Mobile (in)security ?

Cláudio André
Cláudio AndréSecurity Consultant. OSCP,eMAPT. at INTEGRITY S.A.
/// Mobile (in)security ? Cláudio André / ca@integrity.pt
2 /// MOBILE (IN)SECURITY ? WHOAMI • Pentester at Integrity S.A. • Web applications, Mobile Applications and Infrastructure • BSc in Management Information Technology • Offensive Security Certified Professional
301.3 million shipments 3 /// MOBILE (IN)SECURITY ? MOBILE EQUIPMENTS 2014Q2 http://www.idc.com/prodserv/smartphone-os-market-share.jsp
4 /// MOBILE (IN)SECURITY ? 2014Q2 MARKETSHARE 2.5% 0.5% 0.7% 84.7% 11.7% Android iOS Windows Phone BlackBerry OS Others http://www.idc.com/prodserv/smartphone-os-market-share.jsp
5 /// MOBILE (IN)SECURITY ? MOBILE PLATFORMS ON ENTERPRISE BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
6 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
7 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS I'm not a Hacker. Just a silly guy with a ski mask on. Don't know what I'm doing.
8 /// MOBILE (IN)SECURITY ? SECURITY HORROR STORIES 2014 (SO FAR...) Ebay - 145 million users and encrypted email address. JP Morgan Chase - Customer information of 76 million households and 7 million business. Home Depot - 56 million debit and credit cards. Target - 40 million credit and debit cards. Community Health Systems - Personal data of 4.5 million patients.
9 /// MOBILE (IN)SECURITY ? ATTACK VECTORS
10 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Device Network Server
11 /// MOBILE (IN)SECURITY ? ATTACK VECTORS • Browser • System • Phone / SMS • Apps • Malware • ... Device
12 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Tech details in: http://security.claudio.pt
13 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Network • Packet Sniffing • Man-In-The-Middle (MITM) • Rogue Access Point • ...
14 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Server • Brute Force Attacks • SQL Injections • OS Command Execution • ...
15 /// MOBILE (IN)SECURITY ? A WAY TO... Mobile Device Management; Mobile Application Management; Endpoint Security Tools; Network Access Control (NAC) Endpoint Malware Protections; …..
16 /// MOBILE (IN)SECURITY ? MOBILE DEVICE MANAGEMENT - Focus on the Device - Provisioning - Security Policies Enforcement - Reporting and Monitoring - Software Distribution
17 /// MOBILE (IN)SECURITY ? MOBILE APPLICATION MANAGEMENT - Focus on the Applications - Same as previous but applied to the applications. - Corporate App Store (wrapping)
18 /// MOBILE (IN)SECURITY ? WHICH ONE TO CHOOSE ? - Depends on your objectives - Mixed solution
19 /// MOBILE (IN)SECURITY ? NOT ONLY *WARE APPROACH - Defense-In-Depth - Raise User Awareness - Secure Development Best Practises (OWASP) - Threat Modeling - Continuous Penetration Testing
Thank you. 20
1 of 20

Mobile (in)security ?

Download to read offline
Technology

Is your company data secure? This talk is going to help understand some of the possible attack vectors on mobile platforms and what can Enterprises do, to lower the risk on this platforms.

Cláudio André
Cláudio AndréSecurity Consultant. OSCP,eMAPT. at INTEGRITY S.A.

Recommended

2014 BYOD and Mobile Security Survey Preliminary Results by
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
800 views14 slides
Intro to Smart Cards & Multi-Factor Authentication by
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authenticationhon1nbo
1.3K views20 slides
2015 Endpoint and Mobile Security Buyers Guide by
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
1.1K views36 slides
Llevando la autenticación de sus clientes a un siguiente nivel by
Llevando la autenticación de sus clientes a un siguiente nivelLlevando la autenticación de sus clientes a un siguiente nivel
Llevando la autenticación de sus clientes a un siguiente nivelCristian Garcia G.
147 views17 slides
IntactPhone: Securing the Mobile Enterprise by
IntactPhone: Securing the Mobile EnterpriseIntactPhone: Securing the Mobile Enterprise
IntactPhone: Securing the Mobile EnterpriseItai Bass
215 views15 slides
The Internet of Things Isn't Coming, It's Here by
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereForescout Technologies Inc
1.2K views7 slides

More Related Content

What's hot

OLD - altOS Secure Mobile Platform - Public by
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicSimon Hartley
51 views9 slides
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo... by
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...Lumension
290 views23 slides
ForeScout IoT Enterprise Risk Report by
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForescout Technologies Inc
921 views23 slides
Wireless Keyboard Threats by
Wireless Keyboard ThreatsWireless Keyboard Threats
Wireless Keyboard ThreatsWill Hatcher
85 views3 slides
Symantec and ForeScout Delivering a Unified Cyber Security Solution by
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
2.2K views56 slides
Network Access Control (NAC) by
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)Forescout Technologies Inc
5.1K views13 slides

