Mobile security 8soft_final_summercamp2011
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Mobile security 8soft_final_summercamp2011

on

  • 1,223 views

 

Statistics

Views

Total Views
1,223
Views on SlideShare
1,223
Embed Views
0

Actions

Likes
0
Downloads
29
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Mobile security 8soft_final_summercamp2011 Presentation Transcript

  • 1. Mobile Working With Z-Push & BES – What About Risks? Jens Fell
  • 2. Statement No. 1 Smartphone OS are the unknown OS in business!
    • Apple iOS
    • 3. bada, by Samsung (a version with Linux-Kernel)
    • 4. BlackBerry, by RIM: proprietary system with push technology
    • 5. Brew, by Qualcomm
    • 6. Linux in various forms:
      • Android, by Open Handset Alliance (leadership by Google)
      • 7. MeeGo, initiative by Nokia and Intel
      • 8. Mobilinux, by MontaVista
      • 9. Openmoko
      • 10. webOS, by Palm
    • Symbian, administrated by Symbian Foundation
    • 11. Windows Phone and Windows Mobile by Microsoft
  • 12. Statement No. 2 Everything, that happens to a laptop, can happen to a smartphone, too!
  • 13. Sources of Risk
    • Bluetooth
    • 14. WiFi (W-LAN)
    • 15. Camera
    • 16. GPS
    • 17. SMS/MMS
    • 18. Email
    • 19. Apps
    • 20. Browser
  • 21. Level of Risk
    • Abuse of corporate and private data by unauthorized access via device
        • e. g. access to social media identities, remote login, credit cards, .....
    • Loss of sensitive information
        • e. g. notes , pictures , scanned business cards
    • Attacks by mobile malware
        • e. g. data theft, extortion
    • Output of confidential data if the device is stolen, lost or spied
        • e. g. theft of intellectual property
  • 22.
      Mobile Malware
    • Risk for mobile devices is rising
        • Number of signatures for mobile devices on 11 January 2011 -> 1834
        • 23. Number of signatures for mobile devices on 07 June 2011 -> 2975
      Source: Kaspersky Lab January 2011
  • 24. Mobile Malware
    • 154 families
    • 25. 1046 modifications
    • 26. In November 2010, 45 new changes were discovered.
    • 27. Most common are SMS trojans.
      Source: Kaspersky Labs, January 2011
  • 28.
      Examples for Mobile Malware
    • Trojan-SMS.AndroidOS.FakePlayer.a
    • 29. Download: looks as if it was a media player
    • 30. Sends SMS to a premium account for $ 5 for each SMS
  • 31.
    • What Does Mobile Malware Do?
    • Activate access to internet ( Backdoor.WinCE.Brador )
    • 32. Stealthy sending of SMS/MMS with high fees ( Trojan-SMS.J2ME.RedBrowser )
    • 33. Blocking functionalities of the mobile phone ( Trojan.SymbOS.Skuller, Rommwar )
    • 34. Downloading of other viruses ( Trojan.SymbOS.Doombot mit ComWar )
    • 35. Deleting data ( Trojan.SymbOS.Cardblock, Worm.MSIL.Cxover )
    • 36. Theft of data ( Worm.SymbOS.StealWar, Trojan-Spy.SymbOS.Flexispy )
    • 37. Using PCs for further circulation ( Worm.MSIL.Cxover )
  • 38.
    • A Typical Infection by Malware: Cabir
    • Large events with a huge amount of people (concerts, sports events, public transports)
    • 39. User receives a file (mostly „sex.sis“) via bluetooth
    • 40. The phone works but the battery discharges very fast (because Cabir uses bluetooth).
    • 41. Virus removal :
      • Delete infected files
      • 42. Operate a hard-reset or install firmware again
  • 43.
    • A Typical Infection by Malware: brador
    • Detects the IP address of the device and sends it via email to sender
    • 44. If the phone is switched on, an agent starts to listen on port 2989 waiting for:
        • File sending / receiving
        • 45. Execute file
        • 46. Show folder content
        • 47. Other commands
    • Virus removal :
      • Delete infected files
      • 48. Operate a hard-reset or install firmware again
  • 49.
    • A Typical Infection by Malware: PBStealer
