mobile device security
play

Mobile Device Security and Privacy Information Security and Privacy - PowerPoint PPT Presentation

Sep 22, 2022 •436 likes •971 views

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda Protecting mobile devices and your privacy Protecting Mobile Devices and Your Privacy Before We Start The City of Phoenix does not

  1. Mobile Device Security and Privacy Information Security and Privacy Office January 2012

  2. Agenda • Protecting mobile devices and your privacy

  3. Protecting Mobile Devices and Your Privacy

  4. Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.

  5. Goal: Convince You To… 1. Keep your device with you – don’t leave it unattended 2. Protect your device with a strong password 3. Use anti-malware software 4. Read those (often boring) privacy policies 5. Don’t download or keep apps that request more permissions than needed

  6. Do You Have a Smartphone?

  7. Pop Quiz • How many smartphone users are there in the U.S.? – As of September 2011 • 87.4 million • 33.7 million • 946,800 thousand

  8. Pop Quiz • How many smartphone users are there in the U.S.? – As of 9/2011 • 87.4 million • 33.7 million • 946,800 thousand

  9. Pop Quiz • In the U.S. 113 mobile phones are lost every … • Day • Hour • Minute

  10. Pop Quiz • In the U.S. 113 mobile phones are lost every … • Day • Hour • Minute

  11. Top 10 U.S. Cities for Cell Phone Loss or Theft

  12. Do You Access or Do Banking?

  13. Using Your Smartphone • 44% use a browser to access the Internet – 32.5 million Americans accessed banking • Vendors, retailers, merchants, content providers, mobile operators, and banks are all actively establishing new payment services – The value of mobile payment transactions is projected to reach almost $630 billion by 2014, up from $170 billion in 2010

  14. Password-Protect Your Device • 24% store computer or banking passwords on their mobile devices • More than half of smartphone users do not use any password protection to prevent unauthorized access to their device • What’s the risk?

  15. No Password What’s the Harm? • Access personal email and work email • Access your financial accounts, like banks, Mint.com, or PayPal • Access your data in Google Docs, Evernote, or Dropbox • Post embarrassing updates to Facebook and Twitter • So use a strong password – Require the password after minimum period of inactivity

  16. When Purchasing a Mobile Device • Ask about security features and functions – Can you add a strong password, how are patches deployed… – What apps are pre-loaded, are apps vetted • Pre-loaded apps generally have more permissions than ones you install – What software protections can you can install after purchasing • Do you really need all the bells and whistles • Research the device – What maintenance is needed, is it a hacker target or thief magnet, how do you secure it – Read reviews – are most consumers satisfied

  17. Smartphone Malware What’s the Harm? • Force the infected phone call a given phone number – Remember 900 numbers? • Send premium rate text messages • Automatically visit websites that the malware directs it to – Earns money for malware writer • Steal personal information • Be alert for unusual behaviors on your phone, which could be a sign that it is infected – Unusual text messages, strange charges to the phone bill, and suddenly decreased battery life

  18. What’s the Best Anti-Malware Software? • Read app reviews • Check reliable consumer publications • Check industry publications • Look for names you trust • The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.

  19. Keep a Clean Machine • Keep your mobile security software current • Automate software updates – Many software programs will automatically connect and update to defend against known risks – Example: Sync regularly with iTunes – don’t just charge the battery

  20. Prepare for the Unthinkable • Consider using a “find my device” to locate your device if lost or stolen • Enable remote wipe capability

  21. Mobile Device Privacy

  22. Do You Read App Privacy Policies / Permissions?

  23. Using Your Smartphone • 26% of smartphone owners say they always read the privacy policy when downloading apps – I’m not sure I believe that • 31% say they never read the policy

  24. Example – Game • New! 4 ½ Stars! Reputable Developer!

  25. Example – Game

  26. Why Do Apps Need “Read Phone State and Identity” Permission? • Phone State – Lets the app tell whether you’re on a call or if the phone’s ringing – Allows games, media players, podcasts to pause while you’re on a call • Phone Identity – Developer may need a way to assign a unique ID to you for registration/activation purposes – Many ad publishers use this permission to get the Phone ID for tracking purposes • App may not know who you are exactly, but tracking your usage over time allows a company to build a profile of your individual activity

