Choosing the Right CBSE School A Comprehensive Guide for Parents
Â
Smartphone
1. Smartphone
Necessity
or
Information Sieve
UNCLASSIFIED
2. The purpose of this brief is to raise awareness of the vulnerabilities associated with
smartphones. For the purpose of this brief, when the term smartphone is used, it also
includes iPhones and blackberries unless otherwise specified.
UNCLASSIFIED
3. Definitions
com¡put¡er
noun
1. An electronic device designed to accept data, perform prescribed mathematical
and logical operations at high speed, and display the results of these
operations.
tel¡e¡phone
noun
1. An apparatus, system, or process for transmission of sound or speech to a
distant point, especially by an electric device.
UNCLASSIFIED
5. The Future
Smartphone sales eclipsed standard cellular phone sales as well as PC
sales last year. According to Google, over 200,000 Android smartphones
are activated each day- Ellis Holman
UNCLASSIFIED
8. Security Risk
What is the biggest security risk when it comes to Smartphones?
HINT: This risk most likely is the same as internet capable
computers or Wi-Fi laptop use.
Answer: YouâŚâŚ. The user.
Like most people, when it comes to new technology, we want it
and we want it now. We usually start using this technology for
all the benefits promised without understanding the
vulnerabilities or the security features available.
UNCLASSIFIED
9. The Numbers
A study conducted by the Ponemon Institute in concert with AVG
Technologies;
â˘734 random US consumers over age 18 questioned regarding mobile
communications behavior.
⢠89 percent respondents unaware smartphone applications can
transmit confidential payment information without the userâs
knowledge or consent.
⢠91 percent respondents unaware financial applications for
smartphones can be infected with specialized malware designed to
steal credit card numbers and online banking credentials. 29 percent
report already storing credit and debit card information on their
devices. 35 percent report storing âconfidentialâ work related
documents.
⢠56 percent respondents unaware; failing to properly log off a social
network app could allow an imposter to post malicious details or
change personal settings. UNCLASSIFIED
10. U.K. National Statistics
⢠45 percent of Internet users used a mobile phone to connect to the Internet
⢠6 million people accessed the Internet over their mobile phone for the first time in the
previous 12 months
⢠The use of wireless hotspots almost doubled in the last 12 months to 4.9 million users
⢠21 per cent of Internet users did not believe their skills were sufficient to protect their
personal data
⢠77 per cent of households had Internet access
- Office of National Statistics âInternet Access - Households and Individuals, 2011 â
UNCLASSIFIED
11. Malware
⢠An average of 9 out of every 100 smartphones in
use is infected with malware of some type
UNCLASSIFIED
12. Definitions
Key Logger: A computer program that records every keystroke made by a
computer or Smartphone user. The âkey-loggerâ will then send the
information to an outside server. This is often used in order to gain
fraudulent access to passwords and other confidential
information.
Worm: A computer worm is a self-replicating malware
computer program that can replicate to such an extent as to take up enough
bandwidth to cause a denial of service.
Virus: A Virus is a software program capable of reproducing itself
to corrupt and cause major damage to files or other programs.
They can spread quickly, infecting other computers or smartphones.
Trojan: A Trojan horse, or Trojan, is malware that appears to perform a
desirable function for the user prior to run or install instead facilitates
unauthorized access of the userâs computer system.
UNCLASSIFIED
13. Spyware
Software that self-installs on a computer, enabling information to be gathered covertly
about a person's knowledge including
â inbound and outbound texts, emails, and phone calls
â Web browsing activity
â Information stored on phone
â Contacts
â Can even turn on the phoneâs camera to capture images and video
UNCLASSIFIED
14. Information Hemorrhage on the
WWW
Web surfing is the primary source of new infections, with attackers relying more and
more on customized malicious code toolkits to develop and distribute their threats.
90 percent of all threats detected by Symantec, during a study period, attempted to
steal confidential information.
- Michael Dinan, TMCnet Editor
Web browsing is becoming a big threat, with 38 percent of Android owners encountering a
malicious link â 40 percent if you only consider the United States.
- Lookoutâs chief technology officer Kevin Mahaffey
UNCLASSIFIED
16. Whatâs on Your Phone
"Mobile phones are a huge source of vulnerability. We are definitely seeing an increase in
criminal activity.â - Gordon Snow, assistant director of the Federal Bureau of Investigation's Cyber Division.
UNCLASSIFIED
17. Keeping in Touch
The âBad Guyâ is using the same tools and resources
that we (the recreational user) use, and a lot of the
time, they know more about the tool.
Across the U.S. and beyond, inmates are using social networks and smartphones smuggled
into prisons and jails to harass their victims or accusers and intimidate witnesses.
