Mobile (in)security ?

•Download as PPTX, PDF•

0 likes•627 views

Is your company data secure? This talk is going to help understand some of the possible attack vectors on mobile platforms and what can Enterprises do, to lower the risk on this platforms.

Technology

/// Mobile (in)security ?
Cláudio André / ca@integrity.pt

2
/// MOBILE (IN)SECURITY ?
WHOAMI
• Pentester at Integrity S.A.
• Web applications, Mobile Applications and
Infrastructure
• BSc in Management Information Technology
• Offensive Security Certified Professional

301.3 million shipments
3
/// MOBILE (IN)SECURITY ?
MOBILE EQUIPMENTS
2014Q2
http://www.idc.com/prodserv/smartphone-os-market-share.jsp

4
/// MOBILE (IN)SECURITY ?
2014Q2 MARKETSHARE
2.5% 0.5% 0.7%
84.7%
11.7%
Android
iOS
Windows Phone
BlackBerry OS
Others
http://www.idc.com/prodserv/smartphone-os-market-share.jsp

5
/// MOBILE (IN)SECURITY ?
MOBILE PLATFORMS ON ENTERPRISE
BYOD & Mobile Security 2013 Survey Linkedin Information Security Group

6
/// MOBILE (IN)SECURITY ?
ENTERPRISES MAIN SECURITY CONCERNS
BYOD & Mobile Security 2013 Survey Linkedin Information Security Group

7
/// MOBILE (IN)SECURITY ?
ENTERPRISES MAIN SECURITY CONCERNS
I'm not a Hacker. Just a silly guy with a ski
mask on. Don't know what I'm doing.

8
/// MOBILE (IN)SECURITY ?
SECURITY HORROR STORIES 2014 (SO FAR...)
Ebay - 145 million users and encrypted email address.
JP Morgan Chase - Customer information of 76 million households and 7 million business.
Home Depot - 56 million debit and credit cards.
Target - 40 million credit and debit cards.
Community Health Systems - Personal data of 4.5 million patients.

9
/// MOBILE (IN)SECURITY ?
ATTACK VECTORS

10
/// MOBILE (IN)SECURITY ?
ATTACK VECTORS
Device Network Server

11
/// MOBILE (IN)SECURITY ?
ATTACK VECTORS
• Browser
• System
• Phone / SMS
• Apps
• Malware
• ...
Device

12
/// MOBILE (IN)SECURITY ?
ATTACK VECTORS
Tech details in: http://security.claudio.pt

13
/// MOBILE (IN)SECURITY ?
ATTACK VECTORS
Network
• Packet Sniffing
• Man-In-The-Middle (MITM)
• Rogue Access Point
• ...

14
/// MOBILE (IN)SECURITY ?
ATTACK VECTORS
Server
• Brute Force Attacks
• SQL Injections
• OS Command Execution
• ...

15
/// MOBILE (IN)SECURITY ?
A WAY TO...
Mobile Device Management;
Mobile Application Management;
Endpoint Security Tools;
Network Access Control (NAC)
Endpoint Malware Protections;
…..

16
/// MOBILE (IN)SECURITY ?
MOBILE DEVICE MANAGEMENT
- Focus on the Device
- Provisioning
- Security Policies Enforcement
- Reporting and Monitoring
- Software Distribution

17
/// MOBILE (IN)SECURITY ?
MOBILE APPLICATION MANAGEMENT
- Focus on the Applications
- Same as previous but applied to the applications.
- Corporate App Store (wrapping)

18
/// MOBILE (IN)SECURITY ?
WHICH ONE TO CHOOSE ?
- Depends on your objectives
- Mixed solution

19
/// MOBILE (IN)SECURITY ?
NOT ONLY *WARE APPROACH
- Defense-In-Depth
- Raise User Awareness
- Secure Development Best Practises (OWASP)
- Threat Modeling
- Continuous Penetration Testing

What's hot

AltOS is geared to government customers requiring mobile access to sensitive data, performing sensitive missions, working in secure facilities, and/or traveling abroad. CIS Mobile is a US startup backed by CIS Secure, with over $25 million invested to date in Android Open Source Project (AOSP) product development and patents. Parent CIS Secure is the leading provider of TSG, Tempest, and Tactical hardened COTS communications and computing solutions to US and NATO Governments.

