SlideShare a Scribd company logo

Securing hand held computing devices

Download as PPTX, PDF
J
jraja01
Technology
1 of 17
Securing hand-held computing devices : The cyber-security challenge of the decade Jagadeesan R, Senior Consultant
The hand-helds have arrived  The growth rate for the hand-held market (including smartphones and tablets) is leapfrogging the desktop/laptop market growth rate by some length It is estimated that around 73.5 million iPhone OS devices( iPhones and iPod touches) had been sold globally till Jan 2010 Global iPad sales are projected by Piper Jaffray to reach 23.3 million units in 2011 - up from an estimated 13 million in 2010  A large number of consumer and business applications are being made available for hand- helds
The hand-helds have arrived • Deutsche Bank, Bank of America, Citi, JPMC, Standard Chartered and UBS are all running pilots with BlackBerry alternatives – iPhones/ Android phones • Starbucks already has a mobile payment app for the iPhone • Union Bank of India to introduce mobile payments network including person-to-person payments • ICICI bank-Vodafone, SBI-Airtel, Yes Bank – Nokia have launched mobile payments initiatives • Barclaycard, Orange and T-mobile are set to launch the UK's first commercial contactless mobile phone payments system this year
But hand-held security hasn’t!  With the exception of the tightly controlled Blackberry platform, Powerful handhelds are a recent entrant into Corporate IT  The handheld market resembles the PC market of the mid 1980’s to the early 90’s  Poor awareness of most security threats  Dynamic market with keen competition between several players and platforms  Very rapid growth – “Get it out to the retailer” mind-set  Highly driven by retail consumer adoption
Typical vulnerabilities seen so far • Malware – Zeus mobile trojan intercepts One-time banking passwords sent by certain banks by SMS; affects Symbian and Blackberry devices – Geinimi trojan for Android can allow infected phones to be controlled by a remote server, tracks geo- location and unique device ID's • Backdoors – Android vulnerability allows malicious website to read files from SD card
Typical vulnerabilities encountered • User information trails in phone memory from poor design – Mobile financial applications(Android, iPhone) from USAA , Wells Fargo were found to insecurely store account numbers and balances in phone memory (subsequently fixed) • Cross-site scripting – A cross-site scripting bug in the Android market allowed anyone to silently install a malicious app on the user's Android phone (when the user clicks on a link while browsing the Market on a desktop)(later patched)
Typical vulnerabilities encountered • Signal interception – Bluetooth hacks can help make calls on hacked phone, read/send SMS, access contact lists, tap phones, divert incoming calls, surf web – Rogue base stations can be used to tap phones • Poor privacy controls – There is a suit filed in court alleging that Apple and other app creators have been passing along user's personal information by tracking Unique device ID's/geo location without getting prior consent
Mobile device platforms - How do they compare? • For BlackBerry, Apple and Windows Phone platforms, apps have to pass review before being made available for download; This blunts some of the attack points • Android allows apps to be distributed through websites directly on the Market; This opens up more attack points for malware bundled into apps - to exploit vulnerabilities – Google recently applied a master kill-switch( for the first time) to clean up more than 50 virus-infected apps from individual Android phones