In California, home to the nation's largest inmate population, the corrections department
confiscated 12,625 phones in just 10 months this year. - DON THOMPSON, Associated Press November 2011
UNCLASSIFIED
18. Smart Phishing (Smishing) for
Smartphones
Emails or texts messages offering a free one-year warranty extension for a popular
smartphone, links to a company-branded web page. That web page asks for an email address
and then smartphone serial number, IMEI number, type of phone, and capacity of phone.
Cybercriminals use the information requested on the web page to clone the smartphone. â
markmonitor.com
UNCLASSIFIED
19. Man In The Middle (MITM)
Attack
The attacker machine forces traffic between the victimâs machines to route through it by
sending a false Address Resolution Protocol (ARP) reply to both machines. The attacker can
than create new connections and kill existing connections, as well as view and replay
anything that is private between the targets machines.
A testing team has adequately shown that with a mobile laptop in a WiâFi network, it is
possible to intercept communications between a smartphone and the WiâFi hotspot.
- Smobile Systems
UNCLASSIFIED
21. Jailbreaking
⢠Gives the user root level access to the phone
⢠Strips away security measures designed to protect the smartphone
⢠A majority of smartphone malware comes from third party app stores
UNCLASSIFIED
22. âTrojanizedâ Apps
The malicious developer selects popular apps to âtrojanizeâ and delivers malware
along with the clean content
UNCLASSIFIED
24. How You are âProtectedâ
Google Bouncer iTunes App World
Scans all uploaded Apple authenticates Vets applications
Android its developers, before
Marketplace apps tests and digitally distribution and
40% decrease in signs each app allows user to
potential malicious before set permissions
apps in the distribution for each item
marketplace in making malware within an app
2011 occurrences rare separately to
give user control
UNCLASSIFIED
25. Defensive software
Malware
Anti Virus
March 2012
AV-TEST an independent
IT security institute, has
inspected 41 different
virus scanners for
Android with regard to
their detection
performance.
UNCLASSIFIED
26. Whatâs in Your App?
The most common malicious Android apps contain spyware and (SMS) Trojans that:
⢠collect and send GPS coordinates, contact lists, e-mail addresses etc. to third parties
⢠send Short Message Service (SMS) to premium-rate numbers
⢠subscribe infected phones to premium services
⢠record phone conversations and send them to attackers
⢠take control over the infected phone
⢠download other malware onto infected phones
- Cnet.com
UNCLASSIFIED
27. Some Android Apps Use
Personal Data Suspiciously
A study conducted (2010) by Penn State, Duke, and Intel Labs ;
Found that 358 apps in the Android Market require Internet permissions, as
well as permissions to access location, camera, or audio data. Of those 358,
researchers randomly selected 30 apps, including ones for The Weather
Channel and BBC News.
15 of the 30 apps reported user locations to remote advertising servers, and
seven apps collected the device ID, and sometimes the phone number and SIM
card serial number. One app even transmitted phone information every time
the phone booted â even if the app has not been used. Overall, two-thirds of
the apps used data suspiciously, researchers concluded.
- Pcmag.com
UNCLASSIFIED
28. App Security
⢠Despite increased security in legitimate app marketplaces, malware still comes
through
⢠Scrutinize apps before downloading
â Do you know the developer?
â How long has it been available?
â What are the permissions required?
UNCLASSIFIED
29. Mobile Banking
⢠Mobile banking has grown 129% in the last year alone
⢠Android users alone lost more than one million dollars to cyber-thieves in 2011
and the numbers are climbing
UNCLASSIFIED
30. Geo-tag
Most smartphones and some cameras made today are equipped with geo tags. Geo
tags are imbedded in the picture and use the same concept as GPS.
UNCLASSIFIED
31. Physical Consideration
If you leave your phone unattended, loose or have it stolen, depending on what security
features you have set, a Smudge attack can be conducted. The picture illustrates how easy it
would be to access this phone.
Maintain positive control of your phone and clean the screen after every use if you have a
touch screen keypad.
UNCLASSIFIED
32. Navy Networks
In October 2010, CTO 10-084 was released prohibiting the connection of unapproved USB
mass storage devices to government networks. This includes connecting a
smartphone to a DON computer âjust to charge itâ. Lack of compliance could result
in data exfiltration, spillage and the spread of malware
UNCLASSIFIED
33. Smartphone Headlines
HTC Smartphone Vulnerability Exposes Your Personal Data
Your Smartphone Is Spying on You
Smartphone pictures pose privacy risks
Report Reveals Data Loss as Primary Concern
for Smartphone Users
Tens of Millions of Smartphones Come With
Spyware Preinstalled, Security Analyst Says
Smartphones evidence a boon for divorce
lawyers
Android super smartphones: Too much of a
good thing?
