Your SlideShare is downloading. ×
0
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Behind Enemy Lines - Practical & Triage Approaches to Mobile Security Abroad

845

Published on

Presentation from TakeDownCon 2011 in Las Vegas on December 7, 2011.

Presentation from TakeDownCon 2011 in Las Vegas on December 7, 2011.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
845
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Behind Enemy LinesPractical & Triage Approaches to Mobile Security Abroad
  • 2. Presentation Objectives ‣ Highlight the threats posed by traveling abroad with mobile devices ‣ Discuss lessons learned from real world experiences ‣ Provide practical recommendations for reducing these threats ‣ Do it all in 40 mins or less
  • 3. About me ‣ Justin Morehouse (@mascasa) ‣ Principal Consultant, Stratum Security ‣ CTO of ThreatSim ‣ Security Operations and Consulting ‣ Co-author ‘Securing the Smart Grid’ ‣ OWASP Tampa Chapter Founder & Leader ‣ Presented at DEF CON, ShmooCon, OWASP, and more...
  • 4. My addiction to smartphones ‣ Since 2008 I’ve used and subsequently voided the warranties of the following: ‣ BlackBerry Bold 9700 & 8820 ‣ HTC Nexus One (Android 2.3) ‣ iPhone, 3G, 3GS, 4, 4s (All iOS versions) ‣ Motorola Droid (Android 2.1, 2.2, 2.3) ‣ Samsung Galaxy S (Android 2.1) ‣ T-Mobile (HTC) Dash (Windows Mobile 6.5)
  • 5. Stratum SecurityWhy mobile security?
  • 6. Stratum SecurityBecause mobile devices are everywhere...
  • 7. Stratum SecuritySmartphones outsold PCs in Q4 of 2010
  • 8. 1,000,000,000+ smartphone users by 2013
  • 9. ...and do amazing(ly stupid) things
  • 10. and everyone uses them...
  • 11. most recently...
  • 12. Stratum SecurityWhy international mobile security?
  • 13. My TripIt profile page Video Conferencing
  • 14. Is mobile security a real issue?
  • 15. Example #1
  • 16. Example #2
  • 17. Wikileaks Spy Files
  • 18. How you are targeted by threat agents
  • 19. ...phishing
  • 20. evil maid attack
  • 21. ...and drive-by downloads
  • 22. Not all threats are created equal...
  • 23. Advanced Threats
  • 24. MinimalThreats
  • 25. Moderate Threats
  • 26. Practical mitigation steps
  • 27. Have a plan...
  • 28. Make yourself anonymous(as possible)
  • 29. Leverage existing technologies...
  • 30. Case Study
  • 31. Client Overview ‣ Well-known international retail organization ‣ Executives traveling to hostile countries with moderate threats ‣ Loss of IP would be harmful to organization if obtained by competition
  • 32. Proposed Solution ‣ Utilize factory unlocked iPhone 4 ‘burner’ phones ‣ Preconfigure with VPN, encryption, PIN, remote wipe, via MDM ‣ Purchase local SIM (with cash) upon arrival ‣ Perform forensics on phone upon return
  • 33. Solution Issues ‣ Executives often forgot to enable VPN before using data services ‣ Local SIM purchase required detailed information (passport) ‣ Executives used public wireless networks on several occasions
  • 34. Lessons Learned ‣ Utilize configuration utilities to enforce policies on devices (WiFi, VPN, etc.) ‣ Purchase local SIM cards in advance using anonymous(ish) means (BitCoin) ‣ Disable local syncing in favor of web-based solutions ‣ Require two-factor authentication for all web- based solutions ‣ Tunnel your tunnels (VPN & SSL)
  • 35. Effective mobile security triage
  • 36. Keep it simple...
  • 37. Plan for the Worst ‣ Knowledge is key (DO’s and DON’Ts cheat-sheet) ‣ Rule of 32 (w/ Vodafone UK SIM) ‣ Remote deployment solutions (Wipe & rebuild required) ‣ Overnight INTL shipping
  • 38. Questions? Justin Morehouse justin.morehouse@stratumsecurity.com www.stratumsecurity.com www.threatsim.com

×