Mobile device platforms - How do they compare? • Google is taking the tack that more open-ness will lead to a more dynamic and secure Android platform in the long run • However currently, there are broken links in the software update chain(unlike the desktop market) • Here, there is a dependency on telecom carriers which typically do not push OS patches fast enough on to smartphones - There will be a significant amount of pain in stabilizing Android as a secure platform
Prominent mobile security- related products in the market Authentication • RSA Secure ID 2.2 for Symbian OS and UIQ Encryption and authentication • Checkpoint's Pointsec Comprehensive cloud-scanned web-security • Zscaler mobile Data-loss Prevention • WebSense Mobile DLP
Prominent mobile security- related products in the market Anti-virus • NetQin Mobile Anti-virus • CA's eTrust anti-virus software for Palm, Windows Mobile Anti-virus and Anti-theft • McAfee WaveSecure + VirusScan remote lock GPS tracking remote wipe malware scanning
Prominent mobile security- related products in the market Anti-virus and Anti-theft • Kaspersky Mobile Security 9 – Mobile filtering – Anti-theft features(use of Phone's GPS to track location, Remote data-wipe/block/lock, SIM Watch) ; SMS find shows missing device's location on GoogleMaps using GPS data – Encryption, Parental controls – Anti-virus, Firewall Privacy protection – Supports Symbian OX 9.1 and higher, Windows Mobile 5.0 to 6.5, BlackBerry 4.5 to 6.0 and Android 1.6 to 2.2
In summary…. • Blackberry continues to be the most secure platform for Corporate IT, followed by the iPhone/iPad • Android is likely to catch-up in the long term with it’s open philosophy; not at the top for security in the short term though - Timely pushing of patches to devices is a major concern. • Windows Phone is a clear laggard even with an early start and a recent deal with Nokia • Very sophisticated security applications are becoming available in the marketplace • An extraordinary range of powerful functionality is available on these handhelds -> More power for mischief in the age of “Information anywhere”
Citations • http://gigaom.com/apple/ipod-touch-now-outselling- iphone/ • http://www.mobile-tech- today.com/story.xhtml?story_title=Apple_May_Boost_i Pad_Production_To_6M_Per_Month&story_id=10100 CJ4GFWG • http://www.finextra.com/News/fullstory.aspx?newsitemi d=22199 • http://www.finextra.com/community/fullblog.aspx?ID=4 933 • http://www.finextra.com/News/Fullstory.aspx?newsitem id=22207
Citations • http://www.finextra.com/News/fullstory.aspx?newsitemi d=21982 • http://spotlight.getnetwise.org/wireless/wirelessguide.p df • http://www.ameinfo.com/56628.html • http://www.eweek.com/c/a/Security/From-Android-to- the-iPhone-Security-Vendors-Target-Mobile-Devices- 198446/ • http://www.eweek.com/c/a/Security/Kaspersky-Adds- Android-BlackBerry-OS-Support-to-Mobile-Security- Suite-200955/
Citations • http://www.eweek.com/c/a/Security/Zeus-Trojan- Mobile-Variant-Intercepts-SMS-Passcodes-from-Bank- Sites-480154/ • http://thomascannon.net/blog/2010/11/android-data- stealing-vulnerability/ • http://www.netqin.com/en/security/newsinfo_3897_2.ht ml • http://www.gizmag.com/researcher-demonstrates- vulnerabilities-of-mobile-phones/17366/ • http://www.veracode.com/images/pdf/the-challenges- of-developing-secure-mobile-applications1.pdf
Citations • http://viaforensics.com/appwatchdog/viaforensics- uncovers-vulnerabilities-smart-phone-financial- applications.html • http://jon.oberheide.org/blog/2011/03/07/how-i- almost-won-pwn2own-via-xss/