OLD - altOS Secure Mobile Platform - Public

Simon Hartley

IT security professionals rank third-party application vulnerabilities as the greatest security risk in 2012. Yet, malware continues to exploit these - and other - vulnerabilities to breach our defenses. Knowing how to bridge the gap between knowing the problem and finding a solution is critical to mitigate risks in your endpoint environment. In this presentation, learn: • What the vital layers of defense are for your endpoints. • How to thwart exploitation of your endpoint OS, configuration and 3rd party application vulnerabilities. • How to prevent unknown applications from executing on your systems.

E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...

Lumension

ForeScout IoT Enterprise Risk Report

Forescout Technologies Inc

Wireless Keyboard Threats

Will Hatcher

Symantec and ForeScout Delivering a Unified Cyber Security Solution

DLT Solutions

Network Access Control (NAC)

Forescout Technologies Inc

Symbian Botnet? Mobile Linux Rootkits? iPhone Botnets? Millions of phones at risk? The press coverage on smart phone threats is at times somewhat accurate, distant, and occasionally (if unintentionally) misleading. They tend to raise questions such as: How close to PC levels (100,000+ to millions of nodes) have mobile botnets reached? Have mobile rootkits reached the complexity of those on the PC? This talk covered the state of rootkits and botnets on smart phones from the perspective of anti-malware researchers, including demystification of the threat from mobile rootkits and mobile botnets, the differences (if any) between mobile rootkits and mobile botnets vs. their PC counterparts, and a look at how samples seen in the wild and researcher PoCs function.

Smartphone Ownage: The state of mobile botnets and rootkits

Jimmy Shah

Secure Element Solutions

Ugo Chirico

Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...

ashoksankar

MID_Security_Connected_Jan_van_Vliet_EN

Vladyslav Radetsky

How Secure Is Your Building Automation System?

Forescout Technologies Inc

Mobile protection

preetpatel72

ICS Cybersecurity training is intended for security professionals and control system designs in order to give them propelled cybersecurity aptitudes and learning in order to ensure the Industrial Control System (ICS) and keep their mechanical task condition secure against digital dangers. Audience: Control engineers, integrators and architects System administrators, engineers Information Technology (IT) professionals Security Consultants Managers who are responsible for ICS Researchers and analysts working on ICS security Vendors, Executives and managers Information technology professionals, security engineers, security analysts, policy analysts Investors and contractors Technicians, operators, and maintenance personnel Price: $3,999.00 Length: 4 Days Training Objectives: Understand fundamentals of Industrial Control Systems (ICS) Recognize the security architecture for ICS Identify different kinds of vulnerabilities in ICS network, remote devices, software, or control servers Learn about active defense and incident response for ICS Learn the essentials for NERC Critical Infrastructure Protection (CIP) Understand policies and procedures for NERC critical infrastructure protection (CIP) List strategies for NERC CIP version 5/6 Apply risk management techniques to ICS Describe ICS Active Defense and Incident Response Describe techniques for defending against the new ICS threat matrix Assess and audit risks for ICS Apply IEC standard to network and system security of ICS Implement the ICS security program step by step Protect the ICS network from vulnerabilities Understand different types of servers in ICS and protect them against attacks Apply security standards to SCADA systems based on NIST SP 800-82 Detect different types of attacks to SCADA systems Tackle all the security challenges related to ICS cybersecurity Training Outline: ICS Cybersecurity training course consists of the following lessons, which can be revised and tailored to the client’s need: Fundamentals of Industrial Control Systems (ICS) ICS Security Architecture Common ICS Vulnerabilities ICS Threat Intelligence NERC Critical Infrastructure Protection (CIP) Risk Management and Risk Assessment ICS Auditing and Assessment IEC 62443: Network and System Security for ICS Implementation of ICS Security Program Development ICS Incident Response Network Protection for ICS ICS Server Protection SCADA Security Policies and Standards Detection of Cyber Attacks on SCADA Systems Our instructors at Tonex will assist you with mastering every one of the ICS Cybersecurity plan strategies by presenting the hazard administration framework, chance evaluation methods, episode reaction, constant monitoring, SCADA security change, and network security approaches for ICS. ICS Cyber security Training https://www.tonex.com/training-courses/ics-cybersecurity-training/

ICS (Industrial Control System) Cybersecurity Training

Tonex

Computing on the Move - Mobile Security

AVG Technologies AU

Android security

Mohamed Alharbi

Loc jack presentation

QuestTechnologyIntl

Mobile security mobile malware countermeasure academic csirt

IGN MANTRA

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

Indonesia Honeynet Chapter

DSS ITSEC Conference 2012 - Forescout NAC #1

Andris Soroka

Throughwave Day 2015 - ForeScout Automated Security Control

Aruj Thirawat

What's hot (20)

OLD - altOS Secure Mobile Platform - Public

E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...