What's hot(20)

OLD - altOS Secure Mobile Platform - Public by Simon Hartley
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - Public
Simon Hartley51 views
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo... by Lumension
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
Lumension290 views
ForeScout IoT Enterprise Risk Report by Forescout Technologies Inc
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk Report
Forescout Technologies Inc921 views
Wireless Keyboard Threats by Will Hatcher
Wireless Keyboard ThreatsWireless Keyboard Threats
Wireless Keyboard Threats
Will Hatcher85 views
Symantec and ForeScout Delivering a Unified Cyber Security Solution by DLT Solutions
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
DLT Solutions2.2K views
Network Access Control (NAC) by Forescout Technologies Inc
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
Forescout Technologies Inc5.1K views
Smartphone Ownage: The state of mobile botnets and rootkits by Jimmy Shah
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkits
Jimmy Shah683 views
Secure Element Solutions by Ugo Chirico
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
Ugo Chirico2.9K views
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20... by ashoksankar
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
ashoksankar382 views
MID_Security_Connected_Jan_van_Vliet_EN by Vladyslav Radetsky
MID_Security_Connected_Jan_van_Vliet_ENMID_Security_Connected_Jan_van_Vliet_EN
MID_Security_Connected_Jan_van_Vliet_EN
Vladyslav Radetsky770 views
How Secure Is Your Building Automation System? by Forescout Technologies Inc
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System?
Forescout Technologies Inc1.5K views
Mobile protection by preetpatel72
Mobile protection Mobile protection
Mobile protection
preetpatel721.5K views
ICS (Industrial Control System) Cybersecurity Training by Tonex
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex202 views
Computing on the Move - Mobile Security by AVG Technologies AU
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile Security
AVG Technologies AU402 views
Android security by Mohamed Alharbi
Android securityAndroid security
Android security
Mohamed Alharbi227 views
Loc jack presentation by QuestTechnologyIntl
Loc jack presentationLoc jack presentation
Loc jack presentation
QuestTechnologyIntl813 views
Mobile security mobile malware countermeasure academic csirt by IGN MANTRA
Mobile security mobile malware countermeasure academic csirtMobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirt
IGN MANTRA1.5K views
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure by Indonesia Honeynet Chapter
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
Indonesia Honeynet Chapter626 views
DSS ITSEC Conference 2012 - Forescout NAC #1 by Andris Soroka
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1
Andris Soroka1.8K views
Throughwave Day 2015 - ForeScout Automated Security Control by Aruj Thirawat
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
Aruj Thirawat4.8K views

Similar to Mobile (in)security ?

2010: Mobile Security - WHYMCA Developer Conference by
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
4.1K views70 slides
Unicom Conference - Mobile Application Security by
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
115 views21 slides
Mobile phone as Trusted identity assistant by
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
1.5K views18 slides
Mobile Day - App (In)security by
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)securitySoftware Guru
208 views33 slides
Make Mobilization Work - Properly Implementing Mobile Security by
Make Mobilization Work - Properly Implementing Mobile SecurityMake Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMichael Davis
1.1K views34 slides
Sholove cyren web security - technical datasheet2 by
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
445 views3 slides

Similar to Mobile (in)security ?(20)

2010: Mobile Security - WHYMCA Developer Conference by Fabio Pietrosanti
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
Fabio Pietrosanti4.1K views
Unicom Conference - Mobile Application Security by Subho Halder
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
Subho Halder115 views
Mobile phone as Trusted identity assistant by Vladimir Jirasek
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
Vladimir Jirasek1.5K views
Mobile Day - App (In)security by Software Guru
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)security
Software Guru208 views
Make Mobilization Work - Properly Implementing Mobile Security by Michael Davis
Make Mobilization Work - Properly Implementing Mobile SecurityMake Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile Security
Michael Davis1.1K views
Sholove cyren web security - technical datasheet2 by SHOLOVE INTERNATIONAL LLC
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
SHOLOVE INTERNATIONAL LLC445 views
Mobile Application Security Threats through the Eyes of the Attacker by bugcrowd
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd1.7K views
ISACA CACS 2012 - Mobile Device Security and Privacy by Michael Davis
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
Michael Davis964 views
Three Secrets to Becoming a Mobile Security Superhero by Skycure
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
Skycure1.6K views
IRJET- Android Device Attacks and Threats by IRJET Journal
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
IRJET Journal19 views
Mobile Payments: Protecting Apps and Data from Emerging Risks by IBM Security
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
IBM Security1.4K views
Security Requirements in IoT Architecture by Vrince Vimal
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture
Vrince Vimal2K views
880 st011 by Chandra Rao
880 st011880 st011
880 st011
Chandra Rao380 views
How to Predict, Detect and Protect Against Mobile Cyber Attacks by Skycure
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber Attacks
Skycure999 views
White paper surveillancepointmarket by Finite Moments
White paper surveillancepointmarketWhite paper surveillancepointmarket
White paper surveillancepointmarket
Finite Moments329 views
C0c0n 2011 mobile security presentation v1.2 by Santosh Satam
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam2.9K views
Bolstering the security of iiot applications – how to go about it by Moon Technolabs Pvt. Ltd.
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
Moon Technolabs Pvt. Ltd.58 views
Appaloosa & AppDome: deploy & protect mobile applications by Julien Ott
Appaloosa & AppDome: deploy & protect mobile applicationsAppaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applications
Julien Ott1.2K views
The sonic wall clean vpn approach for the mobile work force by Icomm Technologies
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
Icomm Technologies592 views
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security by Mojave Networks
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks698 views

