3. What can you do ?
• Lock
access
to
the
phone
with
PIN
or
password
• Backup
phone
data
in
the
cloud,
computer,
memory
card
• Find
My
iPhone
• Where’s
my
Droid
3
5. Malicious software
• Easily
distributed
via
applicaKon
stores
without
security
mechanism
• Pirated
versions
of
legiKmate
apps
• Fetch
apps
from
links
on
the
web
(“malverKzing”)
• Install
soSware
which
targets
communicaKon,
user
locaKon
or
other
personal
data
• SMS
trojan
and
premium
SMS
5
6. What can you do ?
• Avoid
changing
phone’s
factory
seVngs
• Don’t
jailbreak
or
root
your
phone
• Install
apps
only
from
trusted
sources
• Read
app
reviews
• Read
permissions
requested
by
applicaKon
before
installing
it
• Install
firmware
updates
provided
by
the
manufacturer
6
8. Malicious QR codes
• QR
code
usually
contain
web
link
• Smartphone
browser
is
automaKcally
launched
• Install
malware
• Link
to
phishing
site
• Steal
informaKon
8
9. What can you do ?
• Use
app
that
has
built
in
securiKes
features
(Norton
Snap)
• Enable
QR
code
review
• Check
if
it
is
sKcker
(in
real
life)
9
11. What can you do ?
• Don’t
transmit
sensiKve
data
via
public
Wi-‐Fi,
which
is
usually
unencrypted
• Send
sensiKve
data
to
sites
that
you
trust
• Check
if
it
web
address
starts
with
haps
• Use
secure,
encrypted
VPN
to
connect
to
corporate
network
11
15. OWASP Mobile Security Project
• OWASP
FoundaKon
• For
developers
and
security
teams
• How
to
build
and
maintain
secure
mobile
apps
• Primary
focus
on
applicaKon
layer
15
16. OWASP Mobile Security Project
• Top
Ten
Mobile
Risks
• Mobile
security
tesKng
• Mobile
cheat
sheet
series
• Secure
mobile
development
• Top
ten
mobile
controls
and
design
principles
16