MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.

Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.

7 Effective Habits when using the Internet Philip O’Kane 1.

Security for Today’s Threat Landscape Kat Pelak 1.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Smartphone Security How safe are you?. Main Points 1. Malware/Spyware 2. Other Mischief 3. How a phone might get infected 4. Staying Safe a. Malware b.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

Remote Access. What is the Remote Access Domain? remote access: the ability for an organization’s users to access its non-public computing resources from.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC.

Chapter Nine Maintaining a Computer Part III: Malware.

Presentation By Deepak Katta

Mobile Policy. Overview Security Risks with Mobile Devices Guidelines for Managing the Security of Mobile Devices in the Enterprise Threats of Mobile.

Introduction Our Topic: Mobile Security Why is mobile security important?

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

THREATS TO MOBILE NETWORK SECURITY

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

A Comprehensive Guide to Mobile Targeted Attacks (and What Can You Do About It) Ohad Bobrov, CTO twitter.com/LacoonSecurity.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 

Topic 5: Basic Security.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Winning with Check point

Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.

Frontline Enterprise Security

SMARTPHONE FORENSICS 101 General Overview of Smartphone Investigations.

Wireless and Mobile Security

Title of Presentation DD/MM/YYYY © 2015 Skycure Why Are Hackers Winning the Mobile Malware Battle.

By: Kaither Holiway and Weston Anderson.  Bump App  Wireless Exploit iphone-relies-on-social-engineering-threat-

Software for Cyber Hygiene © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.

Copyright © 2015 Cyberlight Global Associates Cyberlight GEORGIAN CYBER SECURITY & ICT INNOVATION EVENT 2015 Tbilisi, Georgia19-20 November 2015 Hardware.

Dilip Dwarakanath.  The topic I’m about to present was taken from a paper titled “Apple iOS 4 Security Evaluation” written by Dino A Dai Zovi.  Dino.

Computer Security By Duncan Hall.

January 07 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.

Mobile Security By Jenish Jariwala. What is Mobile Security?  Mobile Security is the protection of smartphones, tablets, laptops and other portable computing.

INTRODUCTION & QUESTIONS.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Introducing the Smartphone Pentesting Framework Georgia Weidman Bulb Security LLC Approved for Public Release, Distribution Unlimited.

Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.

DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.

Mobile Device Security Threats Christina Blakley Host Computer Security.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

Blue Coat Confidential Web and Mobile Application Controls Timothy Chiu Director of Product Marketing, Security July 2012.

THREATS, VULNERABILITIES IN ANDROID OS BY DNYANADA PRAMOD ARJUNWADKAR AJINKYA THORVE Guided by, Prof. Shambhu Upadhyay.

Android and IOS Permissions Why are they here and what do they want from me?

Your data, protected and under control wherever they go SealPath Enterprise – IRM

Module 51 (Mobile Device Fundamentals - Android)

IT Security Awareness Day October 19, 2016

Mobile Devices in the Corporate World

BUILD SECURE PRODUCTS AND SERVICES

Do you know who your employees are sharing their credentials with

Secure Software Confidentiality Integrity Data Security Authentication

Jon Peppler, Menlo Security Channels

BOMGAR REMOTE SUPPORT Karl Lankford

Stealing Credentials.

Malware, Phishing and Network Policies

Industry Best Practices – Security For Smartphones / Mobile Devices

Android.Adware.Plankton.A % Android.Adware.Wapsx.A – 4.73%

Implementing Client Security on Windows 2000 and Windows XP Level 150

Security in mobile technologies

Presentation transcript:

MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD into your Enterprise Security Testing Program Georgia Weidman

Is this a mobile device?

Toilet Mobile Vulnerability Trustwave SpiderLabs Security Advisory TWSL : Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet Controlled via an Android app with a hardcoded pin “0000” “Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.”

Is this a mobile device?

Car Hacked through Mobile Modem

Is this a mobile device?

Mobile Risks

Mobile Remote Attacks Malicious Carrier Update Remote Code Execution Bugs Vulnerable Listening Services

Mobile Client Side Attacks Browser and Web Extensions Mobile Apps Mobile Protocols

Mobile Phishing Attacks

Malicious Applications  Repackage apps with malicious code  Appears normal to the user, malicious functionality in the background  Sign apps with stolen developer keys (avoids iOS restrictions), signing vulnerability (Android master key), or attacker created keys.  Stealthy malware can be uploaded into official stores and company app stores

Mobile Post Exploitation Steal Data ( s, passwords, text messages, location information) Control device (send messages, post on Twitter, record video of user) Privilege Escalation (break out of sandboxes, get access to additional information/control) Mobile Pivoting (attacking other devices on the network, bypassing perimeter controls)

Mobile Pivoting

Mobile Security Controls Enterprise Mobility Management/Mobile Device Management Mobile Antivirus Data Containers Hardened Platforms Data Loss Prevention at Perimeter

Mobile Security Testing Getting sensitive data out of a sandbox/container Known malware running on device undetected Root/jailbreak undetected Downloading and running applications outside of policy Bypass perimeter controls with mobile pivoting

DEMOS!

Questions to Ask Operations Is my Mobile Device Management (MDM) solution set up correctly and providing value? Does it actually do what it says on the box it will do? Are my users responding correctly to mobile based phishing attacks? Do my users install apps from 3 rd party app stores? Is my mobile anti-virus solution warning users before they install something potentially malicious? Does it at least match known threat samples? What would a compromised mobile device be able to access over the network? What sort of sensitive data is stored or transmitted through mobile devices? Would a compromised mobile device in my network be able to compromise and exfiltrate data?

Contact Georgia Weidman Bulb Security LLC/Shevirah Inc.