  27. True or False • A basic Android application has no permissions associated with it – This means the app cannot do anything that would adversely impact the user experience or any data on the device

  28. True! • App developer must specifically state the permissions he wants the app to have

  29. Flashlight App

  30. Compare – Flashlight App • Free! 5 Stars! Lots of installs!

  31. Example – Flashlight App

  32. Example – Flashlight App

  33. True or False • Most free app developers rely on advertising to fund their businesses

  34. True! • Most free app developers rely on advertising to fund their businesses

  35. Why the App’s Free • Free and cheap apps are usually supported by ads – Marketers want to know user demographics to better target ads • The advertising company pays the app developer and supplies a library (of code/programs) that the developer links to within the application – The app developer might not really even be aware of what the ad libraries do • The ad library “piggybacks” on the app’s permissions • So, for example, if the app can read your contact list, the advertiser (through the library) can read your contact list

  36. “Read Phone State and Identity” Trade-off • Some advertising systems, like AdMob, require developers to use this permission so the advertiser can collect statistics • This means: • Both the advertiser and the app publisher can track your usage of the app, and your usage across multiple apps if they collect all that data centrally (which advertisers definitely do)

  37. I Know You • Sign up for something and give your email address or Facebook login – Ties all of the profile information to a real individual • I know where you live, work, and shop – Because of your GPS info • I know what you like – Because of Facebook and your shopping profile • I know your friends and family – Because of Facebook and device contacts and messaging

  38. Before Downloading that App • Be especially wary of typically-suspicious apps (like ringtone apps) that use unneeded permissions • Only install apps with potentially harmful permissions from developers you trust • Check the app’s marketplace rating to determine safety – Not a perfect indicator (like with Flashlight)

  39. Look For Apps That Tell You How It’s Using Permissions

  40. Does the App Want Passwords? • Think twice before giving an app passwords – Example: Some apps ask for passwords to popular services, like GoogleDocs and Dropbox to upload and store things

  41. App Stores • Apple reviews all apps in its store and tries to verify… – Does the app do what it says it does? Does it function reliably? And does it respect the limitations that Apple has put on developers? – This process does weed out some security threats, like apps that carry malware – Does not eliminate all risks to your privacy • Android apps are not vetted – Android market is considered the “wild, wild west”

  42. Example: Movie Trivia Game Uses internet connection to see what the rest of the world has answered to current question

  43. Example: Whole Foods App

  44. iOS Location Services • Tell if an iOS app is using location services • Look for the arrow next to the battery indicator

  45. eBook Reader Privacy • Electronic Frontier Foundation researched and published a guide to eReader privacy – https://www.eff.org/deeplinks/2010/12/2010-e- book-buyers-guide-e-book-privacy

  46. Quiz: Would you use this IM service? From an instant messaging site

  47. Are You Convinced To… 1. Keep your device with you – don’t leave it unattended 2. Protect your device with a strong password 3. Use anti-malware software 4. Read those (often boring) privacy policies 5. Don’t download or keep apps that request more permissions than needed

  48. Questions? Contact ispo@phoenix.gov

  49. More Cowbell (Supplemental Info)

  50. What’s Wrong With This Picture?

  51. QR Codes • Quick Response codes are popping up everywhere – Magazine ads, newsletters, real estate signs, newspaper ads, trade show booths • A QR code is basically a 2D barcode that can be read by smart phone users – An easy way to direct a user to a website – just scan the QR code • Could be a link to a malicious website

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device

Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device

Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device Background* Mobile Device Background* Mobile Device Background* Mobile Device Background* Inexpensive, ubiquitous, wireless, networked,

478 views • 19 slides
Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security

Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security

CS 155 Spring 2018 Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories Physical, platform malware, malicious apps Defense

