Herding smartphones

625 views

Published on

Smartphone security presentation from ISSA Tampa Bay chapter meeting on 3/18/2011.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
625
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Herding smartphones

  1. 1. Stratum SecurityHerding Smartphones ISSA Tampa Bay - March 18, 2011 Innovative Risk Solutions
  2. 2. Stratum SecurityAbout Me Justin Morehouse, Principal Consultant• Stratum Security• Security Operations and Consulting• Co-author ‘Securing the Smart Grid’• OWASP Tampa Chapter Founder & Leader• Presented at DEF CON, ShmooCon, OWASP and , more
  3. 3. Stratum SecurityMy Love (Hate) Relationship w/ Smartphones • Since 2008 I’ve owned, modified, and hacked the following: • BlackBerry Bold 9700 & 8820 • T-Mobile (HTC) Dash (Windows Mobile 6.5) • iPhone, 3G, 3GS (All iOS version) • Motorola Droid (Android 2.1, 2.2, 2.3) • Samsung Galaxy S (Android 2.1)
  4. 4. Stratum SecuritySmartphones...
  5. 5. Stratum Security...are everywhere
  6. 6. Stratum SecurityQuestion
  7. 7. Stratum SecuritySmartphones outsold PCs in Q4
  8. 8. 1,000,000,000+ smartphone users by 2013
  9. 9. ...do amazing things
  10. 10. Video Conferencing
  11. 11. GPS Navigation
  12. 12. Watch streaming videos
  13. 13. ...and are constantly evolving
  14. 14. Motorola Atrix
  15. 15. Near Field Communications (NFC)
  16. 16. Question
  17. 17. How we use smartphones...
  18. 18. ...as a phone
  19. 19. ...to check email
  20. 20. ...personal digital assistant
  21. 21. ...what about personal use?
  22. 22. ...entertainment
  23. 23. ...social networking
  24. 24. ...and more
  25. 25. think about your mobile footprint
  26. 26. Hackers do...
  27. 27. ...money talks
  28. 28. objective based
  29. 29. Attack Vectors...
  30. 30. ...phishing
  31. 31. ...rogueapplications
  32. 32. ...drive-by downloads
  33. 33. Examples...
  34. 34. Demonstration(http://vimeo.com/18668105)
  35. 35. Apps Gone Wild!!!
  36. 36. DroidDream50+ malicious (rogue) applications identifiedAvailable for download in the Official AndroidMarketApplications published by 3 “developers”Post IMEI & IMSI to website in CaliforniaContains code to steal “sensitive information”Google remotely “wiping” rogue applications“Taking steps” to prevent this from happeningagain
  37. 37. pwn2own 2011
  38. 38. BlackBerry Torch 9800CanSecWestVincenzo Iozzo, Willem Pinckaers & RalfPhilipp WeinmannWebKit Vulnerability in BlackBerry OS 6+Setup ‘rigged’ websiteDownloaded contacts, images & wrote fileSame vulnerability used to hack iPhone 4(same team as well)BlackBerry “fix” = disable javascript
  39. 39. Mitigation Steps...
  40. 40. The sky is not falling...
  41. 41. but attacks are increasing...
  42. 42. strong policies & procedures
  43. 43. Leverage existing technologies...
  44. 44. ...and evaluate new solutions
  45. 45. Stratum SecurityProSumer Recommendations• Only install applications from trusted sources• Review permissions that applications ask for• Utilize free/cheap tools• Install updates (Platform & Apps)
  46. 46. Stratum SecurityProSumer Recommendations• Don’t click on unsolicited links• Set a strong password or pattern• Install remote wipe/lock/locate apps
  47. 47. Questions? Justin Morehousejustin.morehouse@stratumsecurity.com www.stratumsecurity.com

×