3. OVERVIEW
Mainly focused on
• iOS
• Android
Same concepts also apply on other OSes
• Windows
• Blackberry
Smart Phones are simple computers
• Mobile devices don’t come with the tools required to analyze
what’s happening
• Root level access required
1/7/2015
3
MSZ
4. EXECUTION MODEL
Android & iOS
• Sandbox concept
• Each process runs it a partitioned environment
• No direct access to OS resources
• Not allowed to interact directly with other Applications or their data
iOS
• Strict API
• SDK enforces restrictions
• Applications must be signed and can only be deployed from a single
trusted source
Android
• Dalvik VM
• Multiple/Unknown sources
1/7/2015
4
MSZ
6. GPS
Global Positioning System
• Every smart phone has GPS
• Must aware the use of GPS
• GPS information passed on via
third parties without your
knowledge.
• For example: Face book, Maps
etc.
1/7/2015
6
MSZ
7. ATTACKS
• Most common among devices
• Avoid unnecessary pairing
Bluetooth
• Don’t use untrsuted Wi-Fi
Wireless
Access
Points
1/7/2015
7
MSZ
8. SECURING YOUR DEVICE
• Graphic pattern is commonly usedUse password
• Automatic on in iOS
• Android: we can turn it on
• Hardware must be supported else slow response
Use Encryption
• Clouds are helpful
Use backup &
Sync.
• Supported in iOS
• Need an Application in Android
Lock device on
multiple failed
attempts
1/7/2015
8
MSZ
9. SECURING YOUR DEVICE CONT...
• Security cameras
Be aware of
Surrounding
• Applications Installation
• iOS & Google have certificates & Codes
Level of Trust
• Regular update itAntivirus
Ignore/Delete
unknown prompted
messages/links
• Any abnormality can effect the Battery
Monitor Battery Life
1/7/2015
9
MSZ