Tutorial on Smartphone Security

Size: px
Start display at page:

Download "Tutorial on Smartphone Security"

Transcription

1 Tutorial on Smartphone Security Wenliang (Kevin) Du Professor

2 Smartphone Usage

3 Smartphone Applications

4 Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security Risks» Malware» Suggestions

5 Protections: Apple versus Google» Approval Processes» Access Control» Data Protection

6 Approval Process Apps Code review, testing, etc. Apple App Distribution Installation Apps Other 3 rd Party stores

7 Apple s App Development Process App Developer Registration Issued by Apple Certificate Accountability, Code Integrity App development

8 Public Key Encryption and PKI» Traditional Encryption: Secret Key Encryption > The same key is used for encryption and decryption > The key must be secret > Algorithms: AES, DES» Public Key Encryption > Public Key: public, used for encryption > Private key: secret, used for decryption > Algorithms: RSA

9 Public Key Encryption M1 Public Key: KeyPub Private Key: KeyPriv KeyPub Enc(M2) M2 Decryption using KeyPriv M3 Algorithm: RSA, ElGamal

10 Digital Signature using Public Key Verify M is written by Alice. Public Key: KeyPub Private Key: KeyPriv KeyPub Alice M, Signature M, Signature Verify M is NOT written by Alice. (M, KeyPriv) Signature KeyPub Algorithm: RSA, ElGamal, DSA

11 Digital Signature using Public Key Du Du s Private Key Digital Signature S Du s Public Key Everybody can verify whether the code is written by Du or not. Question: How do you know the public key is Du s?

12 Digital Certificate and PKI M: Public Key Name: Kevin Du Example: VeriSign M, VeriSign s Private Key Digital Signature S M Verification By everybody VeriSign s Public Key Usually preloaded in browsers and OS Digital Ceritificate: Public Key Name: Kevin Du Some other information VeriSign s Signature

13 The Whole Process

14 Weakness of PKI» We trust CAs (Certificate Authority)» CAs can be compromised > July 10 July 20, 2011: DigiNotar s system was hacked > 500 rogue certificates were issued by hackers Google, Skype, Mozilla, Microsoft > Microsoft remove this CA from its OS > Google and Mozilla block all DigiNotar s digital certificate > DigiNotar filed for bankruptcy in September 2011.

15 Apple s App Development Process App Developer Registration Issued by Apple Certificate Accountability, Code Integrity App development

16 Google s App Development Process Issued by a trusted party Certificate Accountability, Code Integrity App Developer App development Anonymous Certificate (self-signed) No Accountability, No Code Integrity Only for Android Market, Not for 3 rd party market

17 Access Control» We ve Learned: Downloaded programs are dangerous > Virus, Worms > Trojan, Backdoors» Apps are downloaded programs.» Need to control their access.

18 Unix Security Basics: Users» Normal Users > uid: user ID > Users are separated from each other» Root Users (Administrator, Superuser) > uid = 0 > Root has all the privileges > if (uid ==0) do privileged operations

19 Unix File Permission -rwxr-x--- 2 richard staff Aug mydata.txt owner group others

20 Access Control GPS System Resources Isolations - Isolations among Apps - Isolation between App and System

21 Isolation among Apps Uid = 6001 Uid = 6009 Uid = 7003 File permission: rw-rw---- Each App runs as a separate user (normal user) Access control is enforced by the underlying Linux

22 Security Check Break The Isolation among Apps Uid = 1020 Uid = 6009 Data sharing among apps Use the functionalities of other apps

23 Isolation Between App and System GPS Hardware OS Kernel Each app runs as a normal user Only root can directly access system resources System Resources

24 Security Check Allow Apps to Access System Resources GPS Hardware OS Kernel System Resources Privileged Deputy (e.g. system services)

25 Access Control GPS System Resources How to cross the isolation boundary? - Between Apps - Between App and System Permissions Controlled

