mobile device security
play

Mobile Device Security and Privacy Information Security and Privacy - PowerPoint PPT Presentation

Sep 22, 2022 •436 likes •971 views

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda Protecting mobile devices and your privacy Protecting Mobile Devices and Your Privacy Before We Start The City of Phoenix does not

  1. Mobile Device Security and Privacy Information Security and Privacy Office January 2012

  2. Agenda • Protecting mobile devices and your privacy

  3. Protecting Mobile Devices and Your Privacy

  4. Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.

  5. Goal: Convince You To… 1. Keep your device with you – don’t leave it unattended 2. Protect your device with a strong password 3. Use anti-malware software 4. Read those (often boring) privacy policies 5. Don’t download or keep apps that request more permissions than needed

  6. Do You Have a Smartphone?

  7. Pop Quiz • How many smartphone users are there in the U.S.? – As of September 2011 • 87.4 million • 33.7 million • 946,800 thousand

  8. Pop Quiz • How many smartphone users are there in the U.S.? – As of 9/2011 • 87.4 million • 33.7 million • 946,800 thousand

  9. Pop Quiz • In the U.S. 113 mobile phones are lost every … • Day • Hour • Minute

  10. Pop Quiz • In the U.S. 113 mobile phones are lost every … • Day • Hour • Minute

  11. Top 10 U.S. Cities for Cell Phone Loss or Theft

  12. Do You Access or Do Banking?

  13. Using Your Smartphone • 44% use a browser to access the Internet – 32.5 million Americans accessed banking • Vendors, retailers, merchants, content providers, mobile operators, and banks are all actively establishing new payment services – The value of mobile payment transactions is projected to reach almost $630 billion by 2014, up from $170 billion in 2010

  14. Password-Protect Your Device • 24% store computer or banking passwords on their mobile devices • More than half of smartphone users do not use any password protection to prevent unauthorized access to their device • What’s the risk?

  15. No Password What’s the Harm? • Access personal email and work email • Access your financial accounts, like banks, Mint.com, or PayPal • Access your data in Google Docs, Evernote, or Dropbox • Post embarrassing updates to Facebook and Twitter • So use a strong password – Require the password after minimum period of inactivity

  16. When Purchasing a Mobile Device • Ask about security features and functions – Can you add a strong password, how are patches deployed… – What apps are pre-loaded, are apps vetted • Pre-loaded apps generally have more permissions than ones you install – What software protections can you can install after purchasing • Do you really need all the bells and whistles • Research the device – What maintenance is needed, is it a hacker target or thief magnet, how do you secure it – Read reviews – are most consumers satisfied

  17. Smartphone Malware What’s the Harm? • Force the infected phone call a given phone number – Remember 900 numbers? • Send premium rate text messages • Automatically visit websites that the malware directs it to – Earns money for malware writer • Steal personal information • Be alert for unusual behaviors on your phone, which could be a sign that it is infected – Unusual text messages, strange charges to the phone bill, and suddenly decreased battery life

  18. What’s the Best Anti-Malware Software? • Read app reviews • Check reliable consumer publications • Check industry publications • Look for names you trust • The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.

  19. Keep a Clean Machine • Keep your mobile security software current • Automate software updates – Many software programs will automatically connect and update to defend against known risks – Example: Sync regularly with iTunes – don’t just charge the battery

  20. Prepare for the Unthinkable • Consider using a “find my device” to locate your device if lost or stolen • Enable remote wipe capability

  21. Mobile Device Privacy

  22. Do You Read App Privacy Policies / Permissions?

  23. Using Your Smartphone • 26% of smartphone owners say they always read the privacy policy when downloading apps – I’m not sure I believe that • 31% say they never read the policy

  24. Example – Game • New! 4 ½ Stars! Reputable Developer!

  25. Example – Game

  26. Why Do Apps Need “Read Phone State and Identity” Permission? • Phone State – Lets the app tell whether you’re on a call or if the phone’s ringing – Allows games, media players, podcasts to pause while you’re on a call • Phone Identity – Developer may need a way to assign a unique ID to you for registration/activation purposes – Many ad publishers use this permission to get the Phone ID for tracking purposes • App may not know who you are exactly, but tracking your usage over time allows a company to build a profile of your individual activity

  27. True or False • A basic Android application has no permissions associated with it – This means the app cannot do anything that would adversely impact the user experience or any data on the device

  28. True! • App developer must specifically state the permissions he wants the app to have

  29. Flashlight App

  30. Compare – Flashlight App • Free! 5 Stars! Lots of installs!

  31. Example – Flashlight App

  32. Example – Flashlight App

  33. True or False • Most free app developers rely on advertising to fund their businesses

  34. True! • Most free app developers rely on advertising to fund their businesses

  35. Why the App’s Free • Free and cheap apps are usually supported by ads – Marketers want to know user demographics to better target ads • The advertising company pays the app developer and supplies a library (of code/programs) that the developer links to within the application – The app developer might not really even be aware of what the ad libraries do • The ad library “piggybacks” on the app’s permissions • So, for example, if the app can read your contact list, the advertiser (through the library) can read your contact list