1.17k views • 93 slides
Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction:

Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction:

Spring 2018 CS 155 Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories n Physical, platform malware, malicious apps Defense against physical theft Thurs

1.28k views • 64 slides
CS 563 Mobile OS & Device Security Advanced Computer Security CS 563 University of Illinois

CS 563 Mobile OS & Device Security Advanced Computer Security CS 563 University of Illinois

CS 563 Mobile OS & Device Security Advanced Computer Security CS 563 University of Illinois at Urbana-Champaign Presentation by: Gliz Seray Tuncay Administrative Announcements : Reaction paper was due today (and all classes)

807 views • 52 slides
Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device

Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device

Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device Security 2013 Boston, MA Presen sented ted by: Francis Brown & Joe DeMesy Bishop Fox www.bishopfox.com Introductions VERY QUICKLY

3.77k views • 83 slides
Edgefield SS Mobile Device Management Briefing Date: 17 th April 19 Mobile device management

Edgefield SS Mobile Device Management Briefing Date: 17 th April 19 Mobile device management

Edgefield SS Mobile Device Management Briefing Date: 17 th April 19 Mobile device management (MDM) An MDM solution control to deploy, monitor, and manage devices Basic F c Fea eatures in ScreenGuide de [Parent] Configure daily Screen Time

144 views • 12 slides
CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL:

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL:

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mobile Phones Networked device

302 views • 11 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Mobile Security Issues Introduction So many cool mobile apps Access to web, personal information, social media, etc

1.05k views • 55 slides
Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC

Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC

Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC (August 2006) Srivaths Ravi (Email: sravi@nec- labs. com) NEC Laboratories America Princeton, NJ Security Requirements of Mobile Appliances

159 views • 12 slides
CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Mobile computing You are tasked in developing a mobile computing system. What features do you need? How do you ensure device

383 views • 24 slides
Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO

Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO

Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly a decade From PC to Mobile

693 views • 54 slides
MOBILE TOUCHSCREEN UI FARHANA HAQUE TOUCHSCREEN MOBILE Input device: mobile phone Layered

MOBILE TOUCHSCREEN UI FARHANA HAQUE TOUCHSCREEN MOBILE Input device: mobile phone Layered

MOBILE TOUCHSCREEN UI FARHANA HAQUE TOUCHSCREEN MOBILE Input device: mobile phone Layered with special type of glass on top User interact directly on the glass Interaction through finger or stylus HAPTIC FEEDBACK Touch

294 views • 17 slides
What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017

What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017

What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017 Dan S. Wallach , Rice University tl;dr The computers inside the computer Every chip has one or more CPUs inside; they have exploitable bugs

1.23k views • 87 slides
Data Collection through Device- to-Device Communications for Mobile Big Data Sensing Hanshang Li,

Data Collection through Device- to-Device Communications for Mobile Big Data Sensing Hanshang Li,

Data Collection through Device- to-Device Communications for Mobile Big Data Sensing Hanshang Li, Ting Li, Xinghua Shi and Yu Wang College of Computing and Informatics University of North Carolina at Charlotte May 17 , 2016 @ The First

566 views • 39 slides
A Snapshot of the Mobile HTML5 Revolution @ jamespearce The Pledge Single device Multi device

A Snapshot of the Mobile HTML5 Revolution @ jamespearce The Pledge Single device Multi device

A Snapshot of the Mobile HTML5 Revolution @ jamespearce The Pledge Single device Multi device Sedentary user Mobile user * Declarative Imperative Thin client Thick client Documents Applications * or supine, or sedentary, or passive,

1.03k views • 84 slides
Hardware and Device Drivers Device virtualization Device drivers and security Bjrn

Hardware and Device Drivers Device virtualization Device drivers and security Bjrn

Outline Faculty of Computer Science Institute for System Architecture, Operating Systems Group What's so different about device drivers? Hardware access Writing device drivers on L4 Reuse of legacy drivers Hardware and Device

619 views • 12 slides
RSSTMMA 2017 IMINT INTELLIGENCE AB 8 maj Andreas Lifvendahl, VD Where we are Strategy

