The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager

Transcription

1 The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager

2 Mobility -we have come a long way and where is it going? Image: Word Press

3 Mobility To achieve mobility, two things are needed 1. An endpoint of some type that is personal and portable 2. A connection to data and applications that are remote from this endpoint

4 Mobility today Easy access for everyone Easy access to everything Constant communication Merging markets Massive consolidated data ZDNet. Com/blog/hinchcliffe

5 This decade - malware for mobile devices 1000 new Android malware samples discovered every day 2000 new Android malware samples discovered every day Cabir First worm affecting Symbian Series 60 phones. Spreads from phone to phone by using Bluetooth OBEX push protocol. Ikee and Duh Worms affecting jailbroken iphones using Cydia app distribution system due to a hardcoded password in sshd. FakePlayer First malware for Android makes money by sending SMS messages to premium line numbers in Russia DroidDream First large attack to Google Play market. Over 50 apps containing a root exploit published to Android Market. Zitmo Popular Windows bot and banking malware Zeus improved with its Android component designed to steal banking mtans. Masterkey A vulnerability in Android discovered exploiting certificate validation in Android which allows malware to disguise as a legitimate app. DownAPK Windows based malware uses Android debugging bridge to install fake banking app to Android devices connected to the infected PC. Image: : SophosLabs

6 Android malware Over 150k variants of malware known Information stealers (Andr/SMSRep) SMS senders (Andr/AdSMS) Phishing (fake mobile banking software) Privilege escalation exploits (DroidDream) Zeus for Android (Zitmo) For details request information from SophosLabs

7 Android malware For details request information from SophosLabs

8 Android malware For details request information from SophosLabs

9 So we agree there is a problem and it will not go away? It is important to understand the problem and not over hype it Image: uncyclopedia.wikia

10 Personal data new asset class In 2020, digital records will be 44 times larger than in Personal data is the new oil of the Internet and the new currency of the digital world * Meglena Kuneve, European Consumer Commissioner, March 2009

11 Is your mobile device helping others to track you? Image: Dr. Gabriella Kortsch

12 We know what you are, just not who you are Wi-Fi access able to connect to...

13 Australia March 2014 This month the advertising industry will be employing new technology known as Anonymous Biometric and Objects Data Sensors (ABODS). Put simply, sensor cameras are placed behind or close to the screen frame of a digital billboard, biometrically sizing you up as you walk past. 13

14 Photograph: Voucher Codes Pro. Article Juliette Garside

15 Many pieces are visible, its just putting them together Sophos can help, ask us how? Image: Freepic

16 Sophos Mobile Control A Mobile Device Management solution that provides: Configuration of the phone Addresses concerns regarding loss/theft Supports employees personal devices DIY device management with a self service portal Device compliance check Enterprise Application Store For Apple, Android, Windows Mobile, Blackberry 16

17

18 Sophos Mobile Control Also available in suites with other Sophos products to reduce costs: Endpoint Protection (Anti-Virus, Application / Device / Data Control, Patch Assessment, Off-network web filtering) Protection (Anti-Virus, Anti-Spam, Content filtering) Web Protection (Anti-Virus, Content filtering) Encryption (Full disk, Removable Storage, Server Storage, Cloud Storage) Network Protection (Firewall, Reverse proxy, IPS, VPN, Wireless) For further information visit or contact Sebastian Kramer [sebastian.kramer@sss.co.nz] Matthew Young [matthew.young@sophos.com.au]

19 The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager