Mobile security trends


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • WPA: Wi-Fi Protected AccessWEP: Wired Equivalent Privacy
  • Mobile security trends

    1. 1. Security Trends in a Mobile Environment: Access in an Anytime, Anywhere World<br />Ken Huang & James Hewitt<br /> HDI Executive Forum | June 22, 2011<br />
    2. 2. About CGI<br />Full Service IT company<br />Managed service, BPO<br />IP based Business Solutions<br />SI&C<br />Cloud and Mobile Computing: <br />Cloud IT services<br />Cloud security services<br />Approximately 31,000 professionals worldwide<br />Total Revenue: $4.5 Billion.<br />2<br />
    3. 3. Who Are We?<br />Ken Huang<br />Director of Security Engineering<br />Cloud/Mobile Security<br />ST&E<br />IDAM<br />E-Signature, etc.<br />Frequent Speaker<br />Blog:<br />Linkedin:<br />Twitter:!/kenhuangus<br />James Hewitt<br />Director of Security Governance<br />CISO<br />ST&E<br />Database Security<br />Frequent Speaker<br />Linkedin:<br />3<br />
    4. 4. Topics<br />Mobile Technology and Trends<br />Mobile Application and Trends<br />Mobile Security and Trends<br />Data Loss Prevention for Mobile Devices and Trends<br />Discussion Topics <br />4<br />
    5. 5. Mobile Technology and Trends<br />5<br />
    6. 6. Mobile Technology and Trends<br />6<br />
    7. 7. 3G vs 4G Networks<br />7<br />
    8. 8. WiMAX vs. Wi-Fi<br />8<br />
    9. 9. NFC<br />Based on RFID Technology at 13.56 MHz<br />Operating distance typically up to 10 cm<br />Compatible with today’s field-proven contactless RFID technology<br />Data exchange rate today up to 424 kilobits/s<br />Uses less power than Bluetooth<br />Does not need pairing<br />9<br />
    10. 10. Mobile Application Trends<br />Payment<br />Using your phone to pay will become a reality<br />Federal Government Adoption<br />Mobile apps will become more widely used<br />Cloud and Mobile Computing<br />During an appearance in Silicon Valley, Aneesh Chopra, the nation’s first-ever CTO, acknowledged the inevitable emergence of cloud and mobile as solutions for the federal government, but sees them as supplementing, rather than replacing, legacy systems<br />Transportation Department gets $100 million for mobile apps<br />10<br />
    11. 11. Mobile Application Trends (cont.)<br />Federal Government Adoption (cont.)<br />FBI – most wanted listing app on iPhone<br />IRS – check refund status<br />The White House mobile app – news, videos, podcasts, blogs, etc.<br />Productivity tool<br />Mobile apps will become more mature over time<br />Banking<br />Check balances, transfer funds, etc.<br />11<br />
    12. 12. Mobile Application Trends (cont.)<br />Entertainment<br />Videos, gaming, etc.<br />Social networking<br />Facebook<br />Twitter<br />Foursquare<br />Linkedin<br />Any new apps?<br />Activists<br />Collective bargaining and strikes<br />Other<br />Price comparison for various products<br />12<br />
    13. 13. Wi-Fi Security Trends<br />Use a strong password<br />Don’t broadcast your SSID<br />Use good wireless encryption (WPA, not WEP)<br />Use another layer of encryption when possible (e.g. VPN, SSL)<br />Restrict access by MAC address<br />Shut down the network and wireless network when not in use<br />Monitor your network for intruders<br />Use a firewall<br />13<br />
    14. 14. 4G Security Trends<br />Backward compatibility to 3G or GSM capabilities exposes 4G to 3G and GSM security vulnerabilities<br />4G also has a roaming vulnerability associated with mutual authentication: a fake network can easily claim to be a “roaming partner”<br />14<br />
    15. 15. Bluetooth Security Trends<br />Bluejacking<br />Sending either a picture or a message from one user to an unsuspecting user through Bluetooth wireless technology.<br />DoS Attacks<br />Eavesdropping<br />Man-in-the-middle attacks<br />Message modification<br />NIST published a Guide to Bluetooth Security in 2008<br />15<br />
    16. 16. NFC Security Trends<br />Ghost and Leech Attack<br />Hacker’s RFID reader steals or transmits credentials to a fake RFID card<br />Eavesdropping<br />Hacker must have a good receiver and stay close<br />To avoid this, use a secure channel as compensating control<br />Data Corruption<br />Jams the data so that it is not readable by the receiver<br />Check RF field as compensating control.<br />16<br />
    17. 17. NFC Security Trends (cont.)<br />Data Modification<br />Changes the semantics of the data<br />Use secure channel<br />17<br />
    18. 18. Attack on the app<br />Currently, Androids are the target due to Google’s loose vetting process<br />According to USA Today (June 5, 2011), Google had to remove 25 apps from the Android market, but not before 125,000 users have downloaded the apps1<br />These apps allow hackers to download more malicious programs when the user makes phone calls<br />iPhones and iPads are lightly hacked – but will become targets in the future<br />1 <br />18<br />
    19. 19. Data Protection for Mobile Device and Trends<br />File-level encryption (PocketCrypt or PointSafe)<br />Encryption of data in the transit<br />Remote data wipe-out<br />Device tracking<br />Data backup (Cloud Storage As Service)<br />Mobile Device Management (MDM)- Example GSA use Fiberlink.<br />19<br />
    20. 20. Gartner Predications<br />2014 will witness over 3 billion mobile users worldwide<br />Mobiles phones will become the preferred and most commonly used web device globally by 2013. <br />As a result, a large number of mobile applications will be built for multiple platforms (Android, J2ME, Symbian, iOS, etc.) and domains (mobile payments, mobile, commerce, mobile VAS, etc.).<br />20<br />
    21. 21. Do Cell Phones Cause Cancer?<br />According to an article in the HuffingtonPost (June 1, 2011):<br />The World Health Organization announced that cell phones could possibly cause cancer.<br />The WHO’s cancer research arm, the International Agency for Research on Cancer, classifies cell phones as a class 2b possible carcinogen. “The IARC also identified known as well as probable carcinogens, including a few others which some of us come into contact with on a regular basis.” 1<br />CNN link:<br />1<br />21<br />
    22. 22. Topics for discussion<br />What is the security policy for mobile technology in your organization?<br />How can data be protected?<br />Data encryption for mobile device<br />Data Loss Prevention for mobile technology<br />Mobile technology and cloud computing<br />Trends on Telecommuting or telework<br />22<br />