Smartphone security issues

Smartphone security issues

NCA  Seminar,  Krushevo,  2013  Aleksandra  Gavrilovska  

What can you do?  

2  

Losing your smartphone

What can you do ?  

•  Lock  access  to  the  phone  with  PIN  or  password  

•  Backup  phone  data  in  the  cloud,  computer,  memory  card  

•  Find  My  iPhone  •  Where’s  my  Droid  

3  

4  

Malicious software

Malicious software

•  Easily  distributed  via  applicaKon  stores  without  security  mechanism  

•  Pirated  versions  of  legiKmate  apps  •  Fetch  apps  from  links  on  the  web  (“malverKzing”)  

•  Install  soSware  which  targets  communicaKon,  user  locaKon  or  other  personal  data  

•  SMS  trojan  and  premium  SMS  

5  

What can you do ?  

•  Avoid  changing  phone’s  factory  seVngs  •  Don’t  jailbreak  or  root  your  phone  •  Install  apps  only  from  trusted  sources  •  Read  app  reviews    •  Read  permissions  requested  by  applicaKon  before  installing  it  

•  Install  firmware  updates  provided  by  the  manufacturer    

6  

7  

Malicious QR codes

•  QR  code  usually  contain  web  link  •  Smartphone  browser  is  automaKcally  launched  

•  Install  malware  •  Link  to  phishing  site  •  Steal  informaKon  

8  

What can you do ?  

•  Use  app  that  has  built  in  securiKes  features  (Norton  Snap)  

•  Enable  QR  code  review  •  Check  if  it  is  sKcker  (in  real  life)  

9  

10  

Vulnerable wireless networks

What can you do ?  

•  Don’t  transmit  sensiKve  data  via  public  Wi-­‐Fi,  which  is  usually  unencrypted  

•  Send  sensiKve  data  to  sites  that  you  trust  •  Check  if  it  web  address  starts  with  haps  •  Use  secure,  encrypted  VPN  to  connect  to  corporate  network  

11  

12  

P A N I C

What can you do ?  

•  Use  Mobile  device  security  tools  – Mobile  device  management  – Sandboxing  – Secure  browsers  

13  

14  

…because we develop mobile applications…

OWASP Mobile Security Project

•  OWASP  FoundaKon  •  For  developers  and  security  teams  •  How  to  build  and  maintain  secure  mobile  apps  •  Primary  focus  on  applicaKon  layer  

15  

OWASP Mobile Security Project  

•  Top  Ten  Mobile  Risks  •  Mobile  security  tesKng  •  Mobile  cheat  sheet  series  •  Secure  mobile  development  •  Top  ten  mobile  controls  and  design  principles  

16  

17  

Thank you.