
  • 10. Malware is rampant
  • 11. Mobile security needs augmenting •Platforms have rich security stories •Samsung KNOX •BlackBerry Balance •MDM APIs / Policies .. •Some augmentation may be needed •on iOS •On device AV is not one of them
  • 12. But it is no utopia
  • 13. SDLs cost •Vendors don’t have •limitless funds •limitless people •limitless time •Market driven by features •not secure code •Skills in short demand •Not evenly deployed
  • 14. Vulnerability v patching frequency •No monthly patch Tuesday •Carrier certification •desire •capacity •Vendors •desire •capacity
  • 15. Vulnerability v patching frequency •Handset cycle 12 to 36 months •HTC 10 Android models •ZTE 18 Android models •Samsung 12 Android models •Apple 1 iPhone model •BlackBerry 3 BB10 models •Sustainment costs huge..
  • 16. Vulnerabilities can be exploited
  • 17. But… criminals are lazy …
  • 18. But… there are motivated enablers..
  • 19. Devices are complex •Peripherals •Radio •OS •Apps = a large and complex attack surface
  • 20. Rapid change
  • 21. Use cases are different •Physical interaction •Usage patterns
  • 22. Mobile security – the future
  • 23. Thanks? Questions?
  • 24. UK Offices Manchester - Head Office Cheltenham Edinburgh Leatherhead London Thame North American Offices San Francisco Atlanta New York Seattle Australian Offices Sydney European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland Ollie Whitehouse ollie.whitehouse@nccgroup.com