ForeScout IoT Enterprise Risk Report

Wireless Keyboard Threats

Symantec and ForeScout Delivering a Unified Cyber Security Solution

Network Access Control (NAC)

Smartphone Ownage: The state of mobile botnets and rootkits

Secure Element Solutions

Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...

MID_Security_Connected_Jan_van_Vliet_EN

How Secure Is Your Building Automation System?

Mobile protection

ICS (Industrial Control System) Cybersecurity Training

Computing on the Move - Mobile Security

Android security

Loc jack presentation

Mobile security mobile malware countermeasure academic csirt

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

DSS ITSEC Conference 2012 - Forescout NAC #1

Throughwave Day 2015 - ForeScout Automated Security Control

Similar to Mobile (in)security ?

2010: Mobile Security - WHYMCA Developer Conference

Fabio Pietrosanti

Mobile adoption is strategic in every industry today. Although it can be a great catalyst for growth, the security risks that come with it cannot be overlooked. Even though this fact is established, many companies are still not following some of the mobile application security best practices. The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations during development. We will be covering from basic OWASP top 10 security issues to live demos on different use-case scenarios on how a hacker can hack your application, and how to prevent them.

Unicom Conference - Mobile Application Security

Subho Halder

Mobile phone as Trusted identity assistant

Vladimir Jirasek

Mobile Day - App (In)security

Software Guru

From my presentation at Super Strategies, how to make mobilizaiton work in your organization. sadly, security is used as a reason to not implement mobile devices; however, I present the real threats in Mobile Security (Adapted from the great Veracode Mobile Security Presetnation by Chris Wysopal (with permission)). I then provide details on what Mobile Device Management is, how it works, and how it compares to other options.

Make Mobilization Work - Properly Implementing Mobile Security

Michael Davis

Sholove cyren web security - technical datasheet2

SHOLOVE INTERNATIONAL LLC

Mobile Application Security Threats through the Eyes of the Attacker

bugcrowd

ISACA CACS 2012 - Mobile Device Security and Privacy

Michael Davis

Three Secrets to Becoming a Mobile Security Superhero

Skycure

IRJET- Android Device Attacks and Threats

IRJET Journal

Mobile Payments: Protecting Apps and Data from Emerging Risks

IBM Security

Security Requirements in IoT Architecture - Security in Enabling Technologies - Security Concerns in IoT Applications. Security Architecture in the Internet of Things - Security Requirements in IoT - Insufficient Authentication/Authorization - Insecure Access Control - Threats to Access Control, Privacy, and Availability - Attacks Specific to IoT. Vulnerabilities – Secrecy and Secret-Key Capacity - Authentication/Authorization for Smart Devices - Transport Encryption

Security Requirements in IoT Architecture

Vrince Vimal

880 st011

Chandra Rao

Watch webinar recording: http://hubs.ly/H01l56L0 Join Brian Katz, director of mobile strategy at VMware, and Varun Kohli, vice president at Skycure, discuss how to: - Get visibility into ALL mobile threats, vulnerabilities and attacks impacting your organization today - Integrate Skycure with AirWatch to predict, detect, and protect against mobile cyber attacks - Stop attacks before they make it to the enterprise by profiling good and bad device, app and user behaviors by leveraging crowd wisdom

How to Predict, Detect and Protect Against Mobile Cyber Attacks

Skycure

White paper surveillancepointmarket

Finite Moments

Mobile phone security has been a hot topic for debate in recent times. The top mobile manufacturers seem to claim that their mobiles and applications are secure, but recent news on mobile hacking and malware suggest otherwise. One of the key challenges in mobile security is the diverse platforms and multitude of operating systems (both open and proprietary) in the market. This makes it almost impossible to devise a generic catch-all strategy for mobile application security. Every platform whether it is iOS, Android, Blackberry, Windows Mobile, Symbian etc. is unique and requires a specialized treatment. In this talk, we will demystify mobile and related application security. We will understand the architectures of various mobile operating systems and the native security support provided by the manufacturers and operating system vendors. Then we will look at how hackers have come up with different techniques and tools to break mobile security, and what mobile companies are doing to mitigate these attacks. Finally, we will look at secure practices for mobile deployment in the Enterprise using policy files and other technology solutions, We will also outline best practices for business users and road warriors, on how to ensure your company data is protected while still continuing to enjoy the flexibility provided by mobile phones.

