SlideShare una empresa de Scribd logo
1 de 31
Descargar para leer sin conexión
The enemy in your pocket
 Securing smartphones in the enterprise



 Vicente Diaz, Senior Security Analyst, GReAT
 Gartner Symposium/ITxpo 2012, Barcelona




PAGE 1 |
BYOD will come regardless you have a
                  policy or not

      Human behavior has shifted, BYOD is a
               response to that
           My CEO heard we can save money
                   through BYOD

PAGE 2 |
1. The problem




PAGE 3 |
BYOD reanalyzed

                     Where?
                  What devices?

PAGE 4 |   1 2
What´s the problem?
                 Problem 1: Infection




PAGE 5 |   1 2
Can this happen?




PAGE 6 |   1 2
What are we really afraid of?




PAGE 7 |   1 2
Bad PR is worse than bad IT




PAGE 8 |   1 2
What´s new then?




PAGE 9 |   1 2
Are they vulnerable?
      Highlights from 2012:


      NFC Vulnerability by Charlie Miller


      iPhone 4S and Samsung Galaxy S3 owned




PAGE 10 |   1 2
Do you like chocolates?




PAGE 11 |   1 2
Who else wants to spy on you?




PAGE 12 |   1 2
FinSpy




PAGE 13 |   1 2
Protection
    Sure, I have swipe gesture password




PAGE 14 |   1 2
PAGE 15 |   1 2
BYOD ≠ Data Leak




PAGE 16 |   1 2
2. Perspective




PAGE 17 |   1 2
Perspective




PAGE 18 |   1 2
Perspective




PAGE 19 |   1 2
Perspective




PAGE 20 |   1 2
Abusing Consumerization - Mobile devices
 Are they dangerous?




                                  It depends on what you do with it!
                                               Facebook
                                                Twitter
                                                Gmail
                                          Corporate e-mail
                                   Reading corporate documents
                                   Writing confidential e-mails?



PAGE 21 |   1 2
Where is the data?




PAGE 22 |   1 2
Demo



PAGE 23 |   1 2
Using the cloud




PAGE 24 |   1 2
Some tools




PAGE 25 |   1 2
3. What now?




PAGE 26 |   1 2
Kim Stevenson




PAGE 27 |   1 2
Reality for most companies is different




PAGE 28 |   1 2
Reality for most companies is different




PAGE 29 |   1 2
Conclusions

     BYOD: Myth vs Reality
     Policies are necessary, but they are not enough
     Is the problem in the device or in educating users?
     Who is responsible for the security of the device?
     We all love chocolates!




PAGE 30 |   1 2
Thank You

  Questions?


 Vicente Diaz, Senior Security Researcher, Global Research and Analysis Team
 @trompi
 vicente.diaz@kaspersky.com



PAGE 31 |

Más contenido relacionado

Similar a The enemy in your pocket

IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?Barry Caplin
 
Insurance and Mobile Media
Insurance and Mobile MediaInsurance and Mobile Media
Insurance and Mobile Mediapauldtyler
 
Tablet effect on media consumption
Tablet effect on media consumption Tablet effect on media consumption
Tablet effect on media consumption Fjord
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
BYOD Trends, Challenges, Pitfalls and Tips
BYODTrends, Challenges, Pitfalls and TipsBYODTrends, Challenges, Pitfalls and Tips
BYOD Trends, Challenges, Pitfalls and TipsAxios Systems
 
Sapura sherman
Sapura shermanSapura sherman
Sapura shermanGRIDMMS
 
Information Security, Cybercrime and technology futures allowing you to get a...
Information Security, Cybercrime and technology futures allowing you to get a...Information Security, Cybercrime and technology futures allowing you to get a...
Information Security, Cybercrime and technology futures allowing you to get a...Insight UK
 
What 2014 holds for Internal Communications
What 2014 holds for Internal CommunicationsWhat 2014 holds for Internal Communications
What 2014 holds for Internal CommunicationsTrefor Smith
 
