A New Era. A New Edge.

Demystifying the Security Weaknesses
of
iOS and Android

Reda Zitouni

CEO of Mobiquant Technologi...
A New Era. A New Edge.
A New Era. A New Edge.

Agenda
Mobile Usage Evolution 2008-2013
Mobile Threats Trends in 2013
iOS v...
A New Era. A New Edge.
A New Era. A New Edge.

Mobile Usages Evolution 2008-2013(1)

2008
2011

3

© 2013 ISACA. All Right...
A New Era. A New Edge.
A New Era. A New Edge.

Mobile Usages Evolution 2008-2013(2)

2008
2011

• Users : Consumerization ...
A New Era. A New Edge.
A New Era. A New Edge.

Mobile Usages Evolution 2008-2013(2)

1.
2.

Top priority: Manage the lost ...
A New Era. A New Edge.
A New Era. A New Edge.

Mobile Threats Trends in 2013(1)
B2C: Mobile Typical Criminality: [$]
Worms...
A New Era. A New Edge.
A New Era. A New Edge.

Mobile Threats Trends in 2013 (2)

7

© 2013 ISACA. All Rights Reserved.

F...
A New Era. A New Edge.
A New Era. A New Edge.

iOS vs Android Platforms Analysis (1)

88

© 2013 ISACA. All Rights Reserve...
A New Era. A New Edge.
A New Era. A New Edge.

iOS vs Android Platforms Analysis (2)

99

© 2013 ISACA. All Rights Reserve...
A New Era. A New Edge.
A New Era. A New Edge.

iOS vs Android Platforms Analysis (2)

1010

© 2013 ISACA. All Rights Reser...
A New Era. A New Edge.
A New Era. A New Edge.

iOS vs Android Platforms Analysis (3)

1111

© 2013 ISACA. All Rights Reser...
A New Era. A New Edge.
A New Era. A New Edge.

iOS vs Android Platforms Analysis (4)
• In 2011 alone, Google removed more ...
A New Era. A New Edge.
A New Era. A New Edge.

iOS vs Android Platforms Analysis (5)
Key Drivers for mobile attacks:
Brows...
A New Era. A New Edge.
A New Era. A New Edge.

iOS vs Android Platforms Analysis (6)

1414

© 2013 ISACA. All Rights Reser...
A New Era. A New Edge.
A New Era. A New Edge.

iOS vs Android Platforms Analysis (7)
….. But m-security is not only about ...
A New Era. A New Edge.
A New Era. A New Edge.

MDM vs MSM (Mobile Security Management))
- B2B mobility at risk
• MDM (mobi...
A New Era. A New Edge.
A New Era. A New Edge.

Future of Mobile Security
Internet objects, Data leakage, Mass-Malwares
Mor...
A New Era. A New Edge.
A New Era. A New Edge.

1818

© 2013 ISACA. All Rights Reserved.

Follow us @ISACANews #APCACS
Foll...
Upcoming SlideShare
Loading in …5
×

Mobiquant. Mobile Security : Demystifying the Security Weaknesses of Apple iOS and Google Android - REDA ZITOUNI CTO and VP Chief Security

1,872 views

Published on

Mobiquant - Mobile Security Conference at ISACA 2013 Singapore Conference . "Demystifying the security weaknesses of Apple ios and Android 2013" by Mobiquant Technologies CEO and CTO, Reda Zitouni.
Securing mobile devices within the enterprise mobility has become a main concern for nearly any CIO or CISO in the enterprises or government organizations in 2013. 2014 will be even putting IT leaders under pressure.
Many myths have arised has lot of stakeholders have entered the game but dealing with security as a basic marketing argument. What Mobiquant demonstrates during this conference in a deep dive technical session is the major risk they have to face many organization not caring about mobile security at the time of deploying an architecture and solution.
BYOD, MDM, Enterprise Mobility, Multiplatfom devices, MEAP, MAM, EMM... many concepts that finally lead to the same conclusion. A mobile strategy, driven with the key people is more than necessary and laying down on the fundamentals of any IT and security projects.

REDA ZITOUNI CTO and VP Chief Security

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Mobiquant. Mobile Security : Demystifying the Security Weaknesses of Apple iOS and Google Android - REDA ZITOUNI CTO and VP Chief Security

  1. 1. A New Era. A New Edge. Demystifying the Security Weaknesses of iOS and Android Reda Zitouni CEO of Mobiquant Technologies Twitter @mobiquant #mobilesecurity www.mobiquant.com blog.mobiquant.com Booth A01 © 2013 ISACA. All Rights Reserved. Follow us @mobiquant #mobilesecurity
  2. 2. A New Era. A New Edge. A New Era. A New Edge. Agenda Mobile Usage Evolution 2008-2013 Mobile Threats Trends in 2013 iOS vs Android Platforms Analysis MDM vs MSM (Mobile Security Management)) B2B mobility at risk Future of Mobile Security Internet object and Data leakage 2 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  3. 3. A New Era. A New Edge. A New Era. A New Edge. Mobile Usages Evolution 2008-2013(1) 2008 2011 3 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  4. 4. A New Era. A New Edge. A New Era. A New Edge. Mobile Usages Evolution 2008-2013(2) 2008 2011 • Users : Consumerization of mobility rears its head in the enterprise • ITs: centrally managed and secured 4 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  5. 5. A New Era. A New Edge. A New Era. A New Edge. Mobile Usages Evolution 2008-2013(2) 1. 2. Top priority: Manage the lost or stolen data risk Priority needs: 1. Rationalize mobile devices management 2. Optimize productivity 3. Simplify administration 4. Facilitate updates 5. Control by defining security policies 6. Standardize the infra mobile management with the rest of the IS Source : Mobiquant Labs 2013 (400 CISOs in Europe and USA) 5 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  6. 6. A New Era. A New Edge. A New Era. A New Edge. Mobile Threats Trends in 2013(1) B2C: Mobile Typical Criminality: [$] Worms, Mobile Ransomwares (blocking), SPAM, Malwares B2B: Mobile in IE global war: [Data] Botnets, Spybots, backdoors, pervasive + sophisticated malwares Governmental, Military, Defense : [Data or Influence] Suspicions about government-sponsored attacks will grow. Using zero-day vulnerabilities and sophistical malware, some of these attacks may be considered APT (advanced persistent threats) 6 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  7. 7. A New Era. A New Edge. A New Era. A New Edge. Mobile Threats Trends in 2013 (2) 7 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  8. 8. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (1) 88 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  9. 9. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (2) 99 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
  10. 10. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (2) 1010 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
  11. 11. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (3) 1111 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
  12. 12. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (4) • In 2011 alone, Google removed more than 100 malicious apps • Google discovered 50 applications infected by a single piece of malware (Droid Dream : personal data) • Google hasn’t always acted in a timely manner : – +260,000 times before Google removed it from the app market. So creating a mobile security policy that requires end users to protect personal mobile devices within the enterprise is key to keeping your organization's data safe. 1212 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  13. 13. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (5) Key Drivers for mobile attacks: Browser (jailbreak iOS v1..) Applications (xStores) : No real control PlayStore VS Appstore Stacks/Software weaknesses: Few on IOS vs Many on Android 1313 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  14. 14. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (6) 1414 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  15. 15. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (7) ….. But m-security is not only about malware ! B2B constraints and requirements are >B2C Enterprise Mobility requirements : Cryptochips : Keys and secrets strongly secured (HW) CryptoLibraries: Android case of L2TP VPN (IPSec Impossible) Authentication Protocols (IS, Network, Apps, Web) MDM vs MSM native API: strengthening IT management (Policies, Messaging, LOBS security support) 1515 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  16. 16. A New Era. A New Edge. A New Era. A New Edge. MDM vs MSM (Mobile Security Management)) - B2B mobility at risk • MDM (mobile device mangement) is about Asset Management – Basic security features (wipe, password) – Fake implementations (ex : PKI, SCEP only) • MSM (mobile Security Management) is about Security Management(ISO27001/05, PCSSI, Sox, Bale2…) – Mobile : VPN, PKI, Encryption, Policies, Apps and web services security (signing house, monitoring,..) 2013 trends: Many CISOs required by management to take over back to Mobility Management/Strategy as security not covered 1616 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  17. 17. A New Era. A New Edge. A New Era. A New Edge. Future of Mobile Security Internet objects, Data leakage, Mass-Malwares More mobility in many usage (Internet Objects): Exposing data at risk and easing more profitable mass attacks for hackers LTE and LTE+ bringing permanent and high bandwith connectivity (easing blackhat), UMA (Mesh Networks ) Massive standards adoption boosting highly critical (and benefitial) services : NFC, Mobile Payments, m-Wallets,… SECURITY TO DO LIST Need for a real strategy including the Security Experts Continuous Auditing of the policies enforcements Devices, Tools, Solutions must be security proven 1717 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
  18. 18. A New Era. A New Edge. A New Era. A New Edge. 1818 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS

×