View
247
Download
2
Embed Size (px)
Citation preview
Ensuring Mobile Device Security
Quick Heal Technologies Private Limited
• App stores and mobile apps are the greatest hostile code and malware delivery mechanism ever created.
— Winn Schwartau, chairman of MobileActiveDefense.com
• For most enterprises and consumers today, mobile and cloud security are viewed in a pretty straightforward way — don't assume there is any.
— Russ Dietz, CTO of SafeNet
Introduction
What do we do with mobile devices?
Phone service and text messaging
Personal email
Scheduling appointments & reminders
Accessing social websites
Listening to music and watching videos
Playing online games
Online shopping, banking and bill paying
Document & other data storage
Information stored in mobile devices
Usernames
Contacts
Passwords
Cookies
Location data
UDID/IMEI, Device name, Network connection name
Personal information: DoB, address, social, credit card data, photographs etc.
Application data
Confidential and official documents
Transaction history
Number Crunching..
Mobile device explosion
There are officially more mobile devices than people in the world
And they’re multiplying five times faster than we are
December 2014
7.1 Billion
People
7.7 Billion
Mobile Devices
14.1 Lac Apps
on Google Play
1.4+ million apps available
75+ billion apps downloaded
Do you agree?
With the explosive growth of smartphones, tablets and other mobile devices, consumers must make
security of the mobile devices a priority & find means for securing their mobile devices seamlessly and
efficiently.
Risks associated with mobile devices
Portable data storage
Wireless connections
3rd party applications
Data integrity
Data availability
To ensure mobile device security
Ensure the security of the mobile device
Ensure the security of mobile data
Ensure the security of mobile applications
Threats To Mobile Devices
Quick Heal Technologies Private Limited
Threats to mobile devices
Mobile malware
Smartphones and tablets are susceptible to worms, viruses, Trojans and spyware similarly to desktops
Mobile malware can steal sensitive data, rack up long distance phone charges and
collect user data
Threats to mobile devices
Eavesdropping
Wireless networks have good link-level security but lack end-to-end upper-layer security
Data sent from the device to the outside world is often unencrypted
Intruders eavesdrop on user’s sensitive communications
Threats to mobile devices
Unauthorized access
Unauthorized access to mobile devices also means unauthorized access to emails, apps, social media profiles, multimedia files and more.
Threats to mobile devices
Theft and loss
Mobile devices are easily susceptible to loss or theft
Leaving your phone in a taxi or getting your phone stolen during a bus commute
Data stored in such devices is at risk
The data could be corporate mails, passwords, bank statements & other crucial information
Threats to mobile devices
Unlicensed and unmanaged applications
Even popular apps have vulnerabilities that are open for exploits
Needless to say, the security threats posed by unlicensed apps
Whether apps are licensed or not, they must be updated regularly to fix vulnerabilities that could be exploited to gain unauthorized access or steal data
Threats to mobile devices
Unlicensed and unmanaged applications
Access to confidential data
In-app ads get the same permissions
Malicious and suspicious app activity
System instability
Methods to handle mobile security
Authentication
Encryption
Filtering
Authentication
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be
User authentication is usually handled with username & password combinations, biometric identifications, PINs etc.
Ultimate aim is to ensure device access to authentic users only
Authentication
Mobile devices by default are not password enabled
However, most of the devices have technical capability to support authentication - passwords, PINs, pattern screen locks, and biometric readers
It is up to the users to ensure these are enabled
Encryption
Encryption is the conversion of data into a form, called a ‘ciphertext’, that cannot be easily understood by unauthorized people
In simple words, encryption is the method of converting plain text to encoded text which is unreadable by intruders
Encryption
Encrypting mobile devices helps in securing data stored on a mobile device or transmitted from mobile devices
Most mobile devices have data encryption capabilities
Data encryption has little or no impact on the way users access the data
Encryption
Encryption limits the ability of intruders to obtain readable and reckonable data from the mobile device
Encryption also makes it difficult to generate important data for authentication
Filtering
Filtering is the process of removing threats arising due to web access, email and apps
Mobile devices by default do not have filtering capabilities
Web pages & email attachments are often used as carriers of viruses and malware attacks
Filtering can be done with the use of a mobile security software and it is not a default facility provided by mobile devices
Ensuring Mobile Device Security
Quick Heal Technologies Private Limited
To prevent damage from theft or loss
Set a PIN or password
Set to automatically lock screens
Backup your contact info
Install a security app
Turn on encryption
Turn on location settings
Enable remote wipe if available
Act immediately if lost - Report to the authorities
Ervins Strauhmanis / Foter / CC BY
https://www.flickr.com/photos/ervins_strauhmanis/14365412089/
Review application permissions
Take time to read the small print
• What information does the app require access to?
Encrypt your phone
Encrypt the device data to make it difficult for intruders to gain and understand sensitive information
Apps from unknown sources - Take a call
Apps from unknown sources are necessary sometimes
Mobile Device Management (MDM) - For enterprises
Mobile Device Management (MDM) apps allow enrollment of corporate devices over a seamless cloud-based solution for all mobile devices within the enterprise
Once a device is connected to the corporate network, an authorized administrator can manage and control the mobile fleet
MDM solutions secure, monitor and manage mobile devices within the enterprise
It also blocks phishing and malicious websites and filters web access
How can Quick Heal help?
Quick Heal Technologies Private Limited
How can Quick Heal help?
Quick Heal Khareedo Gaadi Jeeto Contest
Write to us at: [email protected] Follow us on: Facebook - www.facebook.com/quickhealav Twitter - www.twitter.com/quickheal G+ - http://bit.ly/QuickHealGooglePlus YouTube - www.youtube.com/quickheal SlideShare - http://www.slideshare.net/QuickHealPPTs Visit us: Website - www.quickheal.com Official Blog - http://blogs.quickheal.com
Thank You!
• http://www.itsecuritywatch.com/mobile-security/10-great-quotes-about-mobile-security/?mode=featured
• http://www.independent.co.uk/life-style/gadgets-and-tech/news/there-are-officially-more-mobile-devices-than-people-in-the-world-9780518.html
• blogs.quickheal.com
References