More from Cláudio André

Droidstat-X, Android Applications Security Analyser Xmind Generator by
Droidstat-X, Android Applications Security Analyser Xmind GeneratorDroidstat-X, Android Applications Security Analyser Xmind Generator
Droidstat-X, Android Applications Security Analyser Xmind GeneratorCláudio André
3.4K views22 slides
This is the secure droid you are looking for by
This is the secure droid you are looking forThis is the secure droid you are looking for
This is the secure droid you are looking forCláudio André
826 views84 slides
Is my app secure? by
Is my app secure?Is my app secure?
Is my app secure?Cláudio André
1.7K views69 slides
A day in the life of a pentester by
A day in the life of a pentesterA day in the life of a pentester
A day in the life of a pentesterCláudio André
690 views41 slides
Mobile application (in)security - 2nd Integrity Smart Executive Breakfast by
Mobile application (in)security - 2nd Integrity Smart Executive BreakfastMobile application (in)security - 2nd Integrity Smart Executive Breakfast
Mobile application (in)security - 2nd Integrity Smart Executive BreakfastCláudio André
576 views44 slides
Hacker, you shall not pass! by
Hacker, you shall not pass!Hacker, you shall not pass!
Hacker, you shall not pass!Cláudio André
1.5K views53 slides

More from Cláudio André(7)

Droidstat-X, Android Applications Security Analyser Xmind Generator by Cláudio André
Droidstat-X, Android Applications Security Analyser Xmind GeneratorDroidstat-X, Android Applications Security Analyser Xmind Generator
Droidstat-X, Android Applications Security Analyser Xmind Generator
Cláudio André3.4K views
This is the secure droid you are looking for by Cláudio André
This is the secure droid you are looking forThis is the secure droid you are looking for
This is the secure droid you are looking for
Cláudio André826 views
Is my app secure? by Cláudio André
Is my app secure?Is my app secure?
Is my app secure?
Cláudio André1.7K views
A day in the life of a pentester by Cláudio André
A day in the life of a pentesterA day in the life of a pentester
A day in the life of a pentester
Cláudio André690 views
Mobile application (in)security - 2nd Integrity Smart Executive Breakfast by Cláudio André
Mobile application (in)security - 2nd Integrity Smart Executive BreakfastMobile application (in)security - 2nd Integrity Smart Executive Breakfast
Mobile application (in)security - 2nd Integrity Smart Executive Breakfast
Cláudio André576 views
Hacker, you shall not pass! by Cláudio André
Hacker, you shall not pass!Hacker, you shall not pass!
Hacker, you shall not pass!
Cláudio André1.5K views
Pentesting Android Applications by Cláudio André
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André8.2K views

Recently uploaded

Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ... by
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...ShapeBlue
83 views15 slides
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITShapeBlue
91 views8 slides
Uni Systems for Power Platform.pptx by
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptxUni Systems S.M.S.A.
58 views21 slides
Kyo - Functional Scala 2023.pdf by
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
434 views92 slides
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...ShapeBlue
57 views25 slides
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ... by
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...Jasper Oosterveld
28 views49 slides

Recently uploaded(20)

Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ... by ShapeBlue
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...
ShapeBlue83 views
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by ShapeBlue
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
ShapeBlue91 views
Uni Systems for Power Platform.pptx by Uni Systems S.M.S.A.
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptx
Uni Systems S.M.S.A.58 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil434 views
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by ShapeBlue
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue57 views
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ... by Jasper Oosterveld
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
Jasper Oosterveld28 views
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue by ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
ShapeBlue46 views
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院 by IttrainingIttraining
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
IttrainingIttraining80 views
Keynote Talk: Open Source is Not Dead - Charles Schulz - Vates by ShapeBlue
Keynote Talk: Open Source is Not Dead - Charles Schulz - VatesKeynote Talk: Open Source is Not Dead - Charles Schulz - Vates
Keynote Talk: Open Source is Not Dead - Charles Schulz - Vates
ShapeBlue119 views
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue by ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
ShapeBlue96 views
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online by ShapeBlue
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
ShapeBlue102 views
Five Things You SHOULD Know About Postman by Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman40 views
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha... by ShapeBlue
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
ShapeBlue74 views
State of the Union - Rohit Yadav - Apache CloudStack by ShapeBlue
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
ShapeBlue145 views
PharoJS - Zürich Smalltalk Group Meetup November 2023 by Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi141 views
HTTP headers that make your website go faster - devs.gent November 2023 by Thijs Feryn
HTTP headers that make your website go faster - devs.gent November 2023HTTP headers that make your website go faster - devs.gent November 2023
HTTP headers that make your website go faster - devs.gent November 2023
Thijs Feryn28 views
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue by ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueCloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
ShapeBlue46 views
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by ShapeBlue
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
ShapeBlue111 views
Business Analyst Series 2023 - Week 3 Session 5 by DianaGray10
Business Analyst Series 2023 - Week 3 Session 5Business Analyst Series 2023 - Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray10369 views
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue by ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue131 views

Mobile (in)security ?

  • 1. /// Mobile (in)security ? Cláudio André / ca@integrity.pt
  • 2. 2 /// MOBILE (IN)SECURITY ? WHOAMI • Pentester at Integrity S.A. • Web applications, Mobile Applications and Infrastructure • BSc in Management Information Technology • Offensive Security Certified Professional
  • 3. 301.3 million shipments 3 /// MOBILE (IN)SECURITY ? MOBILE EQUIPMENTS 2014Q2 http://www.idc.com/prodserv/smartphone-os-market-share.jsp
  • 4. 4 /// MOBILE (IN)SECURITY ? 2014Q2 MARKETSHARE 2.5% 0.5% 0.7% 84.7% 11.7% Android iOS Windows Phone BlackBerry OS Others http://www.idc.com/prodserv/smartphone-os-market-share.jsp
  • 5. 5 /// MOBILE (IN)SECURITY ? MOBILE PLATFORMS ON ENTERPRISE BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
  • 6. 6 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
  • 7. 7 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS I'm not a Hacker. Just a silly guy with a ski mask on. Don't know what I'm doing.
  • 8. 8 /// MOBILE (IN)SECURITY ? SECURITY HORROR STORIES 2014 (SO FAR...) Ebay - 145 million users and encrypted email address. JP Morgan Chase - Customer information of 76 million households and 7 million business. Home Depot - 56 million debit and credit cards. Target - 40 million credit and debit cards. Community Health Systems - Personal data of 4.5 million patients.
  • 9. 9 /// MOBILE (IN)SECURITY ? ATTACK VECTORS
  • 10. 10 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Device Network Server
  • 11. 11 /// MOBILE (IN)SECURITY ? ATTACK VECTORS • Browser • System • Phone / SMS • Apps • Malware • ... Device
  • 12. 12 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Tech details in: http://security.claudio.pt
  • 13. 13 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Network • Packet Sniffing • Man-In-The-Middle (MITM) • Rogue Access Point • ...
  • 14. 14 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Server • Brute Force Attacks • SQL Injections • OS Command Execution • ...
  • 15. 15 /// MOBILE (IN)SECURITY ? A WAY TO... Mobile Device Management; Mobile Application Management; Endpoint Security Tools; Network Access Control (NAC) Endpoint Malware Protections; …..
  • 16. 16 /// MOBILE (IN)SECURITY ? MOBILE DEVICE MANAGEMENT - Focus on the Device - Provisioning - Security Policies Enforcement - Reporting and Monitoring - Software Distribution
  • 17. 17 /// MOBILE (IN)SECURITY ? MOBILE APPLICATION MANAGEMENT - Focus on the Applications - Same as previous but applied to the applications. - Corporate App Store (wrapping)
  • 18. 18 /// MOBILE (IN)SECURITY ? WHICH ONE TO CHOOSE ? - Depends on your objectives - Mixed solution
  • 19. 19 /// MOBILE (IN)SECURITY ? NOT ONLY *WARE APPROACH - Defense-In-Depth - Raise User Awareness - Secure Development Best Practises (OWASP) - Threat Modeling - Continuous Penetration Testing