SlideShare una empresa de Scribd logo

Mobile (in)security ?

Descargar como PPTX, PDF
Cláudio André
Cláudio André

Is your company data secure? This talk is going to help understand some of the possible attack vectors on mobile platforms and what can Enterprises do, to lower the risk on this platforms.

Tecnología
1 de 20
/// Mobile (in)security ? Cláudio André / ca@integrity.pt
2 /// MOBILE (IN)SECURITY ? WHOAMI • Pentester at Integrity S.A. • Web applications, Mobile Applications and Infrastructure • BSc in Management Information Technology • Offensive Security Certified Professional
301.3 million shipments 3 /// MOBILE (IN)SECURITY ? MOBILE EQUIPMENTS 2014Q2 http://www.idc.com/prodserv/smartphone-os-market-share.jsp
4 /// MOBILE (IN)SECURITY ? 2014Q2 MARKETSHARE 2.5% 0.5% 0.7% 84.7% 11.7% Android iOS Windows Phone BlackBerry OS Others http://www.idc.com/prodserv/smartphone-os-market-share.jsp
5 /// MOBILE (IN)SECURITY ? MOBILE PLATFORMS ON ENTERPRISE BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
6 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
7 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS I'm not a Hacker. Just a silly guy with a ski mask on. Don't know what I'm doing.
8 /// MOBILE (IN)SECURITY ? SECURITY HORROR STORIES 2014 (SO FAR...) Ebay - 145 million users and encrypted email address. JP Morgan Chase - Customer information of 76 million households and 7 million business. Home Depot - 56 million debit and credit cards. Target - 40 million credit and debit cards. Community Health Systems - Personal data of 4.5 million patients.
9 /// MOBILE (IN)SECURITY ? ATTACK VECTORS
10 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Device Network Server
11 /// MOBILE (IN)SECURITY ? ATTACK VECTORS • Browser • System • Phone / SMS • Apps • Malware • ... Device
12 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Tech details in: http://security.claudio.pt
13 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Network • Packet Sniffing • Man-In-The-Middle (MITM) • Rogue Access Point • ...
14 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Server • Brute Force Attacks • SQL Injections • OS Command Execution • ...
15 /// MOBILE (IN)SECURITY ? A WAY TO... Mobile Device Management; Mobile Application Management; Endpoint Security Tools; Network Access Control (NAC) Endpoint Malware Protections; …..
16 /// MOBILE (IN)SECURITY ? MOBILE DEVICE MANAGEMENT - Focus on the Device - Provisioning - Security Policies Enforcement - Reporting and Monitoring - Software Distribution
17 /// MOBILE (IN)SECURITY ? MOBILE APPLICATION MANAGEMENT - Focus on the Applications - Same as previous but applied to the applications. - Corporate App Store (wrapping)
18 /// MOBILE (IN)SECURITY ? WHICH ONE TO CHOOSE ? - Depends on your objectives - Mixed solution
19 /// MOBILE (IN)SECURITY ? NOT ONLY *WARE APPROACH - Defense-In-Depth - Raise User Awareness - Secure Development Best Practises (OWASP) - Threat Modeling - Continuous Penetration Testing
Thank you. 20

Recomendados

2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authenticationhon1nbo
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Llevando la autenticación de sus clientes a un siguiente nivel
Llevando la autenticación de sus clientes a un siguiente nivelLlevando la autenticación de sus clientes a un siguiente nivel
Llevando la autenticación de sus clientes a un siguiente nivelCristian Garcia G.
 
IntactPhone: Securing the Mobile Enterprise
IntactPhone: Securing the Mobile EnterpriseIntactPhone: Securing the Mobile Enterprise
IntactPhone: Securing the Mobile EnterpriseItai Bass
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereForescout Technologies Inc
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 

Recomendados

2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authenticationhon1nbo
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Llevando la autenticación de sus clientes a un siguiente nivel
Llevando la autenticación de sus clientes a un siguiente nivelLlevando la autenticación de sus clientes a un siguiente nivel
Llevando la autenticación de sus clientes a un siguiente nivelCristian Garcia G.
 
