SlideShare uma empresa Scribd logo

Mobiquant. Mobile Security : Demystifying the Security Weaknesses of Apple iOS and Google Android - REDA ZITOUNI CTO and VP Chief Security

MOBIQUANT TECHNOLOGIES
MOBIQUANT TECHNOLOGIES

Mobiquant - Mobile Security Conference at ISACA 2013 Singapore Conference . "Demystifying the security weaknesses of Apple ios and Android 2013" by Mobiquant Technologies CEO and CTO, Reda Zitouni. Securing mobile devices within the enterprise mobility has become a main concern for nearly any CIO or CISO in the enterprises or government organizations in 2013. 2014 will be even putting IT leaders under pressure. Many myths have arised has lot of stakeholders have entered the game but dealing with security as a basic marketing argument. What Mobiquant demonstrates during this conference in a deep dive technical session is the major risk they have to face many organization not caring about mobile security at the time of deploying an architecture and solution. BYOD, MDM, Enterprise Mobility, Multiplatfom devices, MEAP, MAM, EMM... many concepts that finally lead to the same conclusion. A mobile strategy, driven with the key people is more than necessary and laying down on the fundamentals of any IT and security projects. REDA ZITOUNI CTO and VP Chief Security

Tecnologia
1 de 18
A New Era. A New Edge. Demystifying the Security Weaknesses of iOS and Android Reda Zitouni CEO of Mobiquant Technologies Twitter @mobiquant #mobilesecurity www.mobiquant.com blog.mobiquant.com Booth A01 © 2013 ISACA. All Rights Reserved. Follow us @mobiquant #mobilesecurity
A New Era. A New Edge. A New Era. A New Edge. Agenda Mobile Usage Evolution 2008-2013 Mobile Threats Trends in 2013 iOS vs Android Platforms Analysis MDM vs MSM (Mobile Security Management)) B2B mobility at risk Future of Mobile Security Internet object and Data leakage 2 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. Mobile Usages Evolution 2008-2013(1) 2008 2011 3 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. Mobile Usages Evolution 2008-2013(2) 2008 2011 • Users : Consumerization of mobility rears its head in the enterprise • ITs: centrally managed and secured 4 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. Mobile Usages Evolution 2008-2013(2) 1. 2. Top priority: Manage the lost or stolen data risk Priority needs: 1. Rationalize mobile devices management 2. Optimize productivity 3. Simplify administration 4. Facilitate updates 5. Control by defining security policies 6. Standardize the infra mobile management with the rest of the IS Source : Mobiquant Labs 2013 (400 CISOs in Europe and USA) 5 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. Mobile Threats Trends in 2013(1) B2C: Mobile Typical Criminality: [$] Worms, Mobile Ransomwares (blocking), SPAM, Malwares B2B: Mobile in IE global war: [Data] Botnets, Spybots, backdoors, pervasive + sophisticated malwares Governmental, Military, Defense : [Data or Influence] Suspicions about government-sponsored attacks will grow. Using zero-day vulnerabilities and sophistical malware, some of these attacks may be considered APT (advanced persistent threats) 6 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. Mobile Threats Trends in 2013 (2) 7 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (1) 88 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (2) 99 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (2) 1010 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (3) 1111 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (4) • In 2011 alone, Google removed more than 100 malicious apps • Google discovered 50 applications infected by a single piece of malware (Droid Dream : personal data) • Google hasn’t always acted in a timely manner : – +260,000 times before Google removed it from the app market. So creating a mobile security policy that requires end users to protect personal mobile devices within the enterprise is key to keeping your organization's data safe. 1212 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (5) Key Drivers for mobile attacks: Browser (jailbreak iOS v1..) Applications (xStores) : No real control PlayStore VS Appstore Stacks/Software weaknesses: Few on IOS vs Many on Android 1313 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (6) 1414 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (7) ….. But m-security is not only about malware ! B2B constraints and requirements are >B2C Enterprise Mobility requirements : Cryptochips : Keys and secrets strongly secured (HW) CryptoLibraries: Android case of L2TP VPN (IPSec Impossible) Authentication Protocols (IS, Network, Apps, Web) MDM vs MSM native API: strengthening IT management (Policies, Messaging, LOBS security support) 1515 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. MDM vs MSM (Mobile Security Management)) - B2B mobility at risk • MDM (mobile device mangement) is about Asset Management – Basic security features (wipe, password) – Fake implementations (ex : PKI, SCEP only) • MSM (mobile Security Management) is about Security Management(ISO27001/05, PCSSI, Sox, Bale2…) – Mobile : VPN, PKI, Encryption, Policies, Apps and web services security (signing house, monitoring,..) 2013 trends: Many CISOs required by management to take over back to Mobility Management/Strategy as security not covered 1616 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. Future of Mobile Security Internet objects, Data leakage, Mass-Malwares More mobility in many usage (Internet Objects): Exposing data at risk and easing more profitable mass attacks for hackers LTE and LTE+ bringing permanent and high bandwith connectivity (easing blackhat), UMA (Mesh Networks ) Massive standards adoption boosting highly critical (and benefitial) services : NFC, Mobile Payments, m-Wallets,… SECURITY TO DO LIST Need for a real strategy including the Security Experts Continuous Auditing of the policies enforcements Devices, Tools, Solutions must be security proven 1717 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
A New Era. A New Edge. A New Era. A New Edge. 1818 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS

Recomendados

Names and Professions
Names and ProfessionsNames and Professions
Names and Professions
Desh Kapoor
 
UCM 3
UCM 3UCM 3
UCM 3
zglazenburg
 
Presentatsioon Taimerakust
Presentatsioon TaimerakustPresentatsioon Taimerakust
Presentatsioon Taimerakust
guest61baa7
 
Rekenen Met Tin
Rekenen Met TinRekenen Met Tin
Rekenen Met Tin
ireshadse
 
Greek Mythology I Search
Greek Mythology I SearchGreek Mythology I Search
Greek Mythology I Search
sherylyn
 
Fluffy Puffy Cloud Pets Demo
Fluffy Puffy Cloud Pets DemoFluffy Puffy Cloud Pets Demo
Fluffy Puffy Cloud Pets Demo
Bess Ho
 
Free Fall & Projectiles 2
Free Fall & Projectiles 2Free Fall & Projectiles 2
Free Fall & Projectiles 2
zglazenburg
 
"Openheid met Beleid" (versie juni 2009)
"Openheid met Beleid" (versie juni 2009)"Openheid met Beleid" (versie juni 2009)
"Openheid met Beleid" (versie juni 2009)
Fabrice Mous
 

Recomendados

Names and Professions
Names and ProfessionsNames and Professions
Names and Professions
Desh Kapoor
 
UCM 3
UCM 3UCM 3
UCM 3
zglazenburg
 
Presentatsioon Taimerakust
Presentatsioon TaimerakustPresentatsioon Taimerakust
Presentatsioon Taimerakust
guest61baa7
 
Rekenen Met Tin
Rekenen Met TinRekenen Met Tin
Rekenen Met Tin
ireshadse
 
Greek Mythology I Search
Greek Mythology I SearchGreek Mythology I Search
Greek Mythology I Search
sherylyn
 
Fluffy Puffy Cloud Pets Demo
Fluffy Puffy Cloud Pets DemoFluffy Puffy Cloud Pets Demo
Fluffy Puffy Cloud Pets Demo
Bess Ho
 
Free Fall & Projectiles 2
Free Fall & Projectiles 2Free Fall & Projectiles 2
Free Fall & Projectiles 2
zglazenburg
 
"Openheid met Beleid" (versie juni 2009)
"Openheid met Beleid" (versie juni 2009)"Openheid met Beleid" (versie juni 2009)
"Openheid met Beleid" (versie juni 2009)
Fabrice Mous
 
Images of Scenic Nissequogue
Images of Scenic NissequogueImages of Scenic Nissequogue
Images of Scenic Nissequogue
niss
 
Ad
AdAd
Ad
QTKell4
 
Выкройки бумажных изделий
Выкройки бумажных изделийВыкройки бумажных изделий
Выкройки бумажных изделий
benial
 
Min Individuelle Oppgave
Min Individuelle OppgaveMin Individuelle Oppgave
Min Individuelle Oppgave
maritkjeldsberg
 
Multichannel verzekeren
Multichannel verzekerenMultichannel verzekeren
Multichannel verzekeren
Roger Schoenmakers
 
