2. What is Mobile Security?
Mobile security is the protection
of smart phones, tablets, laptops
and other portable computing
devices and the networks they
connect to, from threats and
vulnerabilities associated with
wireless computing. Mobile
security is also known as wireless
security.
3. Need of Mobile Security?
As Smartphones are becoming storage units for personal
information through use of various social networking
applications, personal organizers and e-mail clients.
So, smartphones are becoming primary target of attackers.
Mobile threats are endangering safety of individuals, companies
and if measures are not taken, then the cybercrime can have
impact on the security of the whole society.
6. Security Challenges for Mobile Device
Users
Insecure Data Storage.
Physical Security.
Mobile browsing.
Multiple User Logging.
Client side injection.
Improper session handling.
Weak Authentication and Brute Force Attack.
7. Mobile Threats and Vulnerabilities
Mobile Threats
1. Physical threats
- Bluetooth.
- Lost or Stolen Mobile Devices.
13. Introduction to Android
It is a open source software platform and operating system for mobile devices.
Based on Linux kernel.
Developed by Google and later the Open Handset Alliance.
Allows writing managed code in Java Language.
Android has its own virtual machine i.e DVM(Dalvik Virtual Machine),which
is used for executing the android application.
Google purchased the initial developer of the software, android incorporated in
2005.
16. Application Permission
There are four permissions levels and they are as follows:
Normal (not a dangerous one and considered as
an application-level permission).
Dangerous (a more risky permission could access, without the asking
the user to confirm; a sensitive data or damaging functions).
Signature (a permission can be granted only to other packages that are
signed with the same signature).
Signature-or-system (a special type of signature permission
that's existing to manipulate with the legacy permissions).
18. Improvements in the Existing Security
Model
Practically, there are a number of issues in such a model:-
1)The user must grant all of the required permissions in order to install
the application,
2) Once the permissions are granted; there is no method of restricting an
application to use the granted permissions,
3) There is no way of restricting access to the resources based on dynamic
constraints as the permission model is based on install-time check only,
4) Granted permissions can only be revoked by uninstalling the
application.
19. Proposed Framework for Android
Security
1. Kirin:-install-time certification mechanism – that allows the
mobile device to enforce a list of predefined security requirements
prior to installation process of an application.
2. SCanDroid: Android to perform information flow analysis on
applications in order to understand the flow of information from
one component to another component.
21. Example of Malicious Application
Malicious content delivery scenario for Android
22. Example of Malicious Application(cont’d)
Example malicious application of android
23. First Version of Android.
The focus of Android beta is testing incorporating usability.
Android beta will generally have many more problems on speed and
performance.
First full version of android.
Released on September 23, 2008.
Wi-Fi and Bluetooth support.
Quite slow in operating.
copy and paste feature in the web browser is not
present.
24. Released on April 30, 2009.
Added auto-rotation option.
Copy and Paste feature added in the web browser.
Increased speed and performance but not upto
required level.
Released on September 15, 2009.
Voice search and Search box were added.
Faster OS boot times and fast web browsing
experience.
Typing is quite slower.
Released on October 26, 2009.
Bluetooth 2.1 support.
Improved typing speed on virtual
keyboard, with smarter dictionary.
no Adobe flash media support.
25. Released on May 20, 2010.
Support for Adobe Flash 10.1
Improved Application launcher with better browser
No internet calling.
Released on December 6, 2010.
Updated User Interface with high efficiency and speed
Internet calling
One touch word selection and copy/paste.
New keyboard for faster word input.
More successful version of Android than previous
versions.
not supports multi-core processors.
Released on February 22, 2011.
Support for multi-core processors
Ability to encrypt all user data.
This version of android is only available for
tablets.
26. Released on November 14, 2011.
Virtual button in the UI.
A new typeface family for the UI, Roboto.
Ability to shut down apps that are using data in the
background.
Released on June 27, 2012.
Latest version of Android.
Smoother user interface.
27. Android Kitkat
Released on April 14,2014
Bug fixes.
Security enhancements.
Android Lollipop
Released on December 2,2014.
Speed improvement.
Battery consumption improvement.
Multiple SIM cards support.
Quick settings shortcuts to join Wi-Fi networks or control Bluetooth devices.
28. Android Marshmallow
Fingerprint Authentication support.
Better battery life with "deep sleep".
Permissions dashboard.
Android Pay.
MIDI support.
Google now improvements.
30. Introduction to iOS
iOS is the Operating System that run on Apple devices like
iPhone, iPod, iPad & Apple TV.
Provides multi tasking.
Only allows to run Apple signed applications.
New features & Bug fixes with every release.
Current version is iOS 9.
31. iOS Security Model
Two different views of iOS security model are presented.
The first model stands on four pillars that are mentioned in and are
as follows:
Device Security.
Data Security.
Network Security.
Application Security.
32. Keychain Services.
CFNetwork.
The Certificate, Key, and Trust Services API.
Randomization Services.
33. The second perspective discuss the security as a set of different
techniques to ensure the security.
ASLR.
Code Signing.
Sandboxing.
Data Encryption.
37. Introduction to Windows:
Microsoft’s new Mobile OS
-Successor to the Windows Phone.
Based on Windows CE kernel.
Released on November 8,2010.
Supports 25 Languages.
Offers a new User Interface with its “metro” login.
39. Which is safest: Android, iOS or Windows
Phone?
iOS is the safest out of the box
Second place goes to Windows Phone: very robust and with
excellent backup options, but still needs some work.
Android falls to third place, as it forces you to make more
decisions and has a less consistent security landscape, with
manufacturers adding their own security customizations.
40. Mobile security best practices
1. User Authentication.
2. Update Your Mobile OS with Security Patches.
3. Regularly Backup Your Mobile Device.
4. Utilize Encryption.
5. Enable Remote Data Wipe as an Option.
41. Mobile security best practices(cont’d)
6. Disable Wi-Fi and Bluetooth When Not Needed.
7. Don't Fall for Phishing Schemes.
8. Avoid All Jailbreaks.
9. Add a Mobile Security App.
10. Communicate Your Mobile Security Best Practices.
42. Conclusion
• Modern Operating Systems come with a strong security
background but there is nothing more important than the safety
of the user’s data.
• In these days there are a lot of known vulnerabilities in these
operating systems, applications, internet browsers and specific
teams and developers working on issues trying to fix known
problems.
• However, there is the weakest point at this security and that
point is always the user of the current device.