IntactPhone: Securing the Mobile Enterprise
IntactPhone: Securing the Mobile EnterpriseIntactPhone: Securing the Mobile Enterprise
IntactPhone: Securing the Mobile EnterpriseItai Bass
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereForescout Technologies Inc
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
OLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicSimon Hartley
 
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...Lumension
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForescout Technologies Inc
 
Wireless Keyboard Threats
Wireless Keyboard ThreatsWireless Keyboard Threats
Wireless Keyboard ThreatsWill Hatcher
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)Forescout Technologies Inc
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsJimmy Shah
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element SolutionsUgo Chirico
 
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...ashoksankar
 
MID_Security_Connected_Jan_van_Vliet_EN
MID_Security_Connected_Jan_van_Vliet_ENMID_Security_Connected_Jan_van_Vliet_EN
MID_Security_Connected_Jan_van_Vliet_ENVladyslav Radetsky
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? Forescout Technologies Inc
 
Mobile protection
Mobile protection Mobile protection
Mobile protection preetpatel72
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingTonex
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile SecurityAVG Technologies AU
 
Android security
Android securityAndroid security
Android securityMohamed Alharbi
 
Loc jack presentation
Loc jack presentationLoc jack presentation
Loc jack presentationQuestTechnologyIntl
 
Mobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirtMobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirtIGN MANTRA
 
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureIndonesia Honeynet Chapter
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1Andris Soroka
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlAruj Thirawat
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 

Más contenido relacionado

La actualidad más candente

OLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicSimon Hartley
 
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...Lumension
 
Wireless Keyboard Threats
Wireless Keyboard ThreatsWireless Keyboard Threats
Wireless Keyboard ThreatsWill Hatcher
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsJimmy Shah
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element SolutionsUgo Chirico
 
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...ashoksankar
 
MID_Security_Connected_Jan_van_Vliet_EN
MID_Security_Connected_Jan_van_Vliet_ENMID_Security_Connected_Jan_van_Vliet_EN
MID_Security_Connected_Jan_van_Vliet_ENVladyslav Radetsky
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? Forescout Technologies Inc
 
Mobile protection
Mobile protection Mobile protection
Mobile protection preetpatel72
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingTonex
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile SecurityAVG Technologies AU
 
Mobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirtMobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirtIGN MANTRA
 
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureIndonesia Honeynet Chapter
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1Andris Soroka
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlAruj Thirawat
 

La actualidad más candente (20)

OLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - Public
 
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk Report
 
Wireless Keyboard Threats
Wireless Keyboard ThreatsWireless Keyboard Threats
Wireless Keyboard Threats
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkits
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
 
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
 
MID_Security_Connected_Jan_van_Vliet_EN
MID_Security_Connected_Jan_van_Vliet_ENMID_Security_Connected_Jan_van_Vliet_EN
MID_Security_Connected_Jan_van_Vliet_EN
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System?
 
Mobile protection
Mobile protection Mobile protection
Mobile protection
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile Security
 
Android security
Android securityAndroid security
Android security
 
Loc jack presentation
Loc jack presentationLoc jack presentation
Loc jack presentation
 
Mobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirtMobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirt
 
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
 

Similar a Mobile (in)security ?

2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
 
Mobile Day - App (In)security
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)securitySoftware Guru
 
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMake Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMichael Davis
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET Journal
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Vrince Vimal
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 
White paper surveillancepointmarket
White paper surveillancepointmarketWhite paper surveillancepointmarket
White paper surveillancepointmarketFinite Moments
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Moon Technolabs Pvt. Ltd.
 
Appaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applicationsAppaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applicationsJulien Ott
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks
 

Similar a Mobile (in)security ? (20)

2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Mobile Day - App (In)security
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)security
 
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMake Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile Security
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture
 
880 st011
880 st011880 st011
880 st011
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber Attacks
 
White paper surveillancepointmarket
White paper surveillancepointmarketWhite paper surveillancepointmarket
White paper surveillancepointmarket
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
Appaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applicationsAppaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applications
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
 

Más de Cláudio André

Droidstat-X, Android Applications Security Analyser Xmind Generator
Droidstat-X, Android Applications Security Analyser Xmind GeneratorDroidstat-X, Android Applications Security Analyser Xmind Generator
Droidstat-X, Android Applications Security Analyser Xmind GeneratorCláudio André
 
This is the secure droid you are looking for
This is the secure droid you are looking forThis is the secure droid you are looking for
This is the secure droid you are looking forCláudio André
 
A day in the life of a pentester
A day in the life of a pentesterA day in the life of a pentester
A day in the life of a pentesterCláudio André
 
Mobile application (in)security - 2nd Integrity Smart Executive Breakfast
Mobile application (in)security - 2nd Integrity Smart Executive BreakfastMobile application (in)security - 2nd Integrity Smart Executive Breakfast
Mobile application (in)security - 2nd Integrity Smart Executive BreakfastCláudio André
 
