Mobile phones have become like personal computers that store a lot of private information but have significant security issues. Phones are often not properly patched and have multiple entities like manufacturers, carriers, users, and applications that each handle security with varying degrees of effectiveness. As phones gain more features like NFC and location services, they will likely face new risks from vulnerabilities, malware, and social engineering attacks. Strong passwords, encryption, and awareness of what applications can access are important for mobile security and privacy.

1. pocket security, your mobile by Vitor Domingos all-around mercenary

2. Vitor Domingos [email_address] http://vitordomingos.com - cloud computing & security consultant - thenextweb editor - mobilemonday PT founder - videocaster - ex failed entrepreneur - ex ITIJ / MJ - ex CGD - ex forumB2B - ex Maxitel - ex Jazztel

6. Phones ... - 15 years of pure unsecurity and few exploits - mobile is the most personal and private item we own - phones are now computers, the personal kind - they even run full operating systems

7. What's in ... - phone calls; - addressbook; - emails; - sms; - mms; - browser history; - pictures and some documents; - calendar; - gps tracking data; - shop details; - credit card info; - other sync evilness

8. TRUST - we trust the carrier - we trust the manufacturer - we trust the users - we trust the the phone - we trust the software - we trust we're safe cause it's not connected or it's in our pocket

10. Mobile Security Levels - Level 1 - Manufacturer - Level 2 - Carrier - Level 3 - User - Level 4 - Application - Level 5 - Enterprise (?)

11. Patching hell ... Problem #1 - if you got a smartphone, then probably you have somewhat upgraded your base software, if not, you're still using what came with it Problem #2 - difficult to patch (OTA is neat, but not used by many) Problem #3 - no enterprise patch; IT people say it's a carrier / user problem and not their own

12. Windows Mobile - digital application signing - limited access to the filesystem - permission requests - device encryption (enterprise) - pin protection (enterprise) - profiles (enterprise) - no granular permission

14. iPhone - OSX Security Model - Appstore - No enterprise security provisioning

16. Android / Symbian - Sandbox - Tight control on application permissions - Digital signature - No enterprise security provisioning

18. Security Community - TSTF.net - Mseclab - Tam Hanna - GSM Association Security Group

19. Password Security - Try to put a real hard password on your phone - Normally it's only 4 digit numbers - Normally if used; it's simple cause it's real hard to input something on the phone - Try K#$"%'º`^!"231Gj - Two factor authentication (?)

21. GSM Cracked - A51 Rainbowtable cracking software (reflextor.com/trac/a51) - GSM interception software (airprobe.org) - Software defined radio (gnuradio.org) - Cheap radion software (ettus.com/products)

23. 2010 - UTMS cracked (on paper) - Sandwich attack - MMS Remote Exploit - iPhone SMS Remote Exploit - Bluetooth Spamming and Attacks (bluesnarfing, bluebug, bluebugging) -$18 bluetooth sniffer - Bluetooth audio flow to headset interception - Over the air wire tapping - ... and what about flash ? :)

26. Look at the screen - what are you running ? - what is it doing ? - are you using network access ? why ? - do you know that it's doing to the filesystem ? to the memory ? to your data ? - where is your data ? - is it using secure protocols ? - where's the backup ?

29. Future (risks?) - Near Field Communications 2008: hacking NFC phones, URI spoofing, NDEF worm; 2010: Nokia announces that all phones are NFC ready - Mobile javascript in the browser (2000 called and their want to block javascript all again) - Phone SSL, VPN - Location Based something - gowalla//forsquare problems

30. Future (risks?) - Spyware disguised as apps (cydia iphone appstore) - Virus/Worm/Botnet - iphone; vodafone memory card spyware bug on android phones - Tinyurl problems (?) - Social phishing from fake call centers