Recommended

Processes and Processors in Distributed Systems
Processes and Processors in Distributed SystemsProcesses and Processors in Distributed Systems
Processes and Processors in Distributed SystemsDr Sandeep Kumar Poonia
 
Replication in Distributed Systems
Replication in Distributed SystemsReplication in Distributed Systems
Replication in Distributed SystemsKavya Barnadhya Hazarika
 
Resource management
Resource managementResource management
Resource managementDr Sandeep Kumar Poonia
 
Virtual machines and their architecture
Virtual machines and their architectureVirtual machines and their architecture
Virtual machines and their architectureMrinmoy Dalal
 
Distributed File Systems
Distributed File Systems Distributed File Systems
Distributed File Systems Maurvi04
 
Wireless application protocol
Wireless application protocolWireless application protocol
Wireless application protocolSrideviHV
 
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddel
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddelCHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddel
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddelmohamed khalaf alla mohamedain
 
Distributed concurrency control
Distributed concurrency controlDistributed concurrency control
Distributed concurrency controlBinte fatima
 

Recommended

Processes and Processors in Distributed Systems
Processes and Processors in Distributed SystemsProcesses and Processors in Distributed Systems
Processes and Processors in Distributed SystemsDr Sandeep Kumar Poonia
 
Replication in Distributed Systems
Replication in Distributed SystemsReplication in Distributed Systems
Replication in Distributed SystemsKavya Barnadhya Hazarika
 
Resource management
Resource managementResource management
Resource managementDr Sandeep Kumar Poonia
 
Virtual machines and their architecture
Virtual machines and their architectureVirtual machines and their architecture
Virtual machines and their architectureMrinmoy Dalal
 
Distributed File Systems
Distributed File Systems Distributed File Systems
Distributed File Systems Maurvi04
 
Wireless application protocol
Wireless application protocolWireless application protocol
Wireless application protocolSrideviHV
 
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddel
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddelCHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddel
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddelmohamed khalaf alla mohamedain
 
Distributed concurrency control
Distributed concurrency controlDistributed concurrency control
Distributed concurrency controlBinte fatima
 
Chapter 12 transactions and concurrency control
Chapter 12 transactions and concurrency controlChapter 12 transactions and concurrency control
Chapter 12 transactions and concurrency controlAbDul ThaYyal
 
Mobile transportlayer
Mobile transportlayerMobile transportlayer
Mobile transportlayerRahul Hada
 
Communication primitives
Communication primitivesCommunication primitives
Communication primitivesStudent
 
15. Transactions in DBMS
15. Transactions in DBMS15. Transactions in DBMS
15. Transactions in DBMSkoolkampus
 
Concurrency Conrol
Concurrency ConrolConcurrency Conrol
Concurrency Conrollubna19
 
Deadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddikDeadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddikSaeed Siddik
 
Multiversion Concurrency Control Techniques
Multiversion Concurrency Control TechniquesMultiversion Concurrency Control Techniques
Multiversion Concurrency Control TechniquesRaj vardhan
 
Memory virtualization
Memory virtualizationMemory virtualization
Memory virtualizationPiyush Rochwani
 
Deadlock dbms
Deadlock dbmsDeadlock dbms
Deadlock dbmsVardhil Patel
 
Software Configuration Management (SCM)
Software Configuration Management (SCM)Software Configuration Management (SCM)
Software Configuration Management (SCM)Er. Shiva K. Shrestha
 
Administering security
Administering securityAdministering security
Administering securityG Prachi
 
Two phase commit protocol in dbms
Two phase commit protocol in dbmsTwo phase commit protocol in dbms
Two phase commit protocol in dbmsDilouar Hossain
 
Software Engineering by Pankaj Jalote
Software Engineering by Pankaj JaloteSoftware Engineering by Pankaj Jalote
Software Engineering by Pankaj JaloteGolda Margret Sheeba J
 
message passing
message passing message passing
message passingAshish Kumar
 
Cohesion and coupling
Cohesion and couplingCohesion and coupling
Cohesion and couplingAprajita (Abbey) Singh
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed systemSunita Sahu
 
Deadlock in Distributed Systems
Deadlock in Distributed SystemsDeadlock in Distributed Systems
Deadlock in Distributed SystemsPritom Saha Akash
 
Coda file system
Coda file systemCoda file system
Coda file systemSneh Pahilwani
 
Flow oriented modeling
Flow oriented modelingFlow oriented modeling
Flow oriented modelingramyaaswin
 
Inter Process Communication
Inter Process CommunicationInter Process Communication
Inter Process CommunicationAdeel Rasheed
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 

More Related Content

What's hot

Chapter 12 transactions and concurrency control
Chapter 12 transactions and concurrency controlChapter 12 transactions and concurrency control
Chapter 12 transactions and concurrency controlAbDul ThaYyal
 
Mobile transportlayer
Mobile transportlayerMobile transportlayer
Mobile transportlayerRahul Hada
 
Communication primitives
Communication primitivesCommunication primitives
Communication primitivesStudent
 
15. Transactions in DBMS
15. Transactions in DBMS15. Transactions in DBMS
15. Transactions in DBMSkoolkampus
 
Concurrency Conrol
Concurrency ConrolConcurrency Conrol
Concurrency Conrollubna19
 
Deadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddikDeadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddikSaeed Siddik
 