    • Looks like a „Phonebook Explorer “
    • 50. (tool for optimizing the phonebook)
    • 51. First seen in a Chinese forum
    • 52. Sends a file with personal data of the user to all devices in range of coverage via bluetooth
    • 53. Virus removal :
      • Delete infected files
      • 54. Operate a hard-reset or install firmware again
  • 55.
    • A Typical Infection by Malware: CardBlock
    • Is downloaded as „InstantSiS“ (tool for transferring and exchanging SiS-files)
    • 56. Blocks memory card with a random password
    • 57. Damages all user applications
    • 58. Deletes SMS and MMS messages
    • 59. By deleting the infected files, the infection itself will not be eliminated.
    • 60. The phone needs to be reset. Attention: All data on the smart card will be lost!
  • 61. What Happens, When a Smartphone Gets Lost?
    • More than 250,000 mobile devices get lost at US airports. (Source: The Wisconsin Technology Network)
    • 62. About 100,000 mobile devices are found in London's Underground.
    • 63. Not less than one quarter of all mobile phones of a company contains confidential corporate data. (Source: BPMF)
    • 64. 30 % of all mobile devices get lost every year. (Source: SANS-Institut)
    • 65. 2/3 of all German companies have experiences with lost smartphones. (Source: Impulse Oct. 2010)
    • 66. Each device that can not be retrieved causes costs of $ 2,500 because of the lost data. (Source: Gartner)
    • 67. Companies with more than 5,000 employees could save up to $ 500,000 per year by tracking their devices. (Source: Gartner)
  • 68. Risk Awareness For Smartphone Usage
    • Business use of mobile devices
      • 73% of all people using a smartphone don't know about the risks the device causes. (Source: National Cyber Security Alliance)
  • 69. „ What Mobile Threats Are You Concerned With on Employees Smartphones?“
  • 70. Maßnahmen zur Bedrohungsabwehr
    • organisatorische Maßnahmen
      • Schulung der Mitarbeiter
      • 71. Unternehmens-Policy
      • 72. Security-Policy
    • technische Maßnahmen
      • Zentrale Verwaltung
      • 73. Verschlüsselung
      • 74. Security für Smartphones nutzen
  • 75.
      Kaspersky Mobile Security Enterprise Edition
  • 76. Functions Operating System: Anti Theft + + + (+) Anti Virus + + - (+) Encryption + + - (-) Anti Spam + + + (+) Privacy Protection + + + (+)
  • 77. Kaspersky Mobile Security
    • Retail / Enterprise
    • 78. Functions
      • Encryptions protects against theft and virus
      • 79. Remote roll out „over the air“ via management tool (own or third party provider) is possible
      • 80. Extensive settings and limitations – via Kaspersky Administration Kit, Sybase Afaria or Microsoft System Center Mobile Device Manager
    • Supports established smartphone platforms :
      • Nokia, Black Berry, Windows Mobile and Android
  • 81. How Does Kaspersky Endpoint Security for Smartphones Protect Mobile Users?
    • Anti Theft: Remote smartphone lock, wipe and GPS tracking – in the event that the device is lost or stolen
    • 82. SIM Watch: Even if the thief changes the SIM card – all the remote functionality remains intact and the new phone number is sent to the real owner
    • 83. Encryption: Files, folders and memory cards can be encrypted and access to them can be protected by password
    • 84. Anti Virus: Real time protection, on-demand and scheduled scans, automatic „over the air“ anti virus data base updates
    • 85. Anti Spam for calls & SMS: Unwanted calls and messages can easily be filtered out
    • 86. Privacy Protection: For hiding communication histories with particular contacts, including contact book entries, call logs and SMS
    • 87. Remote Administration: Smooth roll out to multiple devices without user involvement or disturbance
  • 88. Questions ? Jens Fell 8Soft GmbH Phone : +49 931/250993-22 Email : [email_address] Visit our booth at Zarafa SummerCamp!