26 Permission-Based Access Control GPS, Internet Alert: Ask once SMS, , Call: Ask every time Many Others: Granted Installation Execution Can only use A B C User A B C Declare Permissions (Android defines 100+ permissions)

27 Permission Examples in Android ACCESS_FINE_LOCATION BLUETOOTH CALL_PHONE CAMERA INTERNET READ_CONTACTS WRITE_CONTACTS READ_CALENDAR READ_SMS SEND_SMS Access GPS Connect to Bluetooth device Directly make phone calls Use camera Access to the Internet Read user s contacts data Write contacts data Read user s calendar data Read SMS messages Send SMS messages

28 Android s Permission System This is where the problem is. I need: INTERNET Device ID Wireless fraud Accept!

29 Malware: Malicious Software» Malware: Malicious Software > Information Stealer (spyware) > Money Stealer (e.g. make phone calls) > Control the phone (e.g. bot)» How do malware attack?

30 How Malware Attacks Systems Privilege Escalation (Jailbreaking/Rooting) Malicious Apps Abusing the given privileges Stealing personal info. Making expensive phone call Malicious web sites Malicious PDF files Suggestion: patch your system, read reviews, check developer s reputation.

31 Example: Attacks Through Browser» The user visits a malicious or infected website» Code in the page exploit a vulnerability in WebKit, the engine of browsers (CVE )» The attack then exploits a Skype vulnerability (CVE ) > allows local users to read sensitive files including contacts, conversation transcripts, voic , and so on.

32 Unapproved Apps Apps with More power Jailbreaking and Rooting Custom OS More control Custom OS Jailbreak Rooting Apple s Control Google s Control They are legal, but they bring more security risks. Suggestion: don t do it if you don t have to.

33 A Typical Attack on Android Legitimate Developer Android Market, or 3 rd -Party Markets Cases: MYOURNET (21 apps) Droid Dream (>58 apps) Suggestions: Read reviews Check developers Check permissions Install virus scan Malicious Developer Victim

34 Example: Fake Angry Birds Space» Faked one available on various Android app marketplaces, not Google s market» Trojan Horse: Andr/KongFu-L» Use GingerBreak exploit to gain root access» Install malicious code

35 WebView Attack on Web: A Design Flaw 3 rd Party App: Not by FB Malicious App Contents Damage: - Delete Friends - Steal info. In Facebook - Post messages Affect most systems - ios, Android, Windows Phone Suggestion: Use 1 st party or trusted 3 rd party apps to access Web accounts

36 Data Protection

37 Recent Studies (March 2012)» American lost $30B worth of smartphones.» Only 50% lost phones are returned.» Nearly all who found the lost phones tried to access the information on the phone.» 22% of the respondents lost their phones.» 70% didn t use password protection.

38 Consequence of Device Loss Cloud Services Facebook Company WiFi Amazon Online Banking Data Other Accounts Lock the phone does not help much. Remote wipe has limited power.

39 Data Encryption iphone 3GS iphone 4 Password, PIN Encryption is useless PIN: easily crackable 4 digit PIN = 14 bits Strong encryption: 128 bits Suggestion: don t lose your phone

40 Apple v.s. Google» Tight Control: Apple > Control on ios code > Code checking, accountability > Control on the app market» Loose Control: Google > Open source: public scrutiny, contribution by others > No code checking, no accountability > So far, Android has more malwares than ios

41 Summary of Suggestions» Don t root/jailbreak if not necessary» Be more careful when downloading Android Apps» Avoid 3 rd -party Android market» Paid apps turned free: check the developers» PIN doesn t protect your data much

42 Questions?

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold Android Security Device Management and Security by Stephan Linzner & Benjamin Reimold Introducing Stephan Linzner Benjamin Reimold Consultant, Software Engineer Mobile Developer Founder of Stuttgart GTUG

More information

Analysis of advanced issues in mobile security in android operating system

Analysis of advanced issues in mobile security in android operating system Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

Lecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security

Lecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Smartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved

Smartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved Smartphone Security A Holistic view of Layered Defenses David M. Wheeler, CISSP, CSSLP, GSLC 1 The Smartphone Market The smartphone security market is expected to grow at a rate of 44 percent annually

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific

More information

Security guide. small businesses and freelancers. Security guide 1

Security guide. small businesses and freelancers. Security guide 1 Security guide small businesses and freelancers Security guide 1 1. Introduction 3. The most dangerous types of threats 5. Will you let us protect you? 2. Where is the danger and how can we protect ourselves?

More information

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents

More information

Enterprise Mobility Report 12/2014. Creation date: 4.1.2015. Vlastimil Turzík

Enterprise Mobility Report 12/2014. Creation date: 4.1.2015. Vlastimil Turzík 12/2014 Creation date: 4.1.2015 Author: Vlastimil Turzík Content Content... 2 Introduction... 3 ios... 3... 3 Android... 3... 3 Android devices vulnerable to new Trojan... 3 CVE-2014-7911... 3 CVE-2014-8507...

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

Protecting against Mobile Attacks

Protecting against Mobile Attacks 2014-APR-17 Protecting against Mobile Attacks Frankie Wong Security Analyst, HKCERT 1 Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537 2 Agenda Attacks moving to mobile

More information

Mobile Device Management

Mobile Device Management 1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 What are You Trying to Protect? If someone got into your email, what

More information

Mobile malware hits ActiveSync-only devices

Mobile malware hits ActiveSync-only devices Mobile malware hits ActiveSync-only devices Mobile platforms have leapfrogged PC security for years, but as mobile device adoption explodes worldwide, these platforms face more security threats than ever

More information

Securing mobile devices in the business environment

Securing mobile devices in the business environment IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile

More information

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them? Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices

More information

The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager

The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager Mobility -we have come a long way and where is it going? Image: Word Press Mobility To achieve mobility, two

More information

Security Best Practices for Mobile Devices

Security Best Practices for Mobile Devices Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices

More information

Studying Security Weaknesses of Android System

Studying Security Weaknesses of Android System , pp. 7-12 http://dx.doi.org/10.14257/ijsia.2015.9.3.02 Studying Security Weaknesses of Android System Jae-Kyung Park* and Sang-Yong Choi** *Chief researcher at Cyber Security Research Center, Korea Advanced

More information

CEH Version8 Course Outline

CEH Version8 Course Outline CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information

More information

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential Best Practices for Smartphone Apps A smartphone is basically a computer that you can carry in the palm of your hand. Like computers, smartphones have operating systems that are often called platforms.

More information

Chris Boykin VP of Professional Services

Chris Boykin VP of Professional Services 5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing

More information

Trust Digital Best Practices

Trust Digital Best Practices > ARMING IT AGAINST SMARTPHONE THREATS Trust Digital Best Practices April 2009 The information contained herein is subject to change at any time, and Trust Digital makes no warranties, either express or

More information

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP August 2014 RSA agents recently traced a threat actor advertising a mobile credit card store application. The cybercriminal shared the information

More information

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will

More information

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data. Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating

More information

SECURING TODAY S MOBILE WORKFORCE

SECURING TODAY S MOBILE WORKFORCE WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table

More information

Android vs. Apple ios Security Showdown Tom Eston

Android vs. Apple ios Security Showdown Tom Eston Android vs. Apple ios Security Showdown Tom Eston About Your Presenter Tom Eston CISSP, GWAPT Manger of the SecureState Profiling & Penetration Team Specializing in Attack & Penetration, Mobile Security

More information

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals CHECK POINT Mobile Security Revolutionized [Restricted] ONLY for designated groups and individuals 2014 Check Point Software Technologies Ltd. 1 Rapidly Expanding Mobile Threats MOBILE THREATS are ESCALATING

More information

Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops)

Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops) Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops) 1. Purpose Banner encourages the business use of Mobile Devices by employees as productivity enhancement tools. The purpose of this

More information

2015 MDRT Annual Meeting e Handout Material. What is Your Smartphone Leaking?

2015 MDRT Annual Meeting e Handout Material. What is Your Smartphone Leaking? 2015 MDRT Annual Meeting e Handout Material Title: Speaker: What is Your Smartphone Leaking? Anwar Visram, CISSP Presentation Date: Wednesday, June 17, 2015 10:00 11:00 a.m. The Million Dollar Round Table

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

Enterprise Mobile Threat Report

Enterprise Mobile Threat Report Enterprise Mobile Threat Report The State of ios and Android Security Threats to Enterprise Mobility I. Introduction This report examines enterprise security threats for ios and Android. While Android

More information

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring

More information

Report on Consumer Behaviors and Perceptions of Mobile Security. Presented by NQ Mobile & NCSA January 25, 2012

Report on Consumer Behaviors and Perceptions of Mobile Security. Presented by NQ Mobile & NCSA January 25, 2012 Report on Consumer Behaviors and Perceptions of Mobile Security Presented by NQ Mobile & NCSA January 25, 2012 Methodology Online survey of 1,158 consumers. Participants had to own a smartphone. Respondents

More information

Kaspersky Security 10 for Mobile Implementation Guide

Kaspersky Security 10 for Mobile Implementation Guide Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful

More information

Enterprise Mobility Report 10/2014. Creation date: 31.10.2014. Vlastimil Turzík, Edward Plch

Enterprise Mobility Report 10/2014. Creation date: 31.10.2014. Vlastimil Turzík, Edward Plch 10/2014 Creation date: 31.10.2014 Author: Vlastimil Turzík, Edward Plch Content Content... 2 Introduction... 4 Interesting Articles... 4 95% of companies challenged by BYOD security... 4 ios... 4 Vulnerability...

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell

Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü

More information

Defending Behind The Device Mobile Application Risks

Defending Behind The Device Mobile Application Risks Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem

More information

Feature List for Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance

More information

Mobile Device Management and Security Glossary

Mobile Device Management and Security Glossary Mobile Device Management and Security Glossary February, 2011 MOBILE OS ActiveSync Exchange ActiveSync (EAS) is a Microsoft technology that allows mobile users to access their Microsoft Exchange mailboxes

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite. White Paper Securing Today s Mobile Workforce Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2012, Juniper Networks, Inc. 1 Table

More information

Security Threats for Mobile Platforms

Security Threats for Mobile Platforms Security Threats for Mobile Platforms Goran Delac Faculty of Electrical Engineering and Computing, University of Zagreb, Zagreb, Croatia Abstract - The proliferation of smart-phone devices, with ever advancing

More information

Securing your Mobile Environment. Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank

Securing your Mobile Environment. Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank Securing your Mobile Environment Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank These things are everywhere These things are everywhere These things are everywhere These things are everywhere

More information

Successful Mobile Deployments Require Robust Security

Successful Mobile Deployments Require Robust Security By: Maribel D. Lopez FIRMS MUST BUILD SECURITY ENABLED MOBILITY Mobility is no longer considered a luxury within enterprise but a critical part of a networking strategy as 9irms look to increase productivity

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

BYOD Policy for [AGENCY]

BYOD Policy for [AGENCY] BYOD Policy for [AGENCY] This document provides policies, standards, and rules of behavior for the use of smartphones, tablets and/or other devices ( Device ) owned by [AGENCY] employees personally (herein

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

Security and the Smartphone Revolution

Security and the Smartphone Revolution Security and the Smartphone Revolution About the Speaker Joseph Granneman, MBA, CISSP Joseph Granneman has developed a passion and expertise in information security in his 20 years of experience as a CIO,

More information

IAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner johannes.feichtner@iaik.tugraz.at IAIK

IAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner johannes.feichtner@iaik.tugraz.at IAIK Motivation 2 Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at What you have heard last time Mobile devices: Short history, features Technical evolution, major OS,

More information

Windows Phone 8 Security Overview

Windows Phone 8 Security Overview Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.

