2013 04-04 --ncc_group_-_voice_biometrics_conference_-_mobile_security

•

0 likes•595 views

NCC Group

Technology Business

Before we begin…
• NCC = iSEC Partners in the USA
• FTSE listed ~99 million GBP revenue
• Independent security experts
• Working in hardware, software
and higher level business functions
• Trusted advisor to many
• ~ 250 technical security consultants
• ~ 80 business security consultants

Agenda for the 15 minute positioning..
•Mobile Security
•Reality and Elephants
•Future Enablers
•Authentication and mobile
•2FA – what it looks like today
•Voice biometrics and its Role

Mobile Security – Security threats
• Hardware
• Platform
• Android, iOS, Windows etc.
• Vendor Customisation
• Undermining platform security
• Apps
• Poorly designed / implemented
• User activity
• Hygiene with regards to apps / jail breaking

Mobile Security – Challenges
• Mobile vendor fragmentation
• Vendor spend on security
• 18 to 24 month device life cycles
• Carrier certification of updates
• User awareness / education
• User experience for security patches
• Carrier / user desire for security patches

Mobile Security – Future
• The security arms race is starting..
• BlackBerry, Samsung,
SEAndroid (Generic),
Apple and Windows
• Platform features
• TrustZone
• Virtualisation / HyperVisors
• Software security
• Improving rapidly..

Mobile 2FA – Concerns
• Satisfying ‘Something you have’
• SMS latency
• The ‘NYE’ problem
• The ‘malware’ issue
• For seeded / on-line
• Jail breaking
• For seeded / on-line
• Connectivity
• For on-line

Mobile 2FA – Satisfying the concerns
• Today
• Jail break detection
• Device unique IDs
• Device lockdown
• Dual persona devices
• Tomorrow
• TrustZone and friends

Mobile 2FA – Result (one solution seen)
Circuit Switch and Voice for Last Chance Fall-back

Viewers also liked

Practical SME Security on a Shoestring

NCC Group

Pki 202 Architechture Models and CRLs

NCC Group

Ncc group overview presentation august 2012 final

Tony_Clarke

Mobile App Security: Enterprise Checklist

Jignesh Solanki

NCC Group Presentation

NCC AB

When the iPhone was first released, the security of its data was…not as good as it should’ve been. But with every release since then, data security has improved, until now it’s the subject of court cases and CNN panel discussions. But how exactly does it work, anyway? Sure, it uses “encryption,” but what does that really mean, and just how far can we trust it? I try to explain, in simple terms and with useful diagrams, just how the complex encryption models on iOS work. Based on published research and Apple’s own documentation, I show where there are things we don’t know, or don’t quite understand, and describe iOS protects (or doesn’t) against forensics, law enforcement, and hackers.

A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group

EC-Council

Cryptography101

NCC Group

07182013 Hacking Appliances: Ironic exploits in security products

NCC Group

Cryptography - 101

n|u - The Open Security Community

Ncc Group Escrow Overview 2010

Jonnyhyde

How Spotify Helps Their Engineers Grow - Chris Angove

Hakka Labs

Current & Emerging Cyber Security Threats

NCC Group

USB: Undermining Security Barriers

NCC Group

2012 12-04 --ncc_group_-_mobile_threat_war_room

NCC Group

Pki 201 Key Management

NCC Group

Real World Application Threat Modelling By Example

NCC Group

Private sector cyber resilience and the role of data diodes

Ollie Whitehouse

Viewers also liked (17)

Practical SME Security on a Shoestring

Pki 202 Architechture Models and CRLs

Ncc group overview presentation august 2012 final

Mobile App Security: Enterprise Checklist

NCC Group Presentation

A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group

Cryptography101

07182013 Hacking Appliances: Ironic exploits in security products

Cryptography - 101

Ncc Group Escrow Overview 2010

How Spotify Helps Their Engineers Grow - Chris Angove

Current & Emerging Cyber Security Threats

USB: Undermining Security Barriers

2012 12-04 --ncc_group_-_mobile_threat_war_room

Pki 201 Key Management

Real World Application Threat Modelling By Example

Private sector cyber resilience and the role of data diodes

Recently uploaded

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

CzechDreamin

Unlock the mysteries of successful Salesforce interviews in this insightful session hosted by Hugo Rosario (Salesforce Customer), a seasoned hiring manager that leads the Salesforce Department of multinational company with over 100 interviews under their belt. Step into the manager's chair and gain exclusive behind-the-scenes insights into what makes a Salesforce consultant stand out during the interview process. From deciphering the unspoken cues to mastering key strategies, we'll explore the intricacies of the interview process and provide practical tips for consultants looking to not only pass interviews but also thrive in their roles. Whether you're a seasoned professional or just starting your Salesforce journey, this session is your backstage pass to the secrets that hiring managers wish you knew.

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

CzechDreamin

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

marcuskenyatta275

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

Webinar Recording: https://www.panagenda.com/webinars/alles-neu-macht-der-mai-wir-durchleuchten-den-verbesserten-notes-eigenschaftendialog/ Haben Sie sich schon einmal über den zu kleinen Eigenschaftendialog in Notes geärgert? Mussten Sie einen Agenten oder eine Aktion erstellen, um schnell mal ein Feld zu ändern? Haben Sie jedes mal endlos nach dem zu vergleichenden Feld gesucht, nachdem Sie ein neues Dokument ausgewählt haben? Wollten Sie das verdammte Ding einfach nur größer machen? Zum Glück gibt es dafür eine Lösung – und sie ist wahrscheinlich bereits installiert! Mit dem kostenlosen panagenda Document Properties (Pro) erhalten Sie den Eigenschaftendialog, den Sie schon immer haben wollten. Größer, anpassbar, und im Volltext durchsuchbar. Sehen Sie mehrere Dokumente gleichzeitig oder vergleichen Sie mit einem Diff-Viewer. Ändern Sie beliebige Felder und haben Sie endlich eine einfache Möglichkeit, Profildokumente für alle Benutzer zu verwalten. Entdecken Sie mit HCL Ambassador Marc Thomas, wie Document Properties Ihre Arbeit vereinfachen und Sie bei der täglichen Verwendung von Domino-Anwendungen unterstützen kann – im Client oder im Designer. Sie werden es nicht bereuen! Für Sie in diesem Webinar - Was Document Properties ist, welche Editionen es gibt und wo es in Notes und Domino Designer zu finden ist - Wie Sie nach einem beliebigen Feld suchen und es bearbeiten, Dokumente vergleichen oder alle Daten per CSV exportieren können - Suchen, Bearbeiten und auch Löschen von Profildokumenten - Welche Konfigurationseinstellungen verfügbar sind, um Funktionen anzupassen - Wie Ihre Endbenutzer davon profitieren - Sehen Sie alles in einer Live-Demo

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...

panagenda

What's New in Teams Calling, Meetings and Devices April 2024

Stephanie Beckett

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

FIDO Alliance

Intrigued by why some of the world's largest companies (Netflix, Google, Cisco, Twitter, Uber etc) are using gRPC? In this demo based talk we delve into the world of gRPC in .Net, what it does and why we should use it. We compare the interface with both Rest and graphQL. We will show you how to implement grpc server-side in .net and in the web. Finally, I will show you how the tooling helps you deliver powerful interfaces and interact with them quickly and simply.

Demystifying gRPC in .Net by John Staveley

John Staveley

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

FIDO Alliance

Microsoft CSP Briefing Pre-Engagement - Questionnaire

Exakis Nelite

How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf

FIDO Alliance

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

FIDO Alliance

Designing inclusive products is not only a social responsibility but also a business imperative. This talk delves into the journey of creating accessible hardware products that cater to diverse user needs. Key Topics Covered: 1. Introduction to Inclusive Design - Importance of accessibility in product design - Overview of Comcast's commitment to making products accessible to a wide audience 2. Case Study: Xfinity Large Button Voice Remote - Initial challenges and the evolution of the product - User research and feedback that shaped the design - Key features of the final product and their benefits 3. Designing for Diverse Needs - Understanding human-centered design and its historical context - The impact of designing for people with disabilities on overall product quality - Examples from other industries, such as architecture and industrial design 4. Integrating Accessibility from the Beginning - The cost and efficiency benefits of designing for accessibility from the start - The process of embedding accessibility as a core trait rather than an optional feature 5. Real-World Impact and Continuous Improvement - Insights from in-home studies with users having assistive needs - How continuous feedback and iterative design lead to better products - The role of inclusive research and development practices

Designing for Hardware Accessibility at Comcast

UXDXConf

Overview of Hyperledger Foundation

Hyperleger Tokyo Meetup

Using IESVE for Room Loads Analysis - UK & Ireland

IES VE

In today’s fast-paced digital world, harnessing the power of artificial intelligence (AI) can significantly enhance productivity and creativity across various domains. With the advent of advanced language models like ChatGPT, developers, marketers, data analysts, and professionals in numerous other fields can now leverage AI-generated prompts to spark innovative ideas and streamline their workflows.

1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT

iSEO AI

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Jennifer Lim

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

FIDO Alliance

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

FIDO Alliance

Ever caught yourself nodding along when someone mentions "delivering value" in Agile, but secretly wondering what the heck they actually mean? You're not alone! Join us for an eye-opening session where we'll strip away the buzzwords and dive into the heart of Agile—value delivery. But what is "value"? Is it a mythical unicorn in the world of software development, or is there more to this overused term? This isn't going to be a sit-and-get lecture. We're talking about a face-to-face, interactive meetup where YOU play a crucial role. Come along to: Define It: What does "value" really mean? We’ll build a definition that’s not just words, but a compass for your Agile journey. Contextualise It: Discover what value means specifically to you, your team, your company, and your industry. Because one size does not fit all. Deliver It: Share strategies and gather new ones for uncovering and delivering true value—no more shooting in the dark!

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

David Michel

Recently uploaded (20)

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

Optimizing NoSQL Performance Through Observability

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...

What's New in Teams Calling, Meetings and Devices April 2024

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Demystifying gRPC in .Net by John Staveley

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

Microsoft CSP Briefing Pre-Engagement - Questionnaire

How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

Designing for Hardware Accessibility at Comcast

Overview of Hyperledger Foundation

Using IESVE for Room Loads Analysis - UK & Ireland

1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

2013 04-04 --ncc_group_-_voice_biometrics_conference_-_mobile_security

1. Mobile Security and 2FA The reality from the trenches… Ollie Whitehouse, Associate Director, NCC Group

2. Before we begin… • NCC = iSEC Partners in the USA • FTSE listed ~99 million GBP revenue • Independent security experts • Working in hardware, software and higher level business functions • Trusted advisor to many • ~ 250 technical security consultants • ~ 80 business security consultants

3. Agenda for the 15 minute positioning.. •Mobile Security •Reality and Elephants •Future Enablers •Authentication and mobile •2FA – what it looks like today •Voice biometrics and its Role

4. Mobile Security – Security threats • Hardware • Platform • Android, iOS, Windows etc. • Vendor Customisation • Undermining platform security • Apps • Poorly designed / implemented • User activity • Hygiene with regards to apps / jail breaking

5. Mobile Security – Challenges • Mobile vendor fragmentation • Vendor spend on security • 18 to 24 month device life cycles • Carrier certification of updates • User awareness / education • User experience for security patches • Carrier / user desire for security patches

6. Mobile Security – Future

7. Mobile Security – Future • The security arms race is starting.. • BlackBerry, Samsung, SEAndroid (Generic), Apple and Windows • Platform features • TrustZone • Virtualisation / HyperVisors • Software security • Improving rapidly..

8. Mobile 2FA – Concerns • Satisfying ‘Something you have’ • SMS latency • The ‘NYE’ problem • The ‘malware’ issue • For seeded / on-line • Jail breaking • For seeded / on-line • Connectivity • For on-line

9. Mobile 2FA – Drivers for mobile 2FA

10. Mobile 2FA – What we’re seeing

11. Mobile 2FA – Satisfying the concerns • Today • Jail break detection • Device unique IDs • Device lockdown • Dual persona devices • Tomorrow • TrustZone and friends

12. Mobile 2FA – Result (one solution seen) Circuit Switch and Voice for Last Chance Fall-back

13. Mobile 2FA – Tomorrow?

2013 04-04 --ncc_group_-_voice_biometrics_conference_-_mobile_security

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (17)

Recently uploaded

Recently uploaded (20)

2013 04-04 --ncc_group_-_voice_biometrics_conference_-_mobile_security