  36. “Read Phone State and Identity” Trade-off • Some advertising systems, like AdMob, require developers to use this permission so the advertiser can collect statistics • This means: • Both the advertiser and the app publisher can track your usage of the app, and your usage across multiple apps if they collect all that data centrally (which advertisers definitely do)

  37. I Know You • Sign up for something and give your email address or Facebook login – Ties all of the profile information to a real individual • I know where you live, work, and shop – Because of your GPS info • I know what you like – Because of Facebook and your shopping profile • I know your friends and family – Because of Facebook and device contacts and messaging

  38. Before Downloading that App • Be especially wary of typically-suspicious apps (like ringtone apps) that use unneeded permissions • Only install apps with potentially harmful permissions from developers you trust • Check the app’s marketplace rating to determine safety – Not a perfect indicator (like with Flashlight)

  39. Look For Apps That Tell You How It’s Using Permissions

  40. Does the App Want Passwords? • Think twice before giving an app passwords – Example: Some apps ask for passwords to popular services, like GoogleDocs and Dropbox to upload and store things

  41. App Stores • Apple reviews all apps in its store and tries to verify… – Does the app do what it says it does? Does it function reliably? And does it respect the limitations that Apple has put on developers? – This process does weed out some security threats, like apps that carry malware – Does not eliminate all risks to your privacy • Android apps are not vetted – Android market is considered the “wild, wild west”

  42. Example: Movie Trivia Game Uses internet connection to see what the rest of the world has answered to current question

  43. Example: Whole Foods App

  44. iOS Location Services • Tell if an iOS app is using location services • Look for the arrow next to the battery indicator

  45. eBook Reader Privacy • Electronic Frontier Foundation researched and published a guide to eReader privacy – https://www.eff.org/deeplinks/2010/12/2010-e- book-buyers-guide-e-book-privacy

  46. Quiz: Would you use this IM service? From an instant messaging site

  47. Are You Convinced To… 1. Keep your device with you – don’t leave it unattended 2. Protect your device with a strong password 3. Use anti-malware software 4. Read those (often boring) privacy policies 5. Don’t download or keep apps that request more permissions than needed

  48. Questions? Contact ispo@phoenix.gov

  49. More Cowbell (Supplemental Info)

  50. What’s Wrong With This Picture?

  51. QR Codes • Quick Response codes are popping up everywhere – Magazine ads, newsletters, real estate signs, newspaper ads, trade show booths • A QR code is basically a 2D barcode that can be read by smart phone users – An easy way to direct a user to a website – just scan the QR code • Could be a link to a malicious website

Recommend

Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device

Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device

Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device Background* Mobile Device Background* Mobile Device Background* Mobile Device Background* Inexpensive, ubiquitous, wireless, networked,

478 views • 19 slides
Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security

Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security

CS 155 Spring 2018 Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories Physical, platform malware, malicious apps Defense

1.17k views • 93 slides
Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction:

Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction:

Spring 2018 CS 155 Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories n Physical, platform malware, malicious apps Defense against physical theft Thurs

1.28k views • 64 slides
CS 563 Mobile OS & Device Security Advanced Computer Security CS 563 University of Illinois

CS 563 Mobile OS & Device Security Advanced Computer Security CS 563 University of Illinois

CS 563 Mobile OS & Device Security Advanced Computer Security CS 563 University of Illinois at Urbana-Champaign Presentation by: Gliz Seray Tuncay Administrative Announcements : Reaction paper was due today (and all classes)

807 views • 52 slides
Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device

Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device

Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device Security 2013 Boston, MA Presen sented ted by: Francis Brown & Joe DeMesy Bishop Fox www.bishopfox.com Introductions VERY QUICKLY

3.77k views • 83 slides
Edgefield SS Mobile Device Management Briefing Date: 17 th April 19 Mobile device management

Edgefield SS Mobile Device Management Briefing Date: 17 th April 19 Mobile device management

Edgefield SS Mobile Device Management Briefing Date: 17 th April 19 Mobile device management (MDM) An MDM solution control to deploy, monitor, and manage devices Basic F c Fea eatures in ScreenGuide de [Parent] Configure daily Screen Time

144 views • 12 slides
CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL:

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL:

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mobile Phones Networked device

302 views • 11 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Mobile Security Issues Introduction So many cool mobile apps Access to web, personal information, social media, etc

1.05k views • 55 slides
Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC

Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC

Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC (August 2006) Srivaths Ravi (Email: sravi@nec- labs. com) NEC Laboratories America Princeton, NJ Security Requirements of Mobile Appliances

