pocket security,  your mobile by Vitor Domingos all-around mercenary
Vitor Domingos [email_address] http://vitordomingos.com - cloud computing & security consultant - thenextweb editor - mobi...
 
 
 
Phones ... - 15 years of pure unsecurity and few exploits - mobile is the most personal and private item we own - phones a...
What's in ... - phone calls;  - addressbook;  - emails;  - sms;  - mms;  - browser history;  - pictures and some documents...
TRUST - we trust the carrier - we trust the manufacturer - we trust the users - we trust the the phone - we trust the soft...
 
Mobile Security Levels -  Level 1  - Manufacturer - Level 2  - Carrier - Level 3  - User - Level 4  - Application - Level ...
Patching hell ... Problem #1 - if you got a smartphone, then probably you  have somewhat upgraded your base software, if  ...
Windows Mobile - digital application signing  - limited access to the filesystem - permission requests - device encryption...
 
iPhone - OSX Security Model - Appstore - No enterprise security provisioning
 
Android / Symbian - Sandbox - Tight control on application permissions - Digital signature - No enterprise security provis...
 
Security Community  - TSTF.net - Mseclab - Tam Hanna - GSM Association Security Group
Password Security - Try to put a real hard password on your phone - Normally it's only 4 digit numbers - Normally if used;...
 
GSM Cracked - A51 Rainbowtable cracking software (reflextor.com/trac/a51) - GSM interception software  (airprobe.org) - So...
 
2010 - UTMS cracked (on paper) - Sandwich attack - MMS Remote Exploit - iPhone SMS Remote Exploit - Bluetooth Spamming and...
 
 
Look at the screen - what are you running ?  - what is it doing ? - are you using network access ? why ? - do you know tha...
 
 
Future (risks?) - Near Field Communications 2008: hacking NFC phones, URI spoofing, NDEF  worm; 2010: Nokia announces that...
Future (risks?) - Spyware disguised as apps (cydia iphone appstore) - Virus/Worm/Botnet - iphone; vodafone memory card spy...
 
 
 
Upcoming SlideShare
Loading in...5
×

Confraria Security & IT - Mobile Security

1,012

Published on

My talk on 23 June at Confraria Security & IT

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,012
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
42
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Confraria Security & IT - Mobile Security

  1. 1. pocket security, your mobile by Vitor Domingos all-around mercenary
  2. 2. Vitor Domingos [email_address] http://vitordomingos.com - cloud computing & security consultant - thenextweb editor - mobilemonday PT founder - videocaster - ex failed entrepreneur - ex ITIJ / MJ - ex CGD - ex forumB2B - ex Maxitel - ex Jazztel
  3. 6. Phones ... - 15 years of pure unsecurity and few exploits - mobile is the most personal and private item we own - phones are now computers, the personal kind - they even run full operating systems
  4. 7. What's in ... - phone calls; - addressbook; - emails; - sms; - mms; - browser history; - pictures and some documents; - calendar; - gps tracking data; - shop details; - credit card info; - other sync evilness
  5. 8. TRUST - we trust the carrier - we trust the manufacturer - we trust the users - we trust the the phone - we trust the software - we trust we're safe cause it's not connected or it's in our pocket
  6. 10. Mobile Security Levels - Level 1 - Manufacturer - Level 2 - Carrier - Level 3 - User - Level 4 - Application - Level 5 - Enterprise (?)
  7. 11. Patching hell ... Problem #1 - if you got a smartphone, then probably you have somewhat upgraded your base software, if not, you're still using what came with it Problem #2 - difficult to patch (OTA is neat, but not used by many) Problem #3 - no enterprise patch; IT people say it's a carrier / user problem and not their own
  8. 12. Windows Mobile - digital application signing - limited access to the filesystem - permission requests - device encryption (enterprise) - pin protection (enterprise) - profiles (enterprise) - no granular permission
  9. 14. iPhone - OSX Security Model - Appstore - No enterprise security provisioning
  10. 16. Android / Symbian - Sandbox - Tight control on application permissions - Digital signature - No enterprise security provisioning
  11. 18. Security Community - TSTF.net - Mseclab - Tam Hanna - GSM Association Security Group
  12. 19. Password Security - Try to put a real hard password on your phone - Normally it's only 4 digit numbers - Normally if used; it's simple cause it's real hard to input something on the phone - Try K#$"%'º`^!"231Gj - Two factor authentication (?)
  13. 21. GSM Cracked - A51 Rainbowtable cracking software (reflextor.com/trac/a51) - GSM interception software (airprobe.org) - Software defined radio (gnuradio.org) - Cheap radion software (ettus.com/products)
  14. 23. 2010 - UTMS cracked (on paper) - Sandwich attack - MMS Remote Exploit - iPhone SMS Remote Exploit - Bluetooth Spamming and Attacks (bluesnarfing, bluebug, bluebugging) -$18 bluetooth sniffer - Bluetooth audio flow to headset interception - Over the air wire tapping - ... and what about flash ? :)
  15. 26. Look at the screen - what are you running ? - what is it doing ? - are you using network access ? why ? - do you know that it's doing to the filesystem ? to the memory ? to your data ? - where is your data ? - is it using secure protocols ? - where's the backup ?
  16. 29. Future (risks?) - Near Field Communications 2008: hacking NFC phones, URI spoofing, NDEF worm; 2010: Nokia announces that all phones are NFC ready - Mobile javascript in the browser (2000 called and their want to block javascript all again) - Phone SSL, VPN - Location Based something - gowalla//forsquare problems
  17. 30. Future (risks?) - Spyware disguised as apps (cydia iphone appstore) - Virus/Worm/Botnet - iphone; vodafone memory card spyware bug on android phones - Tinyurl problems (?) - Social phishing from fake call centers
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×