Smartphone security issues
NCA Seminar, Krushevo, 2013 Aleksandra Gavrilovska
What can you do?
2
Losing your smartphone
What can you do ?
• Lock access to the phone with PIN or password
• Backup phone data in the cloud, computer, memory card
• Find My iPhone • Where’s my Droid
3
4
Malicious software
Malicious software
• Easily distributed via applicaKon stores without security mechanism
• Pirated versions of legiKmate apps • Fetch apps from links on the web (“malverKzing”)
• Install soSware which targets communicaKon, user locaKon or other personal data
• SMS trojan and premium SMS
5
What can you do ?
• Avoid changing phone’s factory seVngs • Don’t jailbreak or root your phone • Install apps only from trusted sources • Read app reviews • Read permissions requested by applicaKon before installing it
• Install firmware updates provided by the manufacturer
6
7
Malicious QR codes
• QR code usually contain web link • Smartphone browser is automaKcally launched
• Install malware • Link to phishing site • Steal informaKon
8
What can you do ?
• Use app that has built in securiKes features (Norton Snap)
• Enable QR code review • Check if it is sKcker (in real life)
9
10
Vulnerable wireless networks
What can you do ?
• Don’t transmit sensiKve data via public Wi-‐Fi, which is usually unencrypted
• Send sensiKve data to sites that you trust • Check if it web address starts with haps • Use secure, encrypted VPN to connect to corporate network
11
12
P A N I C
What can you do ?
• Use Mobile device security tools – Mobile device management – Sandboxing – Secure browsers
13
14
…because we develop mobile applications…
OWASP Mobile Security Project
• OWASP FoundaKon • For developers and security teams • How to build and maintain secure mobile apps • Primary focus on applicaKon layer
15
OWASP Mobile Security Project
• Top Ten Mobile Risks • Mobile security tesKng • Mobile cheat sheet series • Secure mobile development • Top ten mobile controls and design principles
16
17
Thank you.