159 views • 12 slides
CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Mobile computing You are tasked in developing a mobile computing system. What features do you need? How do you ensure device

383 views • 24 slides
Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO

Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO

Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly a decade From PC to Mobile

693 views • 54 slides
MOBILE TOUCHSCREEN UI FARHANA HAQUE TOUCHSCREEN MOBILE Input device: mobile phone Layered

MOBILE TOUCHSCREEN UI FARHANA HAQUE TOUCHSCREEN MOBILE Input device: mobile phone Layered

MOBILE TOUCHSCREEN UI FARHANA HAQUE TOUCHSCREEN MOBILE Input device: mobile phone Layered with special type of glass on top User interact directly on the glass Interaction through finger or stylus HAPTIC FEEDBACK Touch

295 views • 17 slides
What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017

What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017

What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017 Dan S. Wallach , Rice University tl;dr The computers inside the computer Every chip has one or more CPUs inside; they have exploitable bugs

1.23k views • 87 slides
Data Collection through Device- to-Device Communications for Mobile Big Data Sensing Hanshang Li,

Data Collection through Device- to-Device Communications for Mobile Big Data Sensing Hanshang Li,

Data Collection through Device- to-Device Communications for Mobile Big Data Sensing Hanshang Li, Ting Li, Xinghua Shi and Yu Wang College of Computing and Informatics University of North Carolina at Charlotte May 17 , 2016 @ The First

566 views • 39 slides
A Snapshot of the Mobile HTML5 Revolution @ jamespearce The Pledge Single device Multi device

A Snapshot of the Mobile HTML5 Revolution @ jamespearce The Pledge Single device Multi device

A Snapshot of the Mobile HTML5 Revolution @ jamespearce The Pledge Single device Multi device Sedentary user Mobile user * Declarative Imperative Thin client Thick client Documents Applications * or supine, or sedentary, or passive,

1.03k views • 84 slides
Hardware and Device Drivers Device virtualization Device drivers and security Bjrn

Hardware and Device Drivers Device virtualization Device drivers and security Bjrn

Outline Faculty of Computer Science Institute for System Architecture, Operating Systems Group What's so different about device drivers? Hardware access Writing device drivers on L4 Reuse of legacy drivers Hardware and Device

619 views • 12 slides
Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan

Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan

Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan Flechais, A.W. Roscoe Workshop in

650 views • 18 slides
IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE

IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE

LECTURE IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE Program Runtime Attacks Wireless Security Side Channels CONNECTED DEVICES Thread Intelligence Secure Group Communication

1.04k views • 6 slides
Latest Trends in Mobile Security By M K Chaithanya C-DAC Hyderabad Outline Introduction

Latest Trends in Mobile Security By M K Chaithanya C-DAC Hyderabad Outline Introduction

Latest Trends in Mobile Security By M K Chaithanya C-DAC Hyderabad Outline Introduction Statistics of Mobile Usage Current State of Mobile Security Recent Attacks Various Mobile Threats Security & Privacy

1.03k views • 57 slides
www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device generates, stores and processes security-critical information 2 PUFs: Myth, Fact or Busted? CHES 2012 However: Cryptographic secrets can be leaked

443 views • 26 slides
Mobile Device Security: Threats, Governance, and Safeguards Larry G. Wlosinski, CISSP, CAP,

Mobile Device Security: Threats, Governance, and Safeguards Larry G. Wlosinski, CISSP, CAP,

April 2016 Mobile Device Security: Threats, Governance, and Safeguards Larry G. Wlosinski, CISSP, CAP, CCSP, CISM, CISA, CRISC, CBCP, CDP, ITIL v3 L_Wlosinski@Hotmail.com 1 Larry G. Wlosinski, CISSP, CAP, CCSP, CISM, CISA, CRISC, CBCP, CDP,

1.3k views • 93 slides
Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues. Mobile access is expected to become the main access method. Services and mobile commerce (mCommerce) are expected to become a major business.

818 views • 20 slides
Trends in Mobile Device Forensics Jonathan Rajewski, MS, CCE, CFE, CISSP, ENCE, TJFC Director -

Trends in Mobile Device Forensics Jonathan Rajewski, MS, CCE, CFE, CISSP, ENCE, TJFC Director -

8/29/2016 Trends in Mobile Device Forensics Jonathan Rajewski, MS, CCE, CFE, CISSP, ENCE, TJFC Director - Senator Leahy Center for Digital Investigation @jtrajewski Associate Professor - Digital Forensics | Cyber Security

344 views • 18 slides
Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project

Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project

Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project discussions Native Apps Live on device Access to all device features GPS, accelerometer, compass, list of contacts Written for specific

654 views • 38 slides

More recommend