The Role of Product Managers in Securing the Internet of Things by Daniel Eli...
The Role of Product Managers in Securing the Internet of Things by Daniel Eli...The Role of Product Managers in Securing the Internet of Things by Daniel Eli...
The Role of Product Managers in Securing the Internet of Things by Daniel Eli...Product School
 
doc2app - the case for migration
doc2app - the case for migrationdoc2app - the case for migration
doc2app - the case for migrationLandscape
 
Social Media Mashup | Conor Lynch | SocialMedia.ie
Social Media Mashup | Conor Lynch | SocialMedia.ieSocial Media Mashup | Conor Lynch | SocialMedia.ie
Social Media Mashup | Conor Lynch | SocialMedia.ieEnterprise Ireland
 
The Digital Presence Doctor Is In
The Digital Presence Doctor Is InThe Digital Presence Doctor Is In
The Digital Presence Doctor Is InLimelight Networks
 
120822 mobile learning (uhi)
120822 mobile learning (uhi)120822 mobile learning (uhi)
120822 mobile learning (uhi)JISC Legal
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO Alliance
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationFIDO Alliance
 
FIDO Overview: Status and Future
FIDO Overview: Status and FutureFIDO Overview: Status and Future
FIDO Overview: Status and FutureFIDO Alliance
 
Digital Insights for SDG oriented Development organizations - Debrief from We...
Digital Insights for SDG oriented Development organizations - Debrief from We...Digital Insights for SDG oriented Development organizations - Debrief from We...
Digital Insights for SDG oriented Development organizations - Debrief from We...Pooja Munshi
 

Similar a The enemy in your pocket (20)

Chris elmitt
Chris elmittChris elmitt
Chris elmitt
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
 
Insurance and Mobile Media
Insurance and Mobile MediaInsurance and Mobile Media
Insurance and Mobile Media
 
Tablet effect on media consumption
Tablet effect on media consumption Tablet effect on media consumption
Tablet effect on media consumption
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
BYOD Trends, Challenges, Pitfalls and Tips
BYODTrends, Challenges, Pitfalls and TipsBYODTrends, Challenges, Pitfalls and Tips
BYOD Trends, Challenges, Pitfalls and Tips
 
Harnessing Potential of iPads for Business Content
Harnessing Potential of iPads for Business ContentHarnessing Potential of iPads for Business Content
Harnessing Potential of iPads for Business Content
 
Sapura sherman
Sapura shermanSapura sherman
Sapura sherman
 
Information Security, Cybercrime and technology futures allowing you to get a...
Information Security, Cybercrime and technology futures allowing you to get a...Information Security, Cybercrime and technology futures allowing you to get a...
Information Security, Cybercrime and technology futures allowing you to get a...
 
What 2014 holds for Internal Communications
What 2014 holds for Internal CommunicationsWhat 2014 holds for Internal Communications
What 2014 holds for Internal Communications
 
The Role of Product Managers in Securing the Internet of Things by Daniel Eli...
The Role of Product Managers in Securing the Internet of Things by Daniel Eli...The Role of Product Managers in Securing the Internet of Things by Daniel Eli...
The Role of Product Managers in Securing the Internet of Things by Daniel Eli...
 
The computing age
The computing ageThe computing age
The computing age
 
doc2app - the case for migration
doc2app - the case for migrationdoc2app - the case for migration
doc2app - the case for migration
 
Social Media Mashup | Conor Lynch | SocialMedia.ie
Social Media Mashup | Conor Lynch | SocialMedia.ieSocial Media Mashup | Conor Lynch | SocialMedia.ie
Social Media Mashup | Conor Lynch | SocialMedia.ie
 
The Digital Presence Doctor Is In
The Digital Presence Doctor Is InThe Digital Presence Doctor Is In
The Digital Presence Doctor Is In
 
120822 mobile learning (uhi)
120822 mobile learning (uhi)120822 mobile learning (uhi)
120822 mobile learning (uhi)
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
 
FIDO Overview: Status and Future
FIDO Overview: Status and FutureFIDO Overview: Status and Future
FIDO Overview: Status and Future
 
Digital Insights for SDG oriented Development organizations - Debrief from We...
Digital Insights for SDG oriented Development organizations - Debrief from We...Digital Insights for SDG oriented Development organizations - Debrief from We...
Digital Insights for SDG oriented Development organizations - Debrief from We...
 

