Mais conteúdo relacionado Mobiquant. Mobile Security : Demystifying the Security Weaknesses of Apple iOS and Google Android - REDA ZITOUNI CTO and VP Chief Security1. A New Era. A New Edge.
Demystifying the Security Weaknesses
of
iOS and Android
Reda Zitouni
CEO of Mobiquant Technologies
Twitter
@mobiquant
#mobilesecurity
www.mobiquant.com
blog.mobiquant.com
Booth A01
© 2013 ISACA. All Rights Reserved.
Follow us @mobiquant
#mobilesecurity
2. A New Era. A New Edge.
A New Era. A New Edge.
Agenda
Mobile Usage Evolution 2008-2013
Mobile Threats Trends in 2013
iOS vs Android Platforms Analysis
MDM vs MSM (Mobile Security Management))
B2B mobility at risk
Future of Mobile Security
Internet object and Data leakage
2
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
3. A New Era. A New Edge.
A New Era. A New Edge.
Mobile Usages Evolution 2008-2013(1)
2008
2011
3
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
4. A New Era. A New Edge.
A New Era. A New Edge.
Mobile Usages Evolution 2008-2013(2)
2008
2011
• Users : Consumerization of mobility rears its head in the enterprise
• ITs: centrally managed and secured
4
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
5. A New Era. A New Edge.
A New Era. A New Edge.
Mobile Usages Evolution 2008-2013(2)
1.
2.
Top priority: Manage the lost or stolen data risk
Priority needs:
1.
Rationalize mobile devices management
2.
Optimize productivity
3.
Simplify administration
4.
Facilitate updates
5.
Control by defining security policies
6.
Standardize the infra mobile management with the rest of the IS
Source : Mobiquant Labs 2013 (400 CISOs in Europe and USA)
5
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
6. A New Era. A New Edge.
A New Era. A New Edge.
Mobile Threats Trends in 2013(1)
B2C: Mobile Typical Criminality: [$]
Worms, Mobile Ransomwares (blocking), SPAM, Malwares
B2B: Mobile in IE global war:
[Data]
Botnets, Spybots, backdoors, pervasive + sophisticated malwares
Governmental, Military, Defense :
[Data or Influence]
Suspicions about government-sponsored attacks will grow. Using
zero-day vulnerabilities and sophistical malware, some of these
attacks may be considered APT (advanced persistent threats)
6
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
7. A New Era. A New Edge.
A New Era. A New Edge.
Mobile Threats Trends in 2013 (2)
7
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
8. A New Era. A New Edge.
A New Era. A New Edge.
iOS vs Android Platforms Analysis (1)
88
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
9. A New Era. A New Edge.
A New Era. A New Edge.
iOS vs Android Platforms Analysis (2)
99
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
Follow us @ISACANews #APCACS
10. A New Era. A New Edge.
A New Era. A New Edge.
iOS vs Android Platforms Analysis (2)
1010
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
Follow us @ISACANews #APCACS
11. A New Era. A New Edge.
A New Era. A New Edge.
iOS vs Android Platforms Analysis (3)
1111
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
Follow us @ISACANews #APCACS
12. A New Era. A New Edge.
A New Era. A New Edge.
iOS vs Android Platforms Analysis (4)
• In 2011 alone, Google removed more than 100
malicious apps
• Google discovered 50 applications infected by a
single piece of malware (Droid Dream : personal
data)
• Google hasn’t always acted in a timely manner :
– +260,000 times before Google removed it from the
app market.
So creating a mobile security policy that requires end
users to protect personal mobile devices within the
enterprise is key to keeping your organization's data
safe.
1212
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
13. A New Era. A New Edge.
A New Era. A New Edge.
iOS vs Android Platforms Analysis (5)
Key Drivers for mobile attacks:
Browser (jailbreak iOS v1..)
Applications (xStores) : No real control PlayStore VS Appstore
Stacks/Software weaknesses: Few on IOS vs Many on Android
1313
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
14. A New Era. A New Edge.
A New Era. A New Edge.
iOS vs Android Platforms Analysis (6)
1414
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
15. A New Era. A New Edge.
A New Era. A New Edge.
iOS vs Android Platforms Analysis (7)
….. But m-security is not only about malware !
B2B constraints and requirements are >B2C
Enterprise Mobility requirements :
Cryptochips : Keys and secrets strongly secured (HW)
CryptoLibraries: Android case of L2TP VPN (IPSec Impossible)
Authentication Protocols (IS, Network, Apps, Web)
MDM vs MSM native API: strengthening IT management (Policies,
Messaging, LOBS security support)
1515
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
16. A New Era. A New Edge.
A New Era. A New Edge.
MDM vs MSM (Mobile Security Management))
- B2B mobility at risk
• MDM (mobile device mangement) is about Asset Management
– Basic security features (wipe, password)
– Fake implementations (ex : PKI, SCEP only)
• MSM (mobile Security Management) is about Security
Management(ISO27001/05, PCSSI, Sox, Bale2…)
– Mobile : VPN, PKI, Encryption, Policies, Apps and web services
security (signing house, monitoring,..)
2013 trends: Many CISOs required by management to take over
back to Mobility Management/Strategy as security not covered
1616
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
17. A New Era. A New Edge.
A New Era. A New Edge.
Future of Mobile Security
Internet objects, Data leakage, Mass-Malwares
More mobility in many usage (Internet Objects):
Exposing data at risk and easing more profitable mass attacks for
hackers
LTE and LTE+ bringing permanent and high bandwith connectivity
(easing blackhat), UMA (Mesh Networks )
Massive standards adoption boosting highly critical (and
benefitial) services : NFC, Mobile Payments, m-Wallets,…
SECURITY TO DO LIST
Need for a real strategy including the Security Experts
Continuous Auditing of the policies enforcements
Devices, Tools, Solutions must be security proven
1717
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
Follow us @ISACANews #APCACS
18. A New Era. A New Edge.
A New Era. A New Edge.
1818
© 2013 ISACA. All Rights Reserved.
Follow us @ISACANews #APCACS
Follow us @ISACANews #APCACS