Multiversion Concurrency Control Techniques
Multiversion Concurrency Control TechniquesMultiversion Concurrency Control Techniques
Multiversion Concurrency Control TechniquesRaj vardhan
 
Software Configuration Management (SCM)
Software Configuration Management (SCM)Software Configuration Management (SCM)
Software Configuration Management (SCM)Er. Shiva K. Shrestha
 
Administering security
Administering securityAdministering security
Administering securityG Prachi
 
Two phase commit protocol in dbms
Two phase commit protocol in dbmsTwo phase commit protocol in dbms
Two phase commit protocol in dbmsDilouar Hossain
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed systemSunita Sahu
 
Deadlock in Distributed Systems
Deadlock in Distributed SystemsDeadlock in Distributed Systems
Deadlock in Distributed SystemsPritom Saha Akash
 
Flow oriented modeling
Flow oriented modelingFlow oriented modeling
Flow oriented modelingramyaaswin
 
Inter Process Communication
Inter Process CommunicationInter Process Communication
Inter Process CommunicationAdeel Rasheed
 

What's hot (20)

Chapter 12 transactions and concurrency control
Chapter 12 transactions and concurrency controlChapter 12 transactions and concurrency control
Chapter 12 transactions and concurrency control
 
Mobile transportlayer
Mobile transportlayerMobile transportlayer
Mobile transportlayer
 
Communication primitives
Communication primitivesCommunication primitives
Communication primitives
 
15. Transactions in DBMS
15. Transactions in DBMS15. Transactions in DBMS
15. Transactions in DBMS
 
Concurrency Conrol
Concurrency ConrolConcurrency Conrol
Concurrency Conrol
 
Deadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddikDeadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddik
 
Multiversion Concurrency Control Techniques
Multiversion Concurrency Control TechniquesMultiversion Concurrency Control Techniques
Multiversion Concurrency Control Techniques
 
Memory virtualization
Memory virtualizationMemory virtualization
Memory virtualization
 
Deadlock dbms
Deadlock dbmsDeadlock dbms
Deadlock dbms
 
Software Configuration Management (SCM)
Software Configuration Management (SCM)Software Configuration Management (SCM)
Software Configuration Management (SCM)
 
Administering security
Administering securityAdministering security
Administering security
 
Two phase commit protocol in dbms
Two phase commit protocol in dbmsTwo phase commit protocol in dbms
Two phase commit protocol in dbms
 
Software Engineering by Pankaj Jalote
Software Engineering by Pankaj JaloteSoftware Engineering by Pankaj Jalote
Software Engineering by Pankaj Jalote
 
message passing
message passing message passing
message passing
 
Cohesion and coupling
Cohesion and couplingCohesion and coupling
Cohesion and coupling
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed system
 
Deadlock in Distributed Systems
Deadlock in Distributed SystemsDeadlock in Distributed Systems
Deadlock in Distributed Systems
 
Coda file system
Coda file systemCoda file system
Coda file system
 
Flow oriented modeling
Flow oriented modelingFlow oriented modeling
Flow oriented modeling
 
Inter Process Communication
Inter Process CommunicationInter Process Communication
Inter Process Communication
 

Similar to Securing hand held computing devices

ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
Securing 3-Mode Mobile Banking
Securing 3-Mode Mobile BankingSecuring 3-Mode Mobile Banking
Securing 3-Mode Mobile BankingJay McLaughlin
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveIcomm Technologies
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectivePragati Rai
 
551_MH_overview_handout.ppt
551_MH_overview_handout.ppt551_MH_overview_handout.ppt
551_MH_overview_handout.pptNiloyMondal10
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?acijjournal
 
CNIT 128 Ch 1: The mobile risk ecosystem
CNIT 128 Ch 1: The mobile risk ecosystemCNIT 128 Ch 1: The mobile risk ecosystem
CNIT 128 Ch 1: The mobile risk ecosystemSam Bowne
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats ReportJuniper Networks
 
Cybercrime Mobile and Wireless Devices.pptx
Cybercrime Mobile and Wireless Devices.pptxCybercrime Mobile and Wireless Devices.pptx
Cybercrime Mobile and Wireless Devices.pptxVivekanandaGN1
 