The enemy in your pocket

Notas del editor

  1. When preparing my presentation I read a lot of materials to see what was this BYOD thing, and this is what I got
  2. Let´s start analyzing the terms and trying to find out what we exactly mean and what the problem is.To start with, you don´t want me to bring my devices to the office? Or to use them in the company´s network? Or to use them at all?And what devices are we talking about? Is just the device the problem? Is ok to use the coorporate phone and then to use Facebook?I know that this is a bit vague but so it is the problem. Let´s get to business.
  3. What are weafraidthathappenswhenwebringourowndevices?Problem 1: youbringsomedevice and everybodygetsinfected
  4. Thisis averylikelyscenario, rememberconficker? However, whatdevices are involvedhere?Nothing new here. Isreallyallthis new fancyfuzz-word BYOD so fashionablethesedaysjustbecausepeopleisbringing laptops and USBstowork?Yes there are someconcerns: USBs and otherdeviceshave OS, howtoupdatethem? Whoisresponsible?Wehavebeenprovidingsolutionsforthesesinceyearsago! Antivirus, policies, IDS, IPS, allthis has beenaroundforyears!
  5. Basicallytosomeonegettingintoourorganization and stealingoursecrets, toour data.Ifwebring a wormintoourorganization, likeconficker, wemaybringitdownfor a fewhours: thisisverybad.Ifwebring a backdoor and theygetoursecrets: wemay lose ourresearch, strategies, products, publicimage … we can lose everything.
  6. Coca-Cola Co. infiltrated in 2009 by hackers seekingdocson a pendingacquisition; dealfallsapartthreedayslater
  7. Smartphones and tablets
  8. Surethey are! Don´twanttoscarewithtypicalmobilestuff, just a simple examples. We are notyet in thebig spread (althoughlastyearwesawsomeexamplesthankstogoogle).Enrollarse un poco con el tema de malware para mobile, casos el año pasado en el googleplayetcDevicesmay be the bridge fortheseattacks, butunlikelyto be themaindoortothem. Stillspearphishingisthemainmethodused.So again, whyweworryaboutthem?
  9. Wouldyoucarry a tracking device?Smartphones are the new mine of goldforspies & attackers: tracking, conversations, camera, micro, email, contacts, gps, etc
  10. Big data-gatherers and small spies.What do you think are all 0day researchers trying to exploit?
  11. Contar la historia del FinSpy.What do you think are all 0day researchers trying to exploit?
  12. Whatsecuritymeasuresyouhave in yourmobile? Howeasyitistogetitwhileyouhave a coffee and installwhatever so I get control of thedevice
  13. Sysadmin now have devices difficult for them to control in their networks. And all the CEOs are around worrying on how people can now steal everything because they bring their smartphones
  14. Isthat a new thing? Isthatbecause of themobilething? BradleyManningdidthebiggest data leakknownto date with a Lady Gaga CD in hishands
  15. I have some really boring figures for you!
  16. Evolution of socialengineeringlately – ontherise, as well as remotehacks of allkind, no more stolen laptops
  17. Twopoints of interestwhere social engineering and/orinstallation of malware on targets mayhad lead tocompromisethevictim´snetwork
  18. Oneyearago I wastalkingabouttheconsumerization of mobiledevices, how using personal and work life together brings trouble.Comment about information gathering and facebook reverse lookup for mobile numbers, even for private numbers – feature deactivated today.
  19. Theproblemhereisnotthedevice,buthowwe use new technologies and tools, howwechangeourlives, and howweinadvertidly can putouremployee in danger.And as such, attackers try allkind of trickstogettheirwaytowhatthey look after. Mobile isnotthe real problemhere, justanothertoolthey can use
  20. Mr. Barksdale shows how people is people, leaks exist.The same on a enterprise level: do we know who else Google provide access to our data?
  21. Information divided in levels, only access depending on a risk score, depends on who, where and how