Mobile Security Basics

909 views
720 views

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
909
On SlideShare
0
From Embeds
0
Number of Embeds
39
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Mobile Security Basics

  1. 1. MobileSecurityANAND RAJEDIRECTOR, RABT TECHNOLOGIES PVT. LTD.VP MEMBERSHIP ISOC KOLKATA CHAPTER engage with us @ techsymposium.in
  2. 2. Played Angry birds in your Mobile? engage with us @ techsymposium.in
  3. 3. Do you know?What a malwareaffected clone ofAngry birds can do! engage with us @ techsymposium.in
  4. 4. Within seconds ofstarting your app it willStart spamming your friend with SMSDownload your Address Booklocate you using your phone’s GPSGet access to your camera and see a livestream from it without your knowledge engage with us @ techsymposium.in
  5. 5. What to do? engage with us @ techsymposium.in
  6. 6. Stop using smartphones, tablets?or engage with us @ techsymposium.in
  7. 7. Learn the basicguidelines ofsecured uses oftechnology engage with us @ techsymposium.in
  8. 8. Learn to developsecured apps andnew technologies engage with us @ techsymposium.in
  9. 9. This session will exploreLatest trends of Mobile Phoneuses, threats, frauds and securityvulnerabilitiesHow mobile phone malwares workMobile phone uses best practices engage with us @ techsymposium.in
  10. 10. In 2013, people will purchase more than 1.2 billion mobile devicessurpassing PCs as the most common internet access device in the world. Mobile platforms will continue to expand at breakneck speed, as people are forecast to download over 70 billion mobile apps in 2014. engage with us @ techsymposium.in
  11. 11. Threatsengage with us @ techsymposium.in
  12. 12. Threat 1Mobile malware is a profitable business.The mobile malware industry has matured and become a viable business model for attackers. engage with us @ techsymposium.in
  13. 13. Threat 2One type of malware designed for profit ‘Toll Fraud’ is the most prevalent type of malware. Primarily impacting Eastern Europe and Russia.Toll Fraud has successfully stolen millions from consumers. engage with us @ techsymposium.in
  14. 14. Threat 3As the mobile industry evolves so do mobile threats. Fraudsters are tampering with legitimate mobile tools and advertising systems to achieve broader distribution and make more money. engage with us @ techsymposium.in
  15. 15. Threat 4Mobile privacy is a growing issue. 5% of free Android mobile applications contain one or more aggressive ad networks, which can access personal information or display confusing ads. In addition, a number of high- profile iOS applications raised red flags about privacy issues this year. engage with us @ techsymposium.in
  16. 16. Threat 5The likelihood of encountering mobile malware greatly depends on your geographic location and user behavior.Android malware likelihood is much higher in Russia, Ukraine and China than elsewhere. In terms of user behavior, people who download apps outside of trusted sources like Google Play have a higher likelihood of encountering malware. engage with us @ techsymposium.in
  17. 17. Threat 6Mobile malware distribution techniques are diversifying. Attackers are using a combination of new and existing distribution techniques, including email spam, hacked websites that enable drive-by-downloads and affiliate-based marketing. engage with us @ techsymposium.in
  18. 18. Mobile Threat trends engage with us @ techsymposium.in
  19. 19. Learning Basics engage with us @ techsymposium.in
  20. 20. MalwareMalware is software that performs maliciousactions while installed on your phone.Without your knowledge, malware can makecharges to your phone bill, send unsolicitedmessages to your contact list, or give anattacker control over your device. engage with us @ techsymposium.in
  21. 21. SpywareDesigned to gather data about a largegroup of users, spyware collects or transmitssensitive data about a user without theirknowledge or consent. Such data can oftenincludes phone logs, text messages orlocation, browser history, or contact lists. engage with us @ techsymposium.in
  22. 22. define Malwares You know the meaning of Biological FAMILY engage with us @ techsymposium.in
  23. 23. define Malwaresa family is made up of anumber of individuals that shareimportant common elementsthat together define the groupas a whole. engage with us @ techsymposium.in
  24. 24. define Malwares A Malware Family The common elements are often particular sections of code or associated datathat define how it executes key functional behaviors and can include distinct communications protocols, Command and Control servers, certain images or other application assets, or unique methods chosen to escalated privileges. engage with us @ techsymposium.in
  25. 25. define Malwares How we identify an individual? Within a biological species, individuals havedistinguishing traits that make them identifiable such as eye color, height or weight engage with us @ techsymposium.in
  26. 26. define Malwares How we identify an Instance of malware? while malware or spyware instances can often includevery minor differences that distinguish themwithin a group, they are inherently cut from the same cloth. engage with us @ techsymposium.in
  27. 27. define Malwares VariantsIf two malware instances are different enough in construction to stretch the boundary of an instance, they may be defined as separate variants. engage with us @ techsymposium.in
