Your SlideShare is downloading. ×
Serious Threat or FUD Machine? The Mobile Security Debate
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Serious Threat or FUD Machine? The Mobile Security Debate

3,395
views

Published on

Presentation from Dan Hoffman (Juniper's Chief Mobile Security Evangelist) from the B-Sides mini-conference at RSA 2012 in San Francisco. …

Presentation from Dan Hoffman (Juniper's Chief Mobile Security Evangelist) from the B-Sides mini-conference at RSA 2012 in San Francisco.

You can view the video of this presentation here: http://www.brighttalk.com/channel/7651

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,395
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
90
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SERIOUS THREAT OR FUD MACHINE? THE MOBILE SECURITY DEBATE Daniel V. Hoffman CISSP, CHFI, CEH
  • 2. MOBILE THREATS FEAR, UNCERTAINTY, DOUBT … AND CHARLATANS! “ IF you work for a company selling virus protection for android, rim or IOS, you should be ashamed of yourself.” “ If you read a report from a vendor that tries to sell you something based on protecting android, rim or ios from viruses, they are also likely as not to be scammers and charlatans.”
  • 3. JUST THE FACTS
      • Mobile operating system application stores
      • Third-party application stores around the world
      • Known website repositories of malicious applications
      • Known hacker websites and repositories
      • Application samples submitted by customers
      • Application samples submitted by partners
      • Applications identified “zero day” as malicious by Junos ® Pulse Mobile Security Suite
    Data obtained from:
  • 4. JUNOS PULSE MOBILE THREAT CENTER
    • Worldwide 24/7 Team of Leading Security Experts
      • Former Marine Computer Emergency Response Center Leadership and U.S. Coast Guard Telecommunication Specialists
      • Numerous PhDs
      • Certified Information Systems Security Professionals (CISSP)
      • Certified Ethical Hackers (CEH),Certified Hacking Forensic Investigators (CHFI) and Certified Wireless Network Administrator (CWNA)
      • Team Members in Ohio, California, Florida, Massachusetts, England, Sweden, India, Japan, etc.
      • Authors: “Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise” and “Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control”
  • 5. MOBILE SECURITY – WHAT ARE THE THREATS? Copyright 2008 SMobile Systems Page Mobile Security Threat Environment Malware – Viruses, Worms, Trojans, Spyware Direct Attack – Attacking device interfaces, Network DoS, Malicious SMS Loss and Theft – Accessing sensitive data Data Communication Interception – Sniffing data as it is transmitted and received Exploitation and Misconduct – Online predators, pornography, inappropriate communications, data leakage
  • 6. JUNIPER MOBILE THREAT REPORT TOTAL MOBILE MALWARE SAMPLES ACROSS ALL OPERATING SYSTEMS
  • 7. AMOUNT OF MALWARE SAMPLES DISCLOSED PER VENDOR
  • 8. AMOUNT OF ANDROID MALWARE SAMPLES DISCLOSED PER VENDOR
  • 9. JUNIPER MOBILE THREAT REPORT UNIQUE MOBILE MALWARE SAMPLES DETECTED BY OPERATING SYSTEM
  • 10. JUNIPER MOBILE THREAT REPORT TYPES OF MALWARE TARGETING MOBILE DEVICES FAKE INSTALLER VS. ALL OTHER ANDROID MALWARE
  • 11. JUNIPER MOBILE THREAT REPORT CUMULATIVE ANDROID MALWARE INCREASE MARKET SHARE OF SMARTPHONE SUBSCRIBERS BY PLATFORM
  • 12. JUNIPER MOBILE THREAT REPORT 2011 NOTABLE EVENTS
  • 13. WHAT IS A FAKE INSTALLER?
  • 14. JUNIPER MOBILE THREAT REPORT REMOTE DEVICE MANAGEMENT: INCIDENCE OF CAPABILITIES USED
  • 15. JUNIPER MOBILE THREAT REPORT – WI-FI SNIFFING
  • 16. GOOGLE "BOUNCER" ANDROID MARKET SCANNING
      • Google’s standard for what is considered malicious is considerably lower than ours
      • A very large growth area we’ve seen in malware is around Fake Installers
      • Another key area of malware is around SMS Trojans 
      • Google is only scanning the Android Market; the dramatic growth of malware we are noting is taking place outside of the Android Market and in third-party application stores
      • Juniper’s holistic approach analyzes protection to the full range of mobile security threats
  • 17. PROTECTING AGAINST A MOBILE ATTACK LAN 1 On-device Zero Day Protection stops malware on the device 2 IDS signatures detect malicious network traffic on network 3 NAC (Network Access Control) at Juniper SAs to deny insecure devices access to network resources 4 Shared Threat knowledge enables firewall rules to block network traffic destined for spyware server. ‘ DroidDream Zero-day at the handset RAN CARRIER NETWORK SRX/IDS/IPS ENTERPRISE NETWORK NAC (Network Access Control) at Juniper SAs
  • 18. QUESTIONS FOR THE AUDIENCE Do you have mobile security software installed on your device? Has your company suffered a mobile security incident? Does your company have an official security policy for mobile devices?
  • 19.