Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Your Android Device Terry Labach Information Security Services, IST.

Published byArleen Palmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Your Android Device Terry Labach Information Security Services, IST."— Presentation transcript:

1 Securing Your Android Device Terry Labach Information Security Services, IST

2 "To see everything without being seen is, needless to say, the prerogative of the biblical God whose eyes run everywhere, as well as the labor of spies and surveillance agencies, and the fondest desire of the voyeur.“ - Margaret Atwood #watitis2013

3 Android mobile device operating system market share 43% in Canada, 52% in the US, 80% worldwide 2013 DHS/FBI report stated Android attracted 79 per cent of all malware attacks because of “market share and open source architecture” #watitis2013

4 Android risks open architecture offers more opportunities for attack many vendor and developer-tweaked versions, harder to patch “rooted” phones can use wider range of features but lose protection no magic bullet to mitigate risks #watitis2013

5 What's on your phone? social media apps financial/banking apps photos address book usernames, passwords … #watitis2013

6 What are bad guys looking for? $$$ steal phone for resale banking information texts to premium SMS in-app purchases … #watitis2013

7 Steps to securing your device Physical security Access security File security App security Network security System security Usage security Software #watitis2013

8 Physical security Hang on to phone Don't leave it unattended #watitis2013

9 Access security Screen lock phone with –swipe code –PIN –password #watitis2013

10

11 File security Back up files Encrypt files #watitis2013

12 Encrypt files individually – simplest method but onerous APG - OpenPGP implementation for Android https://play.google.com/store/apps/details? id=org.thialfihar.android.apg #watitis2013

13 Encrypt SD card Depending on device, select one of –Settings > Security –Settings > Storage Select SD card encryption checkbox Encrypt before adding data! Once set, any non-encrypted SD card placed in phone will be read only. #watitis2013

14

15 Pre encryption

16 Post encryption #watitis2013

17 Encrypt phone storage protects internal