  28. 28. define MalwaresMalware families can differ greatlyin the number of instances orvariants they contain.Some families may be composed ofonly a handful of samples whileothers may includethousands. engage with us @ techsymposium.in
  29. 29. Evade Antivirus detectionWhen malware writers distribute thousands ofsamples that feature only extremely minordifferences between one another, they maybe trying to evade detection.Even the smallest difference can be enoughto defeat simple methods of detection suchas file hash identification. engage with us @ techsymposium.in
  30. 30. The threat trend - Overall engage with us @ techsymposium.in
  31. 31. The big family engage with us @ techsymposium.in
  32. 32. The threat trend – Unique Malware Instancesengage with us @ techsymposium.in
  33. 33. The likelihood that a given device contains malware or spyware is heavily dependent on geographic location, varying from .04% in Japan to 41.6% in Russia. engage with us @ techsymposium.in
  34. 34. engage with us @ techsymposium.in
  35. 35. How MobilePhone malwares work? engage with us @ techsymposium.in
  36. 36. ‘Tall Fraud’engage with us @ techsymposium.in
  37. 37. What happens when you download a ringtone? Wireless Providers: Run the network and send you bills Aggregator: middleman for premium SMS transactions, who maintain the technical and service level requirements of each wireless network. engage with us @ techsymposium.in
  38. 38. How Tall Fraud Works? Wireless Providers: Run the network and send you bills Aggregator: middleman for premium SMS transactions, who maintain the technical and service level requirements of each wireless network. engage with us @ techsymposium.in
  39. 39. ‘AD Network Hijacking’ engage with us @ techsymposium.in
  40. 40. How Ad Network Hijacking works? engage with us @ techsymposium.in
  41. 41. ‘Gaming theApp Eco-System’ engage with us @ techsymposium.in
  42. 42. Gaming the App Eco-System? engage with us @ techsymposium.in
  43. 43. ‘Drive by Download’ engage with us @ techsymposium.in
  44. 44. How misleading file names are a common social engineering tactic for drive-by downloadsengage with us @ techsymposium.in
  45. 45. ‘Web Based Threats’ engage with us @ techsymposium.in
  46. 46. Malicious websites areoften distributionpoints for maliciousapplications. COMPROMISED websites are legitimate websites that have been infected by a bad actor to scam or defraud visitors Phishing sites are designed to mimic legitimate sites. engage with us @ techsymposium.in
  47. 47. Best Practices for secured uses engage with us @ techsymposium.in
  48. 48. How to stay Safe?Avoid toll fraud, regularly check your phone bill: Always review your monthly phone bill statements for suspicious charges. Contact your carrier if you identify something you believe to be fraud. engage with us @ techsymposium.in
  49. 49. How to stay Safe?Double-check URLs on your mobile: After clicking on a web link, pay close attention to the address to make sure it matches the website it claims to be, especially if you are asked to enter account or login information. engage with us @ techsymposium.in
  50. 50. How to stay Safe?Protect your privacy, understand app permissions: Be cautious about granting applications access to personal information on your phone or letting the application have access to perform functions on your phone. Make sure to check the privacy settings for each app before installing it. engage with us @ techsymposium.in
  51. 51. How to stay Safe?Be smart about device settings: Keep network connectivity such as NFC / WiFi, or Bluetooth ‘OFF’ when not in use. Be sure to disable settings such as debug mode that can open a device up to illicit access. engage with us @ techsymposium.in
  52. 52. How to stay Safe?Download a security app: Download a security app that scans the apps you download for malware and spyware, helps you locate a lost or stolen device, and protects you from unsafe websites. engage with us @ techsymposium.in
  53. 53. How to stay Safe?Update your phone and apps: Make sure to download and install updates from your mobile operator as soon as they are available for your device. The same goes for apps, download app updates when they are available. engage with us @ techsymposium.in
  54. 54. How to stay Safe?Raise employee awareness: Help employees understand the threats and risks out there so that employees can take action to safeguard their phones. engage with us @ techsymposium.in
  55. 55. How to stay Safe?Protect employees’ phones: Ensure that every phone – personal or company – is protected with a mobile security app for business that finds malware, scans apps, and locates and remotely wipes the device. engage with us @ techsymposium.in
  56. 56. How to stay Safe?Patch known vulnerabilities: Keep employee phones’ operating system software up-to- date by enabling automatic updates or accepting service provider’s updates when prompted. Stay up to speed on what vulnerabilities are not patched across device types and carriers to maintain a proper threat model. The National Institute of Standards and Technology offers a database of device vulnerabilities. engage with us @ techsymposium.in
  57. 57. How to stay Safe?Set Pass codes engage with us @ techsymposium.in
  58. 58. How to stay Safe?Phone Theft engage with us @ techsymposium.in
  59. 59. References  CRN (www.crn.com)  blog.lookout.com engage with us @ techsymposium.in
  60. 60. Thank you engage with us @ techsymposium.in

×