More information

Norton Mobile Privacy Notice

Norton Mobile Privacy Notice Effective: October 25, 2016 Symantec and the Norton brand have been entrusted by consumers around the world to protect their computing devices and digital assets. This Norton Mobile Privacy Notice tells

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure

More information

Future of Mobile App Security. Vincent Sritapan Program Manager Cyber Security Division Science and Technology Directorate

Future of Mobile App Security. Vincent Sritapan Program Manager Cyber Security Division Science and Technology Directorate Future of Mobile App Security Vincent Sritapan Program Manager Cyber Security Division Science and Technology Directorate Do You Know What Your Apps Are Doing? Spying Microphone & camera surveillance $

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

Tufts University. COMP116 Introduction to Computer Security. Recovery After Losing the Physical Device

Tufts University. COMP116 Introduction to Computer Security. Recovery After Losing the Physical Device Tufts University COMP116 Introduction to Computer Security Recovery After Losing the Physical Device Dec. 11 th 2014 Author: Haoyang Mao Mentor: Ming Chow 1 Abstract The only truly secure system is one

More information

Mobile Operating Systems & Security

Mobile Operating Systems & Security Mobile Operating Systems & Security How can I protect myself? Operating Systems Android Apple Microsoft What do they do? operate smartphones, tablets, watches and other mobile devices includes touchscreens

More information

MOBILE BANKING USER GUIDE

MOBILE BANKING USER GUIDE MOBILE BANKING USER GUIDE CentricBank.com DrCentricBank.com 717.657.7727 Centric Bank does not currently charge a fee for Mobile Banking. However, your mobile phone provider may charge data usage fees

More information

BYPASSING THE ios GATEKEEPER

BYPASSING THE ios GATEKEEPER BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY

More information

ONE Mail Direct for Mobile Devices

ONE Mail Direct for Mobile Devices ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document

More information

Kaspersky Security for Mobile Administrator's Guide

Kaspersky Security for Mobile Administrator's Guide Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that

More information

Dr. David Turahi Director for IT&IMS - MOICT Uganda

Dr. David Turahi Director for IT&IMS - MOICT Uganda Dr. David Turahi Director for IT&IMS - MOICT Uganda A smart phone is a mobile phone offering advanced capabilities beyond a typical mobile phone, often with computer like functionality. There is no industry

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

MOBILE SECURITY: DON T FENCE ME IN

MOBILE SECURITY: DON T FENCE ME IN MOBILE SECURITY: DON T FENCE ME IN Apart from the known and the unknown, what else is there? 18 Harold Pinter, Nobel Prize-winning playwright, screenwriter, director, actor 32 INTRODUCTION AND METHODOLOGY

More information

Help us make this document better smarttech.com/docfeedback/170892. Security information

Help us make this document better smarttech.com/docfeedback/170892. Security information Help us make this document better smarttech.com/docfeedback/170892 Security information SMART kapp includes data security features designed to keep your content controlled in a predictable way. This document

More information

Protect Yourself in the Cloud Age

Protect Yourself in the Cloud Age Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation

More information

Click to edit Master title style

Click to edit Master title style About Alexandra Instituttet A/S Non-profit application oriented research institution focus on IT GTS Godkendt Teknologisk Service Institut 100+ employees generating R&D Researchers Providers Users Commercial

More information

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

ZNetLive Malware Monitoring

ZNetLive Malware Monitoring Introduction The criminal ways of distributing malware or malicious software online have gone through a change in past years. In place of using USB drives, attachments or disks to distribute viruses, hackers

More information

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Security: Controlling Growing Threats with Mobile Device Management Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work