C0c0n 2011 mobile security presentation v1.2

Santosh Satam

Bolstering the security of iiot applications – how to go about it

Moon Technolabs Pvt. Ltd.

Appaloosa & AppDome: deploy & protect mobile applications

Julien Ott

The sonic wall clean vpn approach for the mobile work force

Icomm Technologies

Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security

Mojave Networks

Similar to Mobile (in)security ? (20)

2010: Mobile Security - WHYMCA Developer Conference

Unicom Conference - Mobile Application Security

Mobile phone as Trusted identity assistant

Mobile Day - App (In)security

Make Mobilization Work - Properly Implementing Mobile Security

Sholove cyren web security - technical datasheet2

Mobile Application Security Threats through the Eyes of the Attacker

ISACA CACS 2012 - Mobile Device Security and Privacy

Three Secrets to Becoming a Mobile Security Superhero

IRJET- Android Device Attacks and Threats

Mobile Payments: Protecting Apps and Data from Emerging Risks

Security Requirements in IoT Architecture

880 st011

How to Predict, Detect and Protect Against Mobile Cyber Attacks

White paper surveillancepointmarket

C0c0n 2011 mobile security presentation v1.2

Bolstering the security of iiot applications – how to go about it

Appaloosa & AppDome: deploy & protect mobile applications

The sonic wall clean vpn approach for the mobile work force

Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security

More from Cláudio André

Droidstat-X, Android Applications Security Analyser Xmind Generator

Cláudio André

This is the secure droid you are looking for

Cláudio André

Talk given in Bsides Lisbon 2015 by me and Herman Duarte. Based on our experience on testing mobile applications, both on Android and iOS, we challenged ourselves on doing an assessment of both app stores' applications, using OWASP mobile top 10 as a reference in terms of vulnerabilities to search for. As a criteria for choosing the apps to test, we focused on the most common mobile applications available in the Portuguese Android and iOS app stores, from several categories such as finance, social media, medical and security. For this talk we expect to highlight the most interesting design choices both good and bad and what should be done to avoid such mistakes.

Is my app secure?

Cláudio André

A day in the life of a pentester

Cláudio André

Presentation done by me and Herman Duarte in the 2nd Smart Executive Breakfast. Images credited to: https://www.flickr.com/photos/2_dogs/15608584698/in/photolist-pMh5rh-7z9ART-p7VxWx-7z9AUV-7HiJTB-7HnE4o-7Cu1Sn-7HnEbu-7HnDZm-7BvfGM-7HnDuQ-7HnDP9-7BvfCK-7HiJoM-7Bz6nf-92sk9u-BDvjQ-4Z8Kom-7B76Yv-8ZoH5N-boVMC1-qkwnSx-7bPUnN-7bPWaL-bHCJEc-7hHtiq-av98aY-7z9ANe-9FFk-dqwACQ-qXsZmm-7zdnwj-6xYN7X-7z9B2D-7z9AXV-7zdo45-7zdnZU-357Hy-9UWz6d-7uXCPC-7z9AGv-7uTNAp-7uXCYo-7uTPh8-7uXDkJ-7uTPc2-7uTN6k-7uTNiH-7uTPmi-7uXDr9 Pixabay.com Common Creative images.

Mobile application (in)security - 2nd Integrity Smart Executive Breakfast

Cláudio André

Hacker, you shall not pass!

Cláudio André

Pentesting Android Applications

Cláudio André

More from Cláudio André (7)

Droidstat-X, Android Applications Security Analyser Xmind Generator

This is the secure droid you are looking for

Is my app secure?

A day in the life of a pentester

Mobile application (in)security - 2nd Integrity Smart Executive Breakfast

Hacker, you shall not pass!

Pentesting Android Applications

Recently uploaded

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Manulife - Insurer Transformation Award 2024

The Digital Insurer

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

A Beginners Guide to Building a RAG App Using Open Source Milvus

Zilliz

DBX First Quarter 2024 Investor Presentation

Dropbox

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Scalable LLM APIs for AI and Generative AI Application Development Ettikan Karuppiah, Director/Technologist - NVIDIA Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Recently uploaded (20)

Ransomware_Q4_2023. The report. [EN].pdf

Powerful Google developer tools for immediate impact! (2023-24 C)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

A Year of the Servo Reboot: Where Are We Now?

Manulife - Insurer Transformation Award 2024

presentation ICT roal in 21st century education

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

A Beginners Guide to Building a RAG App Using Open Source Milvus

DBX First Quarter 2024 Investor Presentation

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Boost Fertility New Invention Ups Success Rates.pdf

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Automating Google Workspace (GWS) & more with Apps Script

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

How to Troubleshoot Apps for the Modern Connected Worker

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Mobile (in)security ?

1. /// Mobile (in)security ? Cláudio André / ca@integrity.pt

2. 2 /// MOBILE (IN)SECURITY ? WHOAMI • Pentester at Integrity S.A. • Web applications, Mobile Applications and Infrastructure • BSc in Management Information Technology • Offensive Security Certified Professional

3. 301.3 million shipments 3 /// MOBILE (IN)SECURITY ? MOBILE EQUIPMENTS 2014Q2 http://www.idc.com/prodserv/smartphone-os-market-share.jsp

4. 4 /// MOBILE (IN)SECURITY ? 2014Q2 MARKETSHARE 2.5% 0.5% 0.7% 84.7% 11.7% Android iOS Windows Phone BlackBerry OS Others http://www.idc.com/prodserv/smartphone-os-market-share.jsp

5. 5 /// MOBILE (IN)SECURITY ? MOBILE PLATFORMS ON ENTERPRISE BYOD & Mobile Security 2013 Survey Linkedin Information Security Group

6. 6 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS BYOD & Mobile Security 2013 Survey Linkedin Information Security Group

7. 7 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS I'm not a Hacker. Just a silly guy with a ski mask on. Don't know what I'm doing.

8. 8 /// MOBILE (IN)SECURITY ? SECURITY HORROR STORIES 2014 (SO FAR...) Ebay - 145 million users and encrypted email address. JP Morgan Chase - Customer information of 76 million households and 7 million business. Home Depot - 56 million debit and credit cards. Target - 40 million credit and debit cards. Community Health Systems - Personal data of 4.5 million patients.

9. 9 /// MOBILE (IN)SECURITY ? ATTACK VECTORS

10. 10 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Device Network Server

11. 11 /// MOBILE (IN)SECURITY ? ATTACK VECTORS • Browser • System • Phone / SMS • Apps • Malware • ... Device

12. 12 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Tech details in: http://security.claudio.pt

13. 13 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Network • Packet Sniffing • Man-In-The-Middle (MITM) • Rogue Access Point • ...

14. 14 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Server • Brute Force Attacks • SQL Injections • OS Command Execution • ...

15. 15 /// MOBILE (IN)SECURITY ? A WAY TO... Mobile Device Management; Mobile Application Management; Endpoint Security Tools; Network Access Control (NAC) Endpoint Malware Protections; …..

16. 16 /// MOBILE (IN)SECURITY ? MOBILE DEVICE MANAGEMENT - Focus on the Device - Provisioning - Security Policies Enforcement - Reporting and Monitoring - Software Distribution

17. 17 /// MOBILE (IN)SECURITY ? MOBILE APPLICATION MANAGEMENT - Focus on the Applications - Same as previous but applied to the applications. - Corporate App Store (wrapping)

18. 18 /// MOBILE (IN)SECURITY ? WHICH ONE TO CHOOSE ? - Depends on your objectives - Mixed solution

19. 19 /// MOBILE (IN)SECURITY ? NOT ONLY *WARE APPROACH - Defense-In-Depth - Raise User Awareness - Secure Development Best Practises (OWASP) - Threat Modeling - Continuous Penetration Testing

20. Thank you. 20

Mobile (in)security ?

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Mobile (in)security ?

Similar to Mobile (in)security ? (20)

More from Cláudio André

More from Cláudio André (7)

Recently uploaded

Recently uploaded (20)

Mobile (in)security ?