Hacker, you shall not pass!
Hacker, you shall not pass!Hacker, you shall not pass!
Hacker, you shall not pass!Cláudio André
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 

Más de Cláudio André (7)

Droidstat-X, Android Applications Security Analyser Xmind Generator
Droidstat-X, Android Applications Security Analyser Xmind GeneratorDroidstat-X, Android Applications Security Analyser Xmind Generator
Droidstat-X, Android Applications Security Analyser Xmind Generator
 
This is the secure droid you are looking for
This is the secure droid you are looking forThis is the secure droid you are looking for
This is the secure droid you are looking for
 
Is my app secure?
Is my app secure?Is my app secure?
Is my app secure?
 
A day in the life of a pentester
A day in the life of a pentesterA day in the life of a pentester
A day in the life of a pentester
 
Mobile application (in)security - 2nd Integrity Smart Executive Breakfast
Mobile application (in)security - 2nd Integrity Smart Executive BreakfastMobile application (in)security - 2nd Integrity Smart Executive Breakfast
Mobile application (in)security - 2nd Integrity Smart Executive Breakfast
 
Hacker, you shall not pass!
Hacker, you shall not pass!Hacker, you shall not pass!
Hacker, you shall not pass!
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 

Último

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingSelcen Ozturkcan
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Último (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Mobile (in)security ?

  • 1. /// Mobile (in)security ? Cláudio André / ca@integrity.pt
  • 2. 2 /// MOBILE (IN)SECURITY ? WHOAMI • Pentester at Integrity S.A. • Web applications, Mobile Applications and Infrastructure • BSc in Management Information Technology • Offensive Security Certified Professional
  • 3. 301.3 million shipments 3 /// MOBILE (IN)SECURITY ? MOBILE EQUIPMENTS 2014Q2 http://www.idc.com/prodserv/smartphone-os-market-share.jsp
  • 4. 4 /// MOBILE (IN)SECURITY ? 2014Q2 MARKETSHARE 2.5% 0.5% 0.7% 84.7% 11.7% Android iOS Windows Phone BlackBerry OS Others http://www.idc.com/prodserv/smartphone-os-market-share.jsp
  • 5. 5 /// MOBILE (IN)SECURITY ? MOBILE PLATFORMS ON ENTERPRISE BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
  • 6. 6 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
  • 7. 7 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS I'm not a Hacker. Just a silly guy with a ski mask on. Don't know what I'm doing.
  • 8. 8 /// MOBILE (IN)SECURITY ? SECURITY HORROR STORIES 2014 (SO FAR...) Ebay - 145 million users and encrypted email address. JP Morgan Chase - Customer information of 76 million households and 7 million business. Home Depot - 56 million debit and credit cards. Target - 40 million credit and debit cards. Community Health Systems - Personal data of 4.5 million patients.
  • 9. 9 /// MOBILE (IN)SECURITY ? ATTACK VECTORS
  • 10. 10 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Device Network Server
  • 11. 11 /// MOBILE (IN)SECURITY ? ATTACK VECTORS • Browser • System • Phone / SMS • Apps • Malware • ... Device
  • 12. 12 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Tech details in: http://security.claudio.pt
  • 13. 13 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Network • Packet Sniffing • Man-In-The-Middle (MITM) • Rogue Access Point • ...
  • 14. 14 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Server • Brute Force Attacks • SQL Injections • OS Command Execution • ...
  • 15. 15 /// MOBILE (IN)SECURITY ? A WAY TO... Mobile Device Management; Mobile Application Management; Endpoint Security Tools; Network Access Control (NAC) Endpoint Malware Protections; …..
  • 16. 16 /// MOBILE (IN)SECURITY ? MOBILE DEVICE MANAGEMENT - Focus on the Device - Provisioning - Security Policies Enforcement - Reporting and Monitoring - Software Distribution
  • 17. 17 /// MOBILE (IN)SECURITY ? MOBILE APPLICATION MANAGEMENT - Focus on the Applications - Same as previous but applied to the applications. - Corporate App Store (wrapping)
  • 18. 18 /// MOBILE (IN)SECURITY ? WHICH ONE TO CHOOSE ? - Depends on your objectives - Mixed solution
  • 19. 19 /// MOBILE (IN)SECURITY ? NOT ONLY *WARE APPROACH - Defense-In-Depth - Raise User Awareness - Secure Development Best Practises (OWASP) - Threat Modeling - Continuous Penetration Testing