Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
/// Mobile (in)security ? 
Cláudio André / ca@integrity.pt
2 
/// MOBILE (IN)SECURITY ? 
WHOAMI 
• Pentester at Integrity S.A. 
• Web applications, Mobile Applications and 
Infrastr...
301.3 million shipments 
3 
/// MOBILE (IN)SECURITY ? 
MOBILE EQUIPMENTS 
2014Q2 
http://www.idc.com/prodserv/smartphone-o...
4 
/// MOBILE (IN)SECURITY ? 
2014Q2 MARKETSHARE 
2.5% 0.5% 0.7% 
84.7% 
11.7% 
Android 
iOS 
Windows Phone 
BlackBerry OS...
5 
/// MOBILE (IN)SECURITY ? 
MOBILE PLATFORMS ON ENTERPRISE 
BYOD & Mobile Security 2013 Survey Linkedin Information Secu...
6 
/// MOBILE (IN)SECURITY ? 
ENTERPRISES MAIN SECURITY CONCERNS 
BYOD & Mobile Security 2013 Survey Linkedin Information ...
7 
/// MOBILE (IN)SECURITY ? 
ENTERPRISES MAIN SECURITY CONCERNS 
I'm not a Hacker. Just a silly guy with a ski 
mask on. ...
8 
/// MOBILE (IN)SECURITY ? 
SECURITY HORROR STORIES 2014 (SO FAR...) 
Ebay - 145 million users and encrypted email addre...
9 
/// MOBILE (IN)SECURITY ? 
ATTACK VECTORS
10 
/// MOBILE (IN)SECURITY ? 
ATTACK VECTORS 
Device Network Server
11 
/// MOBILE (IN)SECURITY ? 
ATTACK VECTORS 
• Browser 
• System 
• Phone / SMS 
• Apps 
• Malware 
• ... 
Device
12 
/// MOBILE (IN)SECURITY ? 
ATTACK VECTORS 
Tech details in: http://security.claudio.pt
13 
/// MOBILE (IN)SECURITY ? 
ATTACK VECTORS 
Network 
• Packet Sniffing 
• Man-In-The-Middle (MITM) 
• Rogue Access Poin...
14 
/// MOBILE (IN)SECURITY ? 
ATTACK VECTORS 
Server 
• Brute Force Attacks 
• SQL Injections 
• OS Command Execution 
• ...
15 
/// MOBILE (IN)SECURITY ? 
A WAY TO... 
Mobile Device Management; 
Mobile Application Management; 
Endpoint Security T...
16 
/// MOBILE (IN)SECURITY ? 
MOBILE DEVICE MANAGEMENT 
- Focus on the Device 
- Provisioning 
- Security Policies Enforc...
17 
/// MOBILE (IN)SECURITY ? 
MOBILE APPLICATION MANAGEMENT 
- Focus on the Applications 
- Same as previous but applied ...
18 
/// MOBILE (IN)SECURITY ? 
WHICH ONE TO CHOOSE ? 
- Depends on your objectives 
- Mixed solution
19 
/// MOBILE (IN)SECURITY ? 
NOT ONLY *WARE APPROACH 
- Defense-In-Depth 
- Raise User Awareness 
- Secure Development B...
Thank you. 
20
Upcoming SlideShare
Loading in …5
×

Mobile (in)security? @ Mobile Edge '14

542 views

Published on

Is your company data secure? This talk is going to help understand some of the possible attack vectors on mobile platforms and what can Enterprises do, to lower the risk on this platforms.

Published in: Mobile
  • Be the first to comment

  • Be the first to like this

Mobile (in)security? @ Mobile Edge '14

  1. 1. /// Mobile (in)security ? Cláudio André / ca@integrity.pt
  2. 2. 2 /// MOBILE (IN)SECURITY ? WHOAMI • Pentester at Integrity S.A. • Web applications, Mobile Applications and Infrastructure • BSc in Management Information Technology • Offensive Security Certified Professional
  3. 3. 301.3 million shipments 3 /// MOBILE (IN)SECURITY ? MOBILE EQUIPMENTS 2014Q2 http://www.idc.com/prodserv/smartphone-os-market-share.jsp
  4. 4. 4 /// MOBILE (IN)SECURITY ? 2014Q2 MARKETSHARE 2.5% 0.5% 0.7% 84.7% 11.7% Android iOS Windows Phone BlackBerry OS Others http://www.idc.com/prodserv/smartphone-os-market-share.jsp
  5. 5. 5 /// MOBILE (IN)SECURITY ? MOBILE PLATFORMS ON ENTERPRISE BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
  6. 6. 6 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
  7. 7. 7 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS I'm not a Hacker. Just a silly guy with a ski mask on. Don't know what I'm doing.
  8. 8. 8 /// MOBILE (IN)SECURITY ? SECURITY HORROR STORIES 2014 (SO FAR...) Ebay - 145 million users and encrypted email address. JP Morgan Chase - Customer information of 76 million households and 7 million business. Home Depot - 56 million debit and credit cards. Target - 40 million credit and debit cards. Community Health Systems - Personal data of 4.5 million patients.
  9. 9. 9 /// MOBILE (IN)SECURITY ? ATTACK VECTORS
  10. 10. 10 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Device Network Server
  11. 11. 11 /// MOBILE (IN)SECURITY ? ATTACK VECTORS • Browser • System • Phone / SMS • Apps • Malware • ... Device
  12. 12. 12 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Tech details in: http://security.claudio.pt
  13. 13. 13 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Network • Packet Sniffing • Man-In-The-Middle (MITM) • Rogue Access Point • ...
  14. 14. 14 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Server • Brute Force Attacks • SQL Injections • OS Command Execution • ...
  15. 15. 15 /// MOBILE (IN)SECURITY ? A WAY TO... Mobile Device Management; Mobile Application Management; Endpoint Security Tools; Network Access Control (NAC) Endpoint Malware Protections; …..
  16. 16. 16 /// MOBILE (IN)SECURITY ? MOBILE DEVICE MANAGEMENT - Focus on the Device - Provisioning - Security Policies Enforcement - Reporting and Monitoring - Software Distribution
  17. 17. 17 /// MOBILE (IN)SECURITY ? MOBILE APPLICATION MANAGEMENT - Focus on the Applications - Same as previous but applied to the applications. - Corporate App Store (wrapping)
  18. 18. 18 /// MOBILE (IN)SECURITY ? WHICH ONE TO CHOOSE ? - Depends on your objectives - Mixed solution
  19. 19. 19 /// MOBILE (IN)SECURITY ? NOT ONLY *WARE APPROACH - Defense-In-Depth - Raise User Awareness - Secure Development Best Practises (OWASP) - Threat Modeling - Continuous Penetration Testing
  20. 20. Thank you. 20

×