RSSTMMA 2017 IMINT INTELLIGENCE AB 8 maj Andreas Lifvendahl, VD Where we are Strategy

RSSTMMA 2017 IMINT INTELLIGENCE AB 8 maj Andreas Lifvendahl, VD Where we are Strategy taking off Competitive base offering Customer wins & healthy pipeline 4 quarters of sales and growth Complexity Critical

223 views • 19 slides
EANGTN & EANGUS Our Purpose: To organ ganize ize all enlisted persons and work

EANGTN & EANGUS Our Purpose: To organ ganize ize all enlisted persons and work

Enlist isted ed Associat sociation ion of the Nationa onal Guar ard Of T Tennessee nnessee And Enlist isted ed Associat sociation ion of the Nationa onal Guar ard of the United ted St States es EANGTN & EANGUS Our

233 views • 20 slides
ICR CONFERENCE JANUARY 9, 2018 1 Cautionary note on forward looking statements This

ICR CONFERENCE JANUARY 9, 2018 1 Cautionary note on forward looking statements This

ICR CONFERENCE JANUARY 9, 2018 1 Cautionary note on forward looking statements This presentation contains forward-looking statements, within the meaning of the Private Securities Litigation Reform Act of 1995 ("PSLRA"), which are

842 views • 45 slides
Q3 2014 results 14 November 2014 Bengt Baron, CEO Danko Maras, CFO Jacob Broberg, SVP IR 2

Q3 2014 results 14 November 2014 Bengt Baron, CEO Danko Maras, CFO Jacob Broberg, SVP IR 2

Q3 2014 results 14 November 2014 Bengt Baron, CEO Danko Maras, CFO Jacob Broberg, SVP IR 2 Q3 highlights Significant improvement of operating profit Net sales for the quarter increased by 9.1 per cent to SEK 1,303m (1,194)

167 views • 14 slides
Meeting 3 June 10, 2010 Disclaimer Results discussed today are working drafts for Committee

Meeting 3 June 10, 2010 Disclaimer Results discussed today are working drafts for Committee

Meeting 3 June 10, 2010 Disclaimer Results discussed today are working drafts for Committee discussion purposes Data and calculations are still being checked and results may change Framework for the Assessment Current Conditions 1.

614 views • 60 slides
Catalog Classification at the Long Tail using IR and ML Neel Sundaresan (nsundaresan@ebay.com)

Catalog Classification at the Long Tail using IR and ML Neel Sundaresan (nsundaresan@ebay.com)

Catalog Classification at the Long Tail using IR and ML Neel Sundaresan (nsundaresan@ebay.com) Team: Badrul Sarwar, Khash Rohanimanesh, JD R Ruvini, Karin Mauge, Dan Shen ini Karin Ma ge Dan Shen Then There was One When asked if he

771 views • 41 slides
SUMMARY HISTORY PARTNERS OFFER NEWS FUNEL , PERFUME BETTER AND NATURALLY 1884

SUMMARY HISTORY PARTNERS OFFER NEWS FUNEL , PERFUME BETTER AND NATURALLY 1884

SUMMARY HISTORY PARTNERS OFFER NEWS FUNEL , PERFUME BETTER AND NATURALLY 1884 1884, sa saw the the arriv rrival of of Lo Louis is Fu Funel, , artis rtisan perfu erfumer on on the the coa coast t of of Cannes es.

452 views • 20 slides
TYLER 2015 VINTAGE RELEASE WINE SOURCE EXCLUSIVE Justin Willett made some of the most

TYLER 2015 VINTAGE RELEASE WINE SOURCE EXCLUSIVE Justin Willett made some of the most

TYLER 2015 VINTAGE RELEASE WINE SOURCE EXCLUSIVE Justin Willett made some of the most memorable wines of the 2015 vintage. His Chardonnays and Pinot Noirs are exceptional. Its hard to know where to start with this range, as quality is so

212 views • 4 slides

More recommend