Who owns your phone? Who feels that they have the right to use your phone for their purposes or on your behalf?

Slides:

Advertisements

Similar presentations

COMPUTERS: TOOLS FOR AN INFORMATION AGE Chapter 3 Operating Systems.

Advertisements

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.

1 Confidential Lessons Learned from the First Generation of Mobile Apps Sean Ginevan, Product Management MobileIron - Confidential1.

Mobile Application Development Keshav Bahadoor. Part 1 Cross Platform Web Applications.

iOS & other Android devices KNOX EMM (Client) Cloud Service Active Directory integration (Optional) Mobile Device & App Management MDM IAM Samsung Device.

IOS VS ANDROID Presented by, Lowkya Pothineni.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

An Introduction to Operating Systems. Definition  An Operating System, or OS, is low-level software that enables a user and higher-level application.

Case study 2 Android – Mobile OS.

IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

OWASP Mobile Top 10 Why They Matter and What We Can Do

Presentation By Deepak Katta

Lesson 8 Operating Systems

 Security and Smartphones By Parker Moore. The Smartphone Takeover  Half of mobile phone subscribers in the United States have a smartphone.  An estimated.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

Operating Systems  By the end of this session, you will know: What an Operating System is. The functions it performs.

© 2010 Cisco and/or its affiliates. All rights reserved. 1 Web Security Fear, Surprise, and Ruthless Efficiency Mary Ellen Zurko.

Computer and Information Sciences

CS 1308 Computer Literacy and the Internet. Introduction  Von Neumann computer  “Naked machine”  Hardware without any helpful user-oriented features.

Mobile Device Security

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

VirtualBox What you need to know to build a Virtual Machine.

© Paradigm Publishing Inc. 4-1 OPERATING SYSTEMS.

Android Security Auditing Slides and projects at samsclass.info.

Android Security Model that Provide a Base Operating System Presented: Hayder Abdulhameed.

Good MDM IOS Overview Presented by: Jerry Wen 02/09/2012.

Chapter 2 Securing Network Server and User Workstations.

Trunica Inc. 500 East Kennedy Blvd #300 Tampa, FL Cross Platform Mobile Apps With Cordova and Visual Studio 2015 © Copyright 2015.

Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.

 Android OS: Java  iOS: Objective C NSArray * foo = [[NSArray alloc]

Wireless and Mobile Security

Dilip Dwarakanath.  The topic I’m about to present was taken from a paper titled “Apple iOS 4 Security Evaluation” written by Dino A Dai Zovi.  Dino.

Writing secure Flex applications  MXML tags with security restrictions  Disabling viewSourceURL  Remove sensitive information from SWF files  Input.

THE WINDOWS OPERATING SYSTEM Computer Basics 1.2.

Easy 802.1X Onboarding with EAPConfig files and Supplicant Configuration Automatic Discovery (SCAD) Gareth Ayres (Speaker) Stefan.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

Android and IOS Permissions Why are they here and what do they want from me?

INTRODUCING HYBRID APP KAU with MICT PARK IT COMPANIES Supported by KOICA

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

Module 51 (Mobile Device Fundamentals - Android)

Nat 4/5 Computing Science Software

Building Secure ColdFusion Applications

Computers & operating systems

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Security: Exploits & Countermeasures

OS X Yosemite Troubleshooting 9L0-066 Exam Questions Pack

Android System Security

Security Issues.

Lesson Objectives Aims Key Words

Outline What does the OS protect? Authentication for operating systems

Security of Mobile Operating Systems

Outline What does the OS protect? Authentication for operating systems

NEED OF JAILBREAKING IN IOS PENETRATION TESTING

The Application Lifecycle

Lesson 8 Operating Systems

Computer Fundamentals

Types of Software.

Computers & operating systems

WWW安全國立暨南國際大學資訊管理學系陳彥錚.

TPM, UEFI, Trusted Boot, Secure Boot

Security: Exploits & Countermeasures

Preventing Privilege Escalation

To change the image on this slide, select the picture and delete it

Chapter 10. Mobile Device Security

New type of devices for identification of users of “Raiffeisen ONLINE” – Hardware and Software Tokens.

Chapter 3 Software.

Presentation transcript:

Who owns your phone? Who feels that they have the right to use your phone for their purposes or on your behalf?

Your Phone Code Data OS Activity Micro-phone Battery Peripherals Competitors Your Phone Code Data Application Authors Your Keeper OS Activity Phone Company Your Employer Camera Micro-phone Network Location Battery Law Enforcement Hardware Manufacture Peripherals Identity Mal OS Author

IOS Security Architecture All apps must signed by Apple To reduce malicious code Quick erase of key store Prevents data access, permanently Backups use different keys Firmware non-readable key (UID) To prevent cloning

IOS Security Architecture Signed Applications Data Library/Device Permissions File Keys Signed OS File Metadata Class Keys Effaceable Storage Boot Loader Phone UID Firmware Apple Root Certificate

Android Security Architecture Linux file system permissions model All apps must be signed Apps run in their own user space “eXecute Never” markings Device resource permissions Confirmed on install Accept all or go away

BYOD Can one device make your kids happy and let IT security sleep nights? Being pushed by Apple With root, all security arrangements are subvertable (futile?) Several venders (e.g. Good) propose walled gardens

HTML5 Security OWASP Top Ten SSL Iframe sandbox Cross Site Scripting (XSS) More opportunities in HTML5 Validate ALL input Make sure data is data and not executable! SSL Secured channel (privacy issues) Server authentication Post vs Get Iframe sandbox Hybrid mobile/web applications Server access to native phone features

References IOS Security Architecture Anroid Security Architecture http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf Anroid Security Architecture http://source.android.com/tech/security/index.html http://developer.android.com/guide/topics/security/permissions.html OWASP https://www.owasp.org/index.php/Top_10_2010-Main http://html5security.org https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

Thank You Robert Klerer ListYourself.net inc. robert@listyourself.net