Weather Watchers
Weather WatchersWeather Watchers
Weather Watchers
ajeansta
 
Alpharma Marte
Alpharma MarteAlpharma Marte
Alpharma Marte
maritkjeldsberg
 
Energize your Community
Energize your CommunityEnergize your Community
Energize your Community
Fabrice Mous
 
Wwi Good Copy 2
Wwi Good Copy 2Wwi Good Copy 2
Wwi Good Copy 2
rgilpin
 
UUCAVA
UUCAVAUUCAVA
UUCAVA
June Herold
 
Vousavezditsexy
VousavezditsexyVousavezditsexy
Vousavezditsexy
guest4a91e8
 
Boating Safety Scott Morgan
Boating Safety Scott MorganBoating Safety Scott Morgan
Boating Safety Scott Morgan
lheath
 
Cs5
Cs5Cs5
Cs5
Margarita Guinó Arias
 
Open Utrecht
Open UtrechtOpen Utrecht
Open Utrecht
Fabrice Mous
 
Islam
IslamIslam
Islam
ken_schreiben
 
Layar V2 Event Final Slideshare
Layar V2 Event Final SlideshareLayar V2 Event Final Slideshare
Layar V2 Event Final Slideshare
Claire Boonstra
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
 

Mais conteúdo relacionado

Destaque

Images of Scenic Nissequogue
Images of Scenic NissequogueImages of Scenic Nissequogue
Images of Scenic Nissequogue
niss
 
Min Individuelle Oppgave
Min Individuelle OppgaveMin Individuelle Oppgave
Min Individuelle Oppgave
maritkjeldsberg
 
Wwi Good Copy 2
Wwi Good Copy 2Wwi Good Copy 2
Wwi Good Copy 2
rgilpin
 
Boating Safety Scott Morgan
Boating Safety Scott MorganBoating Safety Scott Morgan
Boating Safety Scott Morgan
lheath
 
Open Utrecht
Open UtrechtOpen Utrecht
Open Utrecht
Fabrice Mous
 

Destaque (16)

Images of Scenic Nissequogue
Images of Scenic NissequogueImages of Scenic Nissequogue
Images of Scenic Nissequogue
 
Ad
AdAd
Ad
 
Выкройки бумажных изделий
Выкройки бумажных изделийВыкройки бумажных изделий
Выкройки бумажных изделий
 
Min Individuelle Oppgave
Min Individuelle OppgaveMin Individuelle Oppgave
Min Individuelle Oppgave
 
Multichannel verzekeren
Multichannel verzekerenMultichannel verzekeren
Multichannel verzekeren
 
Weather Watchers
Weather WatchersWeather Watchers
Weather Watchers
 
Alpharma Marte
Alpharma MarteAlpharma Marte
Alpharma Marte
 
Energize your Community
Energize your CommunityEnergize your Community
Energize your Community
 
Wwi Good Copy 2
Wwi Good Copy 2Wwi Good Copy 2
Wwi Good Copy 2
 
UUCAVA
UUCAVAUUCAVA
UUCAVA
 
Vousavezditsexy
VousavezditsexyVousavezditsexy
Vousavezditsexy
 
Boating Safety Scott Morgan
Boating Safety Scott MorganBoating Safety Scott Morgan
Boating Safety Scott Morgan
 
Cs5
Cs5Cs5
Cs5
 
Open Utrecht
Open UtrechtOpen Utrecht
Open Utrecht
 
Islam
IslamIslam
Islam
 
Layar V2 Event Final Slideshare
Layar V2 Event Final SlideshareLayar V2 Event Final Slideshare
Layar V2 Event Final Slideshare
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 

Mobiquant. Mobile Security : Demystifying the Security Weaknesses of Apple iOS and Google Android - REDA ZITOUNI CTO and VP Chief Security

