Serious Threat or FUD Machine? The Mobile Security Debate
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Serious Threat or FUD Machine? The Mobile Security Debate

on

  • 2,898 views

Presentation from Dan Hoffman (Juniper's Chief Mobile Security Evangelist) from the B-Sides mini-conference at RSA 2012 in San Francisco. ...

Presentation from Dan Hoffman (Juniper's Chief Mobile Security Evangelist) from the B-Sides mini-conference at RSA 2012 in San Francisco.

You can view the video of this presentation here: http://www.brighttalk.com/channel/7651

Statistics

Views

Total Views
2,898
Views on SlideShare
2,255
Embed Views
643

Actions

Likes
0
Downloads
77
Comments
0

3 Embeds 643

http://interact.csu.edu.au 639
https://si0.twimg.com 3
http://a0.twimg.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Serious Threat or FUD Machine? The Mobile Security Debate Presentation Transcript

  • 1. SERIOUS THREAT OR FUD MACHINE? THE MOBILE SECURITY DEBATE Daniel V. Hoffman CISSP, CHFI, CEH
  • 2. MOBILE THREATS FEAR, UNCERTAINTY, DOUBT … AND CHARLATANS! “ IF you work for a company selling virus protection for android, rim or IOS, you should be ashamed of yourself.” “ If you read a report from a vendor that tries to sell you something based on protecting android, rim or ios from viruses, they are also likely as not to be scammers and charlatans.”
  • 3. JUST THE FACTS
      • Mobile operating system application stores
      • Third-party application stores around the world
      • Known website repositories of malicious applications
      • Known hacker websites and repositories
      • Application samples submitted by customers
      • Application samples submitted by partners
      • Applications identified “zero day” as malicious by Junos ® Pulse Mobile Security Suite
    Data obtained from:
  • 4. JUNOS PULSE MOBILE THREAT CENTER
    • Worldwide 24/7 Team of Leading Security Experts
      • Former Marine Computer Emergency Response Center Leadership and U.S. Coast Guard Telecommunication Specialists
      • Numerous PhDs
      • Certified Information Systems Security Professionals (CISSP)
      • Certified Ethical Hackers (CEH),Certified Hacking Forensic Investigators (CHFI) and Certified Wireless Network Administrator (CWNA)
      • Team Members in Ohio, California, Florida, Massachusetts, England, Sweden, India, Japan, etc.
      • Authors: “Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise” and “Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control”
  • 5. MOBILE SECURITY – WHAT ARE THE THREATS? Copyright 2008 SMobile Systems Page Mobile Security Threat Environment Malware – Viruses, Worms, Trojans, Spyware Direct Attack – Attacking device interfaces, Network DoS, Malicious SMS Loss and Theft – Accessing sensitive data Data Communication Interception – Sniffing data as it is transmitted and received Exploitation and Misconduct – Online predators, pornography, inappropriate communications, data leakage
  • 6. JUNIPER MOBILE THREAT REPORT TOTAL MOBILE MALWARE SAMPLES ACROSS ALL OPERATING SYSTEMS
  • 7. AMOUNT OF MALWARE SAMPLES DISCLOSED PER VENDOR
  • 8. AMOUNT OF ANDROID MALWARE SAMPLES DISCLOSED PER VENDOR
  • 9. JUNIPER MOBILE THREAT REPORT UNIQUE MOBILE MALWARE SAMPLES DETECTED BY OPERATING SYSTEM
  • 10. JUNIPER MOBILE THREAT REPORT TYPES OF MALWARE TARGETING MOBILE DEVICES FAKE INSTALLER VS. ALL OTHER ANDROID MALWARE
  • 11. JUNIPER MOBILE THREAT REPORT CUMULATIVE ANDROID MALWARE INCREASE MARKET SHARE OF SMARTPHONE SUBSCRIBERS BY PLATFORM
  • 12. JUNIPER MOBILE THREAT REPORT 2011 NOTABLE EVENTS
  • 13. WHAT IS A FAKE INSTALLER?
  • 14. JUNIPER MOBILE THREAT REPORT REMOTE DEVICE MANAGEMENT: INCIDENCE OF CAPABILITIES USED
  • 15. JUNIPER MOBILE THREAT REPORT – WI-FI SNIFFING
  • 16. GOOGLE "BOUNCER" ANDROID MARKET SCANNING
      • Google’s standard for what is considered malicious is considerably lower than ours
      • A very large growth area we’ve seen in malware is around Fake Installers
      • Another key area of malware is around SMS Trojans 
      • Google is only scanning the Android Market; the dramatic growth of malware we are noting is taking place outside of the Android Market and in third-party application stores
      • Juniper’s holistic approach analyzes protection to the full range of mobile security threats
  • 17. PROTECTING AGAINST A MOBILE ATTACK LAN 1 On-device Zero Day Protection stops malware on the device 2 IDS signatures detect malicious network traffic on network 3 NAC (Network Access Control) at Juniper SAs to deny insecure devices access to network resources 4 Shared Threat knowledge enables firewall rules to block network traffic destined for spyware server. ‘ DroidDream Zero-day at the handset RAN CARRIER NETWORK SRX/IDS/IPS ENTERPRISE NETWORK NAC (Network Access Control) at Juniper SAs
  • 18. QUESTIONS FOR THE AUDIENCE Do you have mobile security software installed on your device? Has your company suffered a mobile security incident? Does your company have an official security policy for mobile devices?
  • 19.