Mobile security 8soft_final_summercamp2011

  • 935 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
935
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
29
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Mobile Working With Z-Push & BES – What About Risks? Jens Fell
  • 2. Statement No. 1 Smartphone OS are the unknown OS in business!
    • Apple iOS
    • 3. bada, by Samsung (a version with Linux-Kernel)
    • 4. BlackBerry, by RIM: proprietary system with push technology
    • 5. Brew, by Qualcomm
    • 6. Linux in various forms:
      • Android, by Open Handset Alliance (leadership by Google)
      • 7. MeeGo, initiative by Nokia and Intel
      • 8. Mobilinux, by MontaVista
      • 9. Openmoko
      • 10. webOS, by Palm
    • Symbian, administrated by Symbian Foundation
    • 11. Windows Phone and Windows Mobile by Microsoft
  • 12. Statement No. 2 Everything, that happens to a laptop, can happen to a smartphone, too!
  • 13. Sources of Risk
  • 21. Level of Risk
    • Abuse of corporate and private data by unauthorized access via device
        • e. g. access to social media identities, remote login, credit cards, .....
    • Loss of sensitive information
        • e. g. notes , pictures , scanned business cards
    • Attacks by mobile malware
        • e. g. data theft, extortion
    • Output of confidential data if the device is stolen, lost or spied
        • e. g. theft of intellectual property
  • 22.
      Mobile Malware
    • Risk for mobile devices is rising
        • Number of signatures for mobile devices on 11 January 2011 -> 1834
        • 23. Number of signatures for mobile devices on 07 June 2011 -> 2975
      Source: Kaspersky Lab January 2011
  • 24. Mobile Malware
    • 154 families
    • 25. 1046 modifications
    • 26. In November 2010, 45 new changes were discovered.
    • 27. Most common are SMS trojans.
      Source: Kaspersky Labs, January 2011
  • 28.
      Examples for Mobile Malware
    • Trojan-SMS.AndroidOS.FakePlayer.a
    • 29. Download: looks as if it was a media player
    • 30. Sends SMS to a premium account for $ 5 for each SMS
  • 31.
    • What Does Mobile Malware Do?
    • Activate access to internet ( Backdoor.WinCE.Brador )
    • 32. Stealthy sending of SMS/MMS with high fees ( Trojan-SMS.J2ME.RedBrowser )
    • 33. Blocking functionalities of the mobile phone ( Trojan.SymbOS.Skuller, Rommwar )
    • 34. Downloading of other viruses ( Trojan.SymbOS.Doombot mit ComWar )
    • 35. Deleting data ( Trojan.SymbOS.Cardblock, Worm.MSIL.Cxover )
    • 36. Theft of data ( Worm.SymbOS.StealWar, Trojan-Spy.SymbOS.Flexispy )
    • 37. Using PCs for further circulation ( Worm.MSIL.Cxover )
  • 38.
    • A Typical Infection by Malware: Cabir
    • Large events with a huge amount of people (concerts, sports events, public transports)
    • 39. User receives a file (mostly „sex.sis“) via bluetooth
    • 40. The phone works but the battery discharges very fast (because Cabir uses bluetooth).
    • 41. Virus removal :
      • Delete infected files
      • 42. Operate a hard-reset or install firmware again
  • 43.
    • A Typical Infection by Malware: brador
    • Detects the IP address of the device and sends it via email to sender
    • 44. If the phone is switched on, an agent starts to listen on port 2989 waiting for:
        • File sending / receiving
        • 45. Execute file
        • 46. Show folder content
        • 47. Other commands
    • Virus removal :
      • Delete infected files
      • 48. Operate a hard-reset or install firmware again
  • 49.
    • A Typical Infection by Malware: PBStealer
    • Looks like a „Phonebook Explorer “
    • 50. (tool for optimizing the phonebook)
    • 51. First seen in a Chinese forum
    • 52. Sends a file with personal data of the user to all devices in range of coverage via bluetooth
    • 53. Virus removal :
      • Delete infected files
      • 54. Operate a hard-reset or install firmware again
  • 55.
    • A Typical Infection by Malware: CardBlock
    • Is downloaded as „InstantSiS“ (tool for transferring and exchanging SiS-files)
    • 56. Blocks memory card with a random password
    • 57. Damages all user applications
    • 58. Deletes SMS and MMS messages
    • 59. By deleting the infected files, the infection itself will not be eliminated.
    • 60. The phone needs to be reset. Attention: All data on the smart card will be lost!
  • 61. What Happens, When a Smartphone Gets Lost?
    • More than 250,000 mobile devices get lost at US airports. (Source: The Wisconsin Technology Network)
    • 62. About 100,000 mobile devices are found in London's Underground.
    • 63. Not less than one quarter of all mobile phones of a company contains confidential corporate data. (Source: BPMF)
    • 64. 30 % of all mobile devices get lost every year. (Source: SANS-Institut)
    • 65. 2/3 of all German companies have experiences with lost smartphones. (Source: Impulse Oct. 2010)
    • 66. Each device that can not be retrieved causes costs of $ 2,500 because of the lost data. (Source: Gartner)
    • 67. Companies with more than 5,000 employees could save up to $ 500,000 per year by tracking their devices. (Source: Gartner)
  • 68. Risk Awareness For Smartphone Usage
    • Business use of mobile devices
      • 73% of all people using a smartphone don't know about the risks the device causes. (Source: National Cyber Security Alliance)
  • 69. „ What Mobile Threats Are You Concerned With on Employees Smartphones?“
  • 70. Maßnahmen zur Bedrohungsabwehr
    • organisatorische Maßnahmen
      • Schulung der Mitarbeiter
      • 71. Unternehmens-Policy
      • 72. Security-Policy
    • technische Maßnahmen
      • Zentrale Verwaltung
      • 73. Verschlüsselung
      • 74. Security für Smartphones nutzen
  • 75.
      Kaspersky Mobile Security Enterprise Edition
  • 76. Functions Operating System: Anti Theft + + + (+) Anti Virus + + - (+) Encryption + + - (-) Anti Spam + + + (+) Privacy Protection + + + (+)
  • 77. Kaspersky Mobile Security
    • Retail / Enterprise
    • 78. Functions
      • Encryptions protects against theft and virus
      • 79. Remote roll out „over the air“ via management tool (own or third party provider) is possible
      • 80. Extensive settings and limitations – via Kaspersky Administration Kit, Sybase Afaria or Microsoft System Center Mobile Device Manager
    • Supports established smartphone platforms :
      • Nokia, Black Berry, Windows Mobile and Android
  • 81. How Does Kaspersky Endpoint Security for Smartphones Protect Mobile Users?
    • Anti Theft: Remote smartphone lock, wipe and GPS tracking – in the event that the device is lost or stolen
    • 82. SIM Watch: Even if the thief changes the SIM card – all the remote functionality remains intact and the new phone number is sent to the real owner
    • 83. Encryption: Files, folders and memory cards can be encrypted and access to them can be protected by password
    • 84. Anti Virus: Real time protection, on-demand and scheduled scans, automatic „over the air“ anti virus data base updates
    • 85. Anti Spam for calls & SMS: Unwanted calls and messages can easily be filtered out
    • 86. Privacy Protection: For hiding communication histories with particular contacts, including contact book entries, call logs and SMS
    • 87. Remote Administration: Smooth roll out to multiple devices without user involvement or disturbance
  • 88. Questions ? Jens Fell 8Soft GmbH Phone : +49 931/250993-22 Email : [email_address] Visit our booth at Zarafa SummerCamp!