  • 1. A New Era. A New Edge. Demystifying the Security Weaknesses of iOS and Android Reda Zitouni CEO of Mobiquant Technologies Twitter @mobiquant #mobilesecurity www.mobiquant.com blog.mobiquant.com Booth A01 © 2013 ISACA. All Rights Reserved. Follow us @mobiquant #mobilesecurity
  • 2. A New Era. A New Edge. A New Era. A New Edge. Agenda Mobile Usage Evolution 2008-2013 Mobile Threats Trends in 2013 iOS vs Android Platforms Analysis MDM vs MSM (Mobile Security Management)) B2B mobility at risk Future of Mobile Security Internet object and Data leakage 2 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 3. A New Era. A New Edge. A New Era. A New Edge. Mobile Usages Evolution 2008-2013(1) 2008 2011 3 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 4. A New Era. A New Edge. A New Era. A New Edge. Mobile Usages Evolution 2008-2013(2) 2008 2011 • Users : Consumerization of mobility rears its head in the enterprise • ITs: centrally managed and secured 4 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 5. A New Era. A New Edge. A New Era. A New Edge. Mobile Usages Evolution 2008-2013(2) 1. 2. Top priority: Manage the lost or stolen data risk Priority needs: 1. Rationalize mobile devices management 2. Optimize productivity 3. Simplify administration 4. Facilitate updates 5. Control by defining security policies 6. Standardize the infra mobile management with the rest of the IS Source : Mobiquant Labs 2013 (400 CISOs in Europe and USA) 5 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 6. A New Era. A New Edge. A New Era. A New Edge. Mobile Threats Trends in 2013(1) B2C: Mobile Typical Criminality: [$] Worms, Mobile Ransomwares (blocking), SPAM, Malwares B2B: Mobile in IE global war: [Data] Botnets, Spybots, backdoors, pervasive + sophisticated malwares Governmental, Military, Defense : [Data or Influence] Suspicions about government-sponsored attacks will grow. Using zero-day vulnerabilities and sophistical malware, some of these attacks may be considered APT (advanced persistent threats) 6 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 7. A New Era. A New Edge. A New Era. A New Edge. Mobile Threats Trends in 2013 (2) 7 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 8. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (1) 88 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 9. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (2) 99 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
  • 10. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (2) 1010 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
  • 11. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (3) 1111 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
  • 12. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (4) • In 2011 alone, Google removed more than 100 malicious apps • Google discovered 50 applications infected by a single piece of malware (Droid Dream : personal data) • Google hasn’t always acted in a timely manner : – +260,000 times before Google removed it from the app market. So creating a mobile security policy that requires end users to protect personal mobile devices within the enterprise is key to keeping your organization's data safe. 1212 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 13. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (5) Key Drivers for mobile attacks: Browser (jailbreak iOS v1..) Applications (xStores) : No real control PlayStore VS Appstore Stacks/Software weaknesses: Few on IOS vs Many on Android 1313 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 14. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (6) 1414 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 15. A New Era. A New Edge. A New Era. A New Edge. iOS vs Android Platforms Analysis (7) ….. But m-security is not only about malware ! B2B constraints and requirements are >B2C Enterprise Mobility requirements : Cryptochips : Keys and secrets strongly secured (HW) CryptoLibraries: Android case of L2TP VPN (IPSec Impossible) Authentication Protocols (IS, Network, Apps, Web) MDM vs MSM native API: strengthening IT management (Policies, Messaging, LOBS security support) 1515 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 16. A New Era. A New Edge. A New Era. A New Edge. MDM vs MSM (Mobile Security Management)) - B2B mobility at risk • MDM (mobile device mangement) is about Asset Management – Basic security features (wipe, password) – Fake implementations (ex : PKI, SCEP only) • MSM (mobile Security Management) is about Security Management(ISO27001/05, PCSSI, Sox, Bale2…) – Mobile : VPN, PKI, Encryption, Policies, Apps and web services security (signing house, monitoring,..) 2013 trends: Many CISOs required by management to take over back to Mobility Management/Strategy as security not covered 1616 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS
  • 17. A New Era. A New Edge. A New Era. A New Edge. Future of Mobile Security Internet objects, Data leakage, Mass-Malwares More mobility in many usage (Internet Objects): Exposing data at risk and easing more profitable mass attacks for hackers LTE and LTE+ bringing permanent and high bandwith connectivity (easing blackhat), UMA (Mesh Networks ) Massive standards adoption boosting highly critical (and benefitial) services : NFC, Mobile Payments, m-Wallets,… SECURITY TO DO LIST Need for a real strategy including the Security Experts Continuous Auditing of the policies enforcements Devices, Tools, Solutions must be security proven 1717 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS
  • 18. A New Era. A New Edge. A New Era. A New Edge. 1818 © 2013 ISACA. All Rights Reserved. Follow us @ISACANews #APCACS Follow us @ISACANews #APCACS