Smartphones overtook PC shipments in 2011
Smartphone scams: Owners warned over
malware apps
UNCLASSIFIED
34. Recommendations for a More Secure
Smartphone
Never store sensitive data on smart phones
Do not leave phone unattended in public
Enable password protection
Activate the lock-out screen
Update your device regularly, to include
anti-virus software
Enable encryption where possible
Do not open suspicious email or click
unknown links from unsolicited texts or email
Take precautions to avoid theft and recover
from loss
Avoid using smartphones to conduct online
financial transactions
UNCLASSIFIED
35. Recommendations for a More Secure
Smartphone
Only purchase apps from legitimate marketplaces
Understand the apps you download/use
and what data the app accesses
Turn off GPS & Bluetooth when not in use
Disable Geo-tagging
Never âjailbreakâ or ârootâ a smartphone
Keep phone screen clean if using touch
screen keypads
Enable âsafe modeâ to prevent applications
from running in the background without
permission
Data sanitize your device before
redistributing it
UNCLASSIFIED
36. Summary
⢠Computer health statistics
⢠The climb of smartphones
⢠Activities executed on smartphones
⢠Security issues involving smartphones
⢠Application uses and the vulnerabilities
⢠Physical issues involving smartphones
⢠Recommendations for smartphones
UNCLASSIFIED
Which one of these definitions is closer to what a smart phone is? Are we using the right terminology?
Only about two years ago, the circled words on this screen were used to describe computers and their capabilities.Do you associate any of these words with your home phone? That is if you still have one.
Does this slide depict the decline of the home computer? Instead of a computer in every home, will we have two, three or maybe more in every household?
The smartphone has made information sharing quick,easy and able to be conducted on the run. What about The talking piece? There is no stats on the percentage of time spent TALKING!
Based on all the functions available for a smartphone, we really need to treat them as a computer. This is just a to illustrate how vulnerable our computers are and they have been around longer than smartphones. If we have protection measures in place for our computers and we are still having problems with keeping them secure and healthy, are people really aware of the vulnerabilities of smartphones and how to keep them secure?
This study shows that people continue to use technology without understanding the risk or vulnerabilities associated with it. These numbers should be a wakeup call for all of us.
Assuming that Americans are not that different from our friends in the U.K., let look at the practices of the U.K. and then consider our numbers from the previous slide. Does 21% seem like a low number? People usually do not admit short comings. Example, How many people would admit not being a good driver?
A snapshot in time on the internet, 90% of all threats detected were after confidential information. With this in mind, is your smartphone protected? 40% of Android users in the US have experienced a malicious link. Do you have personal data on your phone? Or do you use the web to update or post personal data?
Contact lists, location data, text messages, Social Networking and banking information are just some of the things stored on or conducted with smartphones. Is this information important to you? How cautious are you with your information?
Facebook continues to be a prime source of personal information. It also allows for ease of communication based on your privacy settings. With smartphones, as you see in the slide, bad guys are using this to their advantage. Yes, the bad guys are using the same resources that we do.
Like professional Angler (Fisherman) Fred Arbogast, people who phish on the internet know what lures or bait to use to hook their prey. The bad guys have now set their sights on smartphone users and this type of phishing is now referred to as smishing.
Man in the middle attacks leave little clues for people to identify when they have been a victim. No questionable e-mail that the victim has to respond to, know suspicious links clicked on or no noticeable interaction with questionable entities. The only thing you may question is if you used a Wi-Fi hotspot prior to the compromise of whatever you are missing. Question: So what are you doing on your smartphone while on a Wi-Fi hotspot?
Over 500,000 cleared by Apple. There are many, many more available and not always for good things.
The answer is up for you as the user to decide. While any one system is not better than another it IS important to know your phone and the vulnerabilities specific to the type of phone you have.
30 random apps selected and the results are a bit scary. What did you agree to when you downloaded your apps? The app developers can claim that permission (from the user) was granted, but the reality is that in most cases the app developer never spelled out why it needs access to sensitive information or what will be done with it.
Geo-tagging still remains an issue. This has been briefed and discussed in the past and awareness has been raised for the people who already own smartphones. However, new users remain unaware of this vulnerability and do not turn this feature off.
This is an example of a low tech hack on a high tech piece of equipment. Do we really need to make it this easy for a bad guy?
can introduce malicious code to the network, provide an avenue to exfiltrate data from the device, or provide adversaries access to critical unclassified or classified networks
Just some of the headlines on smartphones. As the actor Kevin Costner heard in âthe field of dreamsâ âIf you build it, they will comeâ The smartphone was built and the vulnerabilities did come, along with those willing to exploit the weaknesses.