2013 05-21 --ncc_group_-_mobile security_-_the_impending_apocalypse…_or_maybe_not
Upcoming SlideShare
Loading in...5
×
 

2013 05-21 --ncc_group_-_mobile security_-_the_impending_apocalypse…_or_maybe_not

on

  • 394 views

 

Statistics

Views

Total Views
394
Views on SlideShare
386
Embed Views
8

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 8

https://twitter.com 8

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    2013 05-21 --ncc_group_-_mobile security_-_the_impending_apocalypse…_or_maybe_not 2013 05-21 --ncc_group_-_mobile security_-_the_impending_apocalypse…_or_maybe_not Presentation Transcript

    • Mobile Security – The impending apocalypse… or maybe not ISF Summer Chapter
    • Before we begin… Hopefully not a lesson in sucking eggs
    • Agenda •What the press would have you believe •The reality
    • Before we begin… Who is this guy? • Information Cyber Security for > 15 years • Consultancy – 1997 – 2005 • Research – 2005 – 2011 • Symantec / BlackBerry • Research / Consultancy – 2012 • Recx / NCC Group
    • What you are led to believe •Mobile is as insecure the desktop •BYOD is insecure •Malware is rampant •Mobile security needs augmenting
    • Motivations •.… something to sell •…. exposure
    • Mobile is as insecure as the desktop •Incentivised •Defence in depth •App stores •Ubiquitous sandboxes •Security policy APIs •Vendors adopting SDLs
    • BYOD is insecure •BYOD is CHALLENGING •Extending your security perimeter •Loosening your control (potentially) •Mixed domain devices •Policies
    • Malware is rampant •Malware is present NOT rampant •Trojans (re-packaged apps) •Trojans (unique appealing apps) •App store revocation  •People using third party app stores 
    • Malware is rampant
    • Mobile security needs augmenting •Platforms have rich security stories •Samsung KNOX •BlackBerry Balance •MDM APIs / Policies .. •Some augmentation may be needed •on iOS •On device AV is not one of them
    • But it is no utopia
    • SDLs cost •Vendors don’t have •limitless funds •limitless people •limitless time •Market driven by features •not secure code •Skills in short demand •Not evenly deployed
    • Vulnerability v patching frequency •No monthly patch Tuesday •Carrier certification •desire •capacity •Vendors •desire •capacity
    • Vulnerability v patching frequency •Handset cycle 12 to 36 months •HTC 10 Android models •ZTE 18 Android models •Samsung 12 Android models •Apple 1 iPhone model •BlackBerry 3 BB10 models •Sustainment costs huge..
    • Vulnerabilities can be exploited
    • But… criminals are lazy …
    • But… there are motivated enablers..
    • Devices are complex •Peripherals •Radio •OS •Apps = a large and complex attack surface
    • Rapid change
    • Use cases are different •Physical interaction •Usage patterns
    • Mobile security – the future
    • Thanks? Questions?
    • UK Offices Manchester - Head Office Cheltenham Edinburgh Leatherhead London Thame North American Offices San Francisco Atlanta New York Seattle Australian Offices Sydney European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland Ollie Whitehouse ollie.whitehouse@nccgroup.com