More information

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 Why care about ios Security? 800M 800 million ios devices activated 130 million in last year 98%

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

The Mobile Malware Problem

The Mobile Malware Problem The Mobile Malware Problem Eddy Willems Security Evangelist G Data Security Labs Director Security Industry Relationships - EICAR eddy.willems@gdata.de Introduction Security Evangelist at G Data: Privately

More information

Information Security Threat Trends

Information Security Threat Trends Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing

More information

MOBILE MALWARE REPORT

MOBILE MALWARE REPORT TRUST IN MOBILE MALWARE REPORT THREAT REPORT: H2/2014 CONTENTS At a Glance 03-03 Forecasts and trends 04-04 Current situation: 4.500 new Android malware instances every day 05-05 Third-party App-Stores

More information

Norton Mobile Privacy Notice

Norton Mobile Privacy Notice Effective: April 12, 2016 Symantec and the Norton brand have been entrusted by consumers around the world to protect their computing devices and most important digital assets. This Norton Mobile Privacy

More information

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them The Increasing Threat of Malware for Android Devices 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them INTRODUCTION If you own a smartphone running the Android operating system, like the

More information

Android Security Data from the Frontlines

Android Security Data from the Frontlines SESSION ID: MBS-T07R Android Security Data from the Frontlines security@android.com aludwig@google.com Goal of this talk Provide insight into overall Android security strategy. Discuss data that is being

More information

GlobalSign Malware Monitoring

GlobalSign Malware Monitoring GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...

More information

Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security

Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security March 14, 2013 About: Daniel Security researcher for almost a decade

More information

Manage and Secure the Mobile Data, Not Just the Device. Stijn Paumen VP Business Development, Wandera

Manage and Secure the Mobile Data, Not Just the Device. Stijn Paumen VP Business Development, Wandera Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000

More information

NetSafe Smartphone Security Report 2014

NetSafe Smartphone Security Report 2014 NetSafe Smartphone Security Report 2014 Smartphone Security Report 2014 Smartphone Security Advice 1. Lock your smartphone Use a pin, password, complex swipe or other option to restrict access to your

More information

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required

More information

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation (U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation DR. C. NTANTOGIAN 1, DR. C. XENAKIS 1, DR. G. KAROPOULOS 2 1 DEPT. O F DIGITAL SYST EMS,

More information

Mobile Security Framework; Advances in Mobile Governance in Korea. TaeKyung Kim tkkim@stu.ac.kr

Mobile Security Framework; Advances in Mobile Governance in Korea. TaeKyung Kim tkkim@stu.ac.kr Mobile Security Framework; Advances in Mobile Governance in Korea TaeKyung Kim tkkim@stu.ac.kr I. e-banking in Korea 1. e-banking? BIS (Bank for International Settlements) - e-finance(electronic banking)

More information

Introduction to Cyber Security

Introduction to Cyber Security Mark R. Herring Attorney General Commonwealth of Virginia Office of the Attorney General 900 East Main Street Richmond, Virginia 23219 (804) 786-2071 (Telephone) (804) 786-1991 (Facsimile) Introduction

More information

Enterprise Apps: Bypassing the Gatekeeper

Enterprise Apps: Bypassing the Gatekeeper Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that

More information

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer

More information

Mobile Security Apps. Hendrik Pilz Director Technical Lab / Mobile Security hpilz@av-test.de

Mobile Security Apps. Hendrik Pilz Director Technical Lab / Mobile Security hpilz@av-test.de Hendrik Pilz Director Technical Lab / Mobile Security hpilz@av-test.de The test report is also available on About AV-TEST 24 employees in Magdeburg and Leipzig Tests of security solutions for consumers

More information

Information Security Updates Mobile Security Best Practices for General User

Information Security Updates Mobile Security Best Practices for General User Information Security Updates Mobile Security Best Practices for General User A ccording to research figures from Business Intelligence 1, the number of smartphones sold worldwide has already surpassed

More information