2013 04-04 --ncc_group_-_voice_biometrics_conference_-_mobile_security

422 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
422
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2013 04-04 --ncc_group_-_voice_biometrics_conference_-_mobile_security

  1. 1. Mobile Security and 2FA The reality from the trenches… Ollie Whitehouse, Associate Director, NCC Group
  2. 2. Before we begin… • NCC = iSEC Partners in the USA • FTSE listed ~99 million GBP revenue • Independent security experts • Working in hardware, software and higher level business functions • Trusted advisor to many • ~ 250 technical security consultants • ~ 80 business security consultants
  3. 3. Agenda for the 15 minute positioning.. •Mobile Security •Reality and Elephants •Future Enablers •Authentication and mobile •2FA – what it looks like today •Voice biometrics and its Role
  4. 4. Mobile Security – Security threats • Hardware • Platform • Android, iOS, Windows etc. • Vendor Customisation • Undermining platform security • Apps • Poorly designed / implemented • User activity • Hygiene with regards to apps / jail breaking
  5. 5. Mobile Security – Challenges • Mobile vendor fragmentation • Vendor spend on security • 18 to 24 month device life cycles • Carrier certification of updates • User awareness / education • User experience for security patches • Carrier / user desire for security patches
  6. 6. Mobile Security – Future
  7. 7. Mobile Security – Future • The security arms race is starting.. • BlackBerry, Samsung, SEAndroid (Generic), Apple and Windows • Platform features • TrustZone • Virtualisation / HyperVisors • Software security • Improving rapidly..
  8. 8. Mobile 2FA – Concerns • Satisfying ‘Something you have’ • SMS latency • The ‘NYE’ problem • The ‘malware’ issue • For seeded / on-line • Jail breaking • For seeded / on-line • Connectivity • For on-line
  9. 9. Mobile 2FA – Drivers for mobile 2FA
  10. 10. Mobile 2FA – What we’re seeing
  11. 11. Mobile 2FA – Satisfying the concerns • Today • Jail break detection • Device unique IDs • Device lockdown • Dual persona devices • Tomorrow • TrustZone and friends
  12. 12. Mobile 2FA – Result (one solution seen) Circuit Switch and Voice for Last Chance Fall-back
  13. 13. Mobile 2FA – Tomorrow?

×