Similar to Securing hand held computing devices (20)

ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
Smartphones 2015
Smartphones 2015Smartphones 2015
Smartphones 2015
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Securing 3-Mode Mobile Banking
Securing 3-Mode Mobile BankingSecuring 3-Mode Mobile Banking
Securing 3-Mode Mobile Banking
 
SMART PHONE
SMART PHONE SMART PHONE
SMART PHONE
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
 
ANDROID SECURITY
ANDROID SECURITYANDROID SECURITY
ANDROID SECURITY
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
 
551_MH_overview_handout.ppt
551_MH_overview_handout.ppt551_MH_overview_handout.ppt
551_MH_overview_handout.ppt
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptx
 
CNIT 128 Ch 1: The mobile risk ecosystem
CNIT 128 Ch 1: The mobile risk ecosystemCNIT 128 Ch 1: The mobile risk ecosystem
CNIT 128 Ch 1: The mobile risk ecosystem
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
Cybercrime Mobile and Wireless Devices.pptx
Cybercrime Mobile and Wireless Devices.pptxCybercrime Mobile and Wireless Devices.pptx
Cybercrime Mobile and Wireless Devices.pptx
 

Recently uploaded

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Securing hand held computing devices

  • 1. Securing hand-held computing devices : The cyber-security challenge of the decade Jagadeesan R, Senior Consultant
  • 2. The hand-helds have arrived  The growth rate for the hand-held market (including smartphones and tablets) is leapfrogging the desktop/laptop market growth rate by some length It is estimated that around 73.5 million iPhone OS devices( iPhones and iPod touches) had been sold globally till Jan 2010 Global iPad sales are projected by Piper Jaffray to reach 23.3 million units in 2011 - up from an estimated 13 million in 2010  A large number of consumer and business applications are being made available for hand- helds
  • 3. The hand-helds have arrived • Deutsche Bank, Bank of America, Citi, JPMC, Standard Chartered and UBS are all running pilots with BlackBerry alternatives – iPhones/ Android phones • Starbucks already has a mobile payment app for the iPhone • Union Bank of India to introduce mobile payments network including person-to-person payments • ICICI bank-Vodafone, SBI-Airtel, Yes Bank – Nokia have launched mobile payments initiatives • Barclaycard, Orange and T-mobile are set to launch the UK's first commercial contactless mobile phone payments system this year
  • 4. But hand-held security hasn’t!  With the exception of the tightly controlled Blackberry platform, Powerful handhelds are a recent entrant into Corporate IT  The handheld market resembles the PC market of the mid 1980’s to the early 90’s  Poor awareness of most security threats  Dynamic market with keen competition between several players and platforms  Very rapid growth – “Get it out to the retailer” mind-set  Highly driven by retail consumer adoption
  • 5. Typical vulnerabilities seen so far • Malware – Zeus mobile trojan intercepts One-time banking passwords sent by certain banks by SMS; affects Symbian and Blackberry devices – Geinimi trojan for Android can allow infected phones to be controlled by a remote server, tracks geo- location and unique device ID's • Backdoors – Android vulnerability allows malicious website to read files from SD card
  • 6. Typical vulnerabilities encountered • User information trails in phone memory from poor design – Mobile financial applications(Android, iPhone) from USAA , Wells Fargo were found to insecurely store account numbers and balances in phone memory (subsequently fixed) • Cross-site scripting – A cross-site scripting bug in the Android market allowed anyone to silently install a malicious app on the user's Android phone (when the user clicks on a link while browsing the Market on a desktop)(later patched)
  • 7. Typical vulnerabilities encountered • Signal interception – Bluetooth hacks can help make calls on hacked phone, read/send SMS, access contact lists, tap phones, divert incoming calls, surf web – Rogue base stations can be used to tap phones • Poor privacy controls – There is a suit filed in court alleging that Apple and other app creators have been passing along user's personal information by tracking Unique device ID's/geo location without getting prior consent
  • 8. Mobile device platforms - How do they compare? • For BlackBerry, Apple and Windows Phone platforms, apps have to pass review before being made available for download; This blunts some of the attack points • Android allows apps to be distributed through websites directly on the Market; This opens up more attack points for malware bundled into apps - to exploit vulnerabilities – Google recently applied a master kill-switch( for the first time) to clean up more than 50 virus-infected apps from individual Android phones
  • 9. Mobile device platforms - How do they compare? • Google is taking the tack that more open-ness will lead to a more dynamic and secure Android platform in the long run • However currently, there are broken links in the software update chain(unlike the desktop market) • Here, there is a dependency on telecom carriers which typically do not push OS patches fast enough on to smartphones - There will be a significant amount of pain in stabilizing Android as a secure platform
  • 10. Prominent mobile security- related products in the market Authentication • RSA Secure ID 2.2 for Symbian OS and UIQ Encryption and authentication • Checkpoint's Pointsec Comprehensive cloud-scanned web-security • Zscaler mobile Data-loss Prevention • WebSense Mobile DLP
  • 11. Prominent mobile security- related products in the market Anti-virus • NetQin Mobile Anti-virus • CA's eTrust anti-virus software for Palm, Windows Mobile Anti-virus and Anti-theft • McAfee WaveSecure + VirusScan remote lock GPS tracking remote wipe malware scanning
  • 12. Prominent mobile security- related products in the market Anti-virus and Anti-theft • Kaspersky Mobile Security 9 – Mobile filtering – Anti-theft features(use of Phone's GPS to track location, Remote data-wipe/block/lock, SIM Watch) ; SMS find shows missing device's location on GoogleMaps using GPS data – Encryption, Parental controls – Anti-virus, Firewall Privacy protection – Supports Symbian OX 9.1 and higher, Windows Mobile 5.0 to 6.5, BlackBerry 4.5 to 6.0 and Android 1.6 to 2.2
  • 13. In summary…. • Blackberry continues to be the most secure platform for Corporate IT, followed by the iPhone/iPad • Android is likely to catch-up in the long term with it’s open philosophy; not at the top for security in the short term though - Timely pushing of patches to devices is a major concern. • Windows Phone is a clear laggard even with an early start and a recent deal with Nokia • Very sophisticated security applications are becoming available in the marketplace • An extraordinary range of powerful functionality is available on these handhelds -> More power for mischief in the age of “Information anywhere”
  • 14. Citations • http://gigaom.com/apple/ipod-touch-now-outselling- iphone/ • http://www.mobile-tech- today.com/story.xhtml?story_title=Apple_May_Boost_i Pad_Production_To_6M_Per_Month&story_id=10100 CJ4GFWG • http://www.finextra.com/News/fullstory.aspx?newsitemi d=22199 • http://www.finextra.com/community/fullblog.aspx?ID=4 933 • http://www.finextra.com/News/Fullstory.aspx?newsitem id=22207
  • 15. Citations • http://www.finextra.com/News/fullstory.aspx?newsitemi d=21982 • http://spotlight.getnetwise.org/wireless/wirelessguide.p df • http://www.ameinfo.com/56628.html • http://www.eweek.com/c/a/Security/From-Android-to- the-iPhone-Security-Vendors-Target-Mobile-Devices- 198446/ • http://www.eweek.com/c/a/Security/Kaspersky-Adds- Android-BlackBerry-OS-Support-to-Mobile-Security- Suite-200955/
  • 16. Citations • http://www.eweek.com/c/a/Security/Zeus-Trojan- Mobile-Variant-Intercepts-SMS-Passcodes-from-Bank- Sites-480154/ • http://thomascannon.net/blog/2010/11/android-data- stealing-vulnerability/ • http://www.netqin.com/en/security/newsinfo_3897_2.ht ml • http://www.gizmag.com/researcher-demonstrates- vulnerabilities-of-mobile-phones/17366/ • http://www.veracode.com/images/pdf/the-challenges- of-developing-secure-mobile-applications1.pdf
  • 17. Citations • http://viaforensics.com/appwatchdog/viaforensics- uncovers-vulnerabilities-smart-phone-financial- applications.html • http://jon.oberheide.org/blog/2011/03/07/how-i- almost-won-pwn2own-via-xss/