Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Smartphone    Necessity       orInformation Sieve      UNCLASSIFIED
The purpose of this brief is to raise awareness of the vulnerabilities associated withsmartphones. For the purpose of this...
Definitionscom·put·ernoun1. An electronic device designed to accept data, perform prescribed mathematical   and logical op...
Phone…..Really?    UNCLASSIFIED
The FutureSmartphone sales eclipsed standard cellular phone sales as well as PCsales last year. According to Google, over ...
Hello?We are talking about a phone …. Right?             UNCLASSIFIED
Computer health statistics         UNCLASSIFIED
Security RiskWhat is the biggest security risk when it comes to Smartphones?HINT: This risk most likely is the same as int...
The NumbersA study conducted by the Ponemon Institute in concert with AVGTechnologies;•734 random US consumers over age 18...
U.K. National Statistics• 45 percent of Internet users used a mobile phone to connect to the Internet• 6 million people ac...
Malware• An average of 9 out of every 100 smartphones in  use is infected with malware of some type                      U...
DefinitionsKey Logger: A computer program that records every keystroke made by a   computer or Smartphone user. The “key-l...
SpywareSoftware that self-installs on a computer, enabling information to be gathered covertly    about a persons knowledg...
Information Hemorrhage on the                                       WWW Web surfing is the primary source of new infection...
Think Before You Click       UNCLASSIFIED
What’s on Your Phone"Mobile phones are a huge source of vulnerability. We are definitely seeing an increase incriminal act...
Keeping in Touch                     The “Bad Guy” is using the same tools and resources                     that we (the ...
Smart Phishing (Smishing) for                            SmartphonesEmails or texts messages offering a free one-year warr...
Man In The Middle (MITM)                                AttackThe attacker machine forces traffic between the victim’s mac...
“There’s an APP for that”        UNCLASSIFIED
Jailbreaking•   Gives the user root level access to the phone•   Strips away security measures designed to protect the sma...
“Trojanized” AppsThe malicious developer selects popular apps to “trojanize” and delivers malware   along with the clean c...
Which System is Better?       UNCLASSIFIED
How You are “Protected”   Google Bouncer               iTunes               App WorldScans all uploaded       Apple authen...
Defensive software                             Malware                             Anti Virus      March 2012AV-TEST an in...
What’s in Your App?The most common malicious Android apps contain spyware and (SMS) Trojans that:• collect and send GPS co...
Some Android Apps Use                 Personal Data SuspiciouslyA study conducted (2010) by Penn State, Duke, and Intel La...
App Security•   Despite increased security in legitimate app marketplaces, malware still comes    through•   Scrutinize ap...
Mobile Banking•   Mobile banking has grown 129% in the last year alone•   Android users alone lost more than one million d...
Geo-tagMost smartphones and some cameras made today are equipped with geo tags. Geotags are imbedded in the picture and us...
Physical ConsiderationIf you leave your phone unattended, loose or have it stolen, depending on what securityfeatures you ...
Navy NetworksIn October 2010, CTO 10-084 was released prohibiting the connection of unapproved USB    mass storage devices...
Smartphone Headlines                     HTC Smartphone Vulnerability Exposes Your Personal Data  Your Smartphone Is Spyin...
Recommendations for a More Secure                          SmartphoneNever store sensitive data on smart phones           ...
Recommendations for a More Secure                          SmartphoneOnly purchase apps from legitimate marketplaces      ...
Summary• Computer health statistics• The climb of smartphones• Activities executed on smartphones• Security issues involvi...
YOU Decide!   UNCLASSIFIED
Upcoming SlideShare
Loading in …5
×

Smartphone

2,421 views

Published on

Basic vulnerabilities associated with most smartphones.

Published in: Education, Technology, Business
  • Be the first to comment

Smartphone

  1. 1. Smartphone Necessity orInformation Sieve UNCLASSIFIED
  2. 2. The purpose of this brief is to raise awareness of the vulnerabilities associated withsmartphones. For the purpose of this brief, when the term smartphone is used, it alsoincludes iPhones and blackberries unless otherwise specified. UNCLASSIFIED
  3. 3. Definitionscom·put·ernoun1. An electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations.tel·e·phonenoun1. An apparatus, system, or process for transmission of sound or speech to a distant point, especially by an electric device. UNCLASSIFIED
  4. 4. Phone…..Really? UNCLASSIFIED
  5. 5. The FutureSmartphone sales eclipsed standard cellular phone sales as well as PCsales last year. According to Google, over 200,000 Android smartphonesare activated each day- Ellis Holman UNCLASSIFIED
  6. 6. Hello?We are talking about a phone …. Right? UNCLASSIFIED
  7. 7. Computer health statistics UNCLASSIFIED
  8. 8. Security RiskWhat is the biggest security risk when it comes to Smartphones?HINT: This risk most likely is the same as internet capablecomputers or Wi-Fi laptop use.Answer: You……. The user.Like most people, when it comes to new technology, we want itand we want it now. We usually start using this technology forall the benefits promised without understanding thevulnerabilities or the security features available. UNCLASSIFIED
  9. 9. The NumbersA study conducted by the Ponemon Institute in concert with AVGTechnologies;•734 random US consumers over age 18 questioned regarding mobilecommunications behavior.• 89 percent respondents unaware smartphone applications cantransmit confidential payment information without the user’sknowledge or consent.• 91 percent respondents unaware financial applications forsmartphones can be infected with specialized malware designed tosteal credit card numbers and online banking credentials. 29 percentreport already storing credit and debit card information on theirdevices. 35 percent report storing “confidential” work relateddocuments.• 56 percent respondents unaware; failing to properly log off a socialnetwork app could allow an imposter to post malicious details orchange personal settings. UNCLASSIFIED
  10. 10. U.K. National Statistics• 45 percent of Internet users used a mobile phone to connect to the Internet• 6 million people accessed the Internet over their mobile phone for the first time in the previous 12 months• The use of wireless hotspots almost doubled in the last 12 months to 4.9 million users• 21 per cent of Internet users did not believe their skills were sufficient to protect their personal data• 77 per cent of households had Internet access- Office of National Statistics “Internet Access - Households and Individuals, 2011 “ UNCLASSIFIED
  11. 11. Malware• An average of 9 out of every 100 smartphones in use is infected with malware of some type UNCLASSIFIED
  12. 12. DefinitionsKey Logger: A computer program that records every keystroke made by a computer or Smartphone user. The “key-logger” will then send the information to an outside server. This is often used in order to gain fraudulent access to passwords and other confidential information. Worm: A computer worm is a self-replicating malware computer program that can replicate to such an extent as to take up enough bandwidth to cause a denial of service. Virus: A Virus is a software program capable of reproducing itself to corrupt and cause major damage to files or other programs. They can spread quickly, infecting other computers or smartphones.Trojan: A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install instead facilitates unauthorized access of the user‘s computer system. UNCLASSIFIED
  13. 13. SpywareSoftware that self-installs on a computer, enabling information to be gathered covertly about a persons knowledge including – inbound and outbound texts, emails, and phone calls – Web browsing activity – Information stored on phone – Contacts – Can even turn on the phone’s camera to capture images and video UNCLASSIFIED
  14. 14. Information Hemorrhage on the WWW Web surfing is the primary source of new infections, with attackers relying more and more on customized malicious code toolkits to develop and distribute their threats. 90 percent of all threats detected by Symantec, during a study period, attempted to steal confidential information. - Michael Dinan, TMCnet EditorWeb browsing is becoming a big threat, with 38 percent of Android owners encountering amalicious link — 40 percent if you only consider the United States.- Lookout’s chief technology officer Kevin Mahaffey UNCLASSIFIED
  15. 15. Think Before You Click UNCLASSIFIED
  16. 16. What’s on Your Phone"Mobile phones are a huge source of vulnerability. We are definitely seeing an increase incriminal activity.“ - Gordon Snow, assistant director of the Federal Bureau of Investigations Cyber Division. UNCLASSIFIED
  17. 17. Keeping in Touch The “Bad Guy” is using the same tools and resources that we (the recreational user) use, and a lot of the time, they know more about the tool.Across the U.S. and beyond, inmates are using social networks and smartphones smuggledinto prisons and jails to harass their victims or accusers and intimidate witnesses.In California, home to the nations largest inmate population, the corrections departmentconfiscated 12,625 phones in just 10 months this year. - DON THOMPSON, Associated Press November 2011 UNCLASSIFIED
  18. 18. Smart Phishing (Smishing) for SmartphonesEmails or texts messages offering a free one-year warranty extension for a popularsmartphone, links to a company-branded web page. That web page asks for an email addressand then smartphone serial number, IMEI number, type of phone, and capacity of phone.Cybercriminals use the information requested on the web page to clone the smartphone. –markmonitor.com UNCLASSIFIED
  19. 19. Man In The Middle (MITM) AttackThe attacker machine forces traffic between the victim’s machines to route through it bysending a false Address Resolution Protocol (ARP) reply to both machines. The attacker canthan create new connections and kill existing connections, as well as view and replayanything that is private between the targets machines.A testing team has adequately shown that with a mobile laptop in a Wi‐Fi network, it ispossible to intercept communications between a smartphone and the Wi‐Fi hotspot.- Smobile Systems UNCLASSIFIED
  20. 20. “There’s an APP for that” UNCLASSIFIED
  21. 21. Jailbreaking• Gives the user root level access to the phone• Strips away security measures designed to protect the smartphone• A majority of smartphone malware comes from third party app stores UNCLASSIFIED
  22. 22. “Trojanized” AppsThe malicious developer selects popular apps to “trojanize” and delivers malware along with the clean content UNCLASSIFIED
  23. 23. Which System is Better? UNCLASSIFIED
  24. 24. How You are “Protected” Google Bouncer iTunes App WorldScans all uploaded Apple authenticates Vets applications Android its developers, before Marketplace apps tests and digitally distribution and 40% decrease in signs each app allows user to potential malicious before set permissions apps in the distribution for each item marketplace in making malware within an app 2011 occurrences rare separately to give user control UNCLASSIFIED
  25. 25. Defensive software Malware Anti Virus March 2012AV-TEST an independentIT security institute, has inspected 41 different virus scanners for Android with regard to their detection performance. UNCLASSIFIED
  26. 26. What’s in Your App?The most common malicious Android apps contain spyware and (SMS) Trojans that:• collect and send GPS coordinates, contact lists, e-mail addresses etc. to third parties• send Short Message Service (SMS) to premium-rate numbers• subscribe infected phones to premium services• record phone conversations and send them to attackers• take control over the infected phone• download other malware onto infected phones - Cnet.com UNCLASSIFIED
  27. 27. Some Android Apps Use Personal Data SuspiciouslyA study conducted (2010) by Penn State, Duke, and Intel Labs ;Found that 358 apps in the Android Market require Internet permissions, aswell as permissions to access location, camera, or audio data. Of those 358,researchers randomly selected 30 apps, including ones for The WeatherChannel and BBC News.15 of the 30 apps reported user locations to remote advertising servers, andseven apps collected the device ID, and sometimes the phone number and SIMcard serial number. One app even transmitted phone information every timethe phone booted – even if the app has not been used. Overall, two-thirds ofthe apps used data suspiciously, researchers concluded.- Pcmag.com UNCLASSIFIED
  28. 28. App Security• Despite increased security in legitimate app marketplaces, malware still comes through• Scrutinize apps before downloading – Do you know the developer? – How long has it been available? – What are the permissions required? UNCLASSIFIED
  29. 29. Mobile Banking• Mobile banking has grown 129% in the last year alone• Android users alone lost more than one million dollars to cyber-thieves in 2011 and the numbers are climbing UNCLASSIFIED
  30. 30. Geo-tagMost smartphones and some cameras made today are equipped with geo tags. Geotags are imbedded in the picture and use the same concept as GPS. UNCLASSIFIED
  31. 31. Physical ConsiderationIf you leave your phone unattended, loose or have it stolen, depending on what securityfeatures you have set, a Smudge attack can be conducted. The picture illustrates how easy itwould be to access this phone.Maintain positive control of your phone and clean the screen after every use if you have atouch screen keypad. UNCLASSIFIED
  32. 32. Navy NetworksIn October 2010, CTO 10-084 was released prohibiting the connection of unapproved USB mass storage devices to government networks. This includes connecting a smartphone to a DON computer “just to charge it”. Lack of compliance could result in data exfiltration, spillage and the spread of malware UNCLASSIFIED
  33. 33. Smartphone Headlines HTC Smartphone Vulnerability Exposes Your Personal Data Your Smartphone Is Spying on You Smartphone pictures pose privacy risksReport Reveals Data Loss as Primary Concernfor Smartphone Users Tens of Millions of Smartphones Come With Spyware Preinstalled, Security Analyst SaysSmartphones evidence a boon for divorcelawyers Android super smartphones: Too much of a good thing?Smartphones overtook PC shipments in 2011 Smartphone scams: Owners warned over malware apps UNCLASSIFIED
  34. 34. Recommendations for a More Secure SmartphoneNever store sensitive data on smart phones Do not leave phone unattended in publicEnable password protection Activate the lock-out screenUpdate your device regularly, to includeanti-virus software Enable encryption where possibleDo not open suspicious email or clickunknown links from unsolicited texts or email Take precautions to avoid theft and recover from lossAvoid using smartphones to conduct onlinefinancial transactions UNCLASSIFIED
  35. 35. Recommendations for a More Secure SmartphoneOnly purchase apps from legitimate marketplaces Understand the apps you download/use and what data the app accessesTurn off GPS & Bluetooth when not in use Disable Geo-taggingNever “jailbreak” or “root” a smartphone Keep phone screen clean if using touch screen keypads Enable “safe mode” to prevent applicationsfrom running in the background withoutpermission Data sanitize your device before redistributing it UNCLASSIFIED
  36. 36. Summary• Computer health statistics• The climb of smartphones• Activities executed on smartphones• Security issues involving smartphones• Application uses and the vulnerabilities• Physical issues involving smartphones• Recommendations for smartphones UNCLASSIFIED
  37. 37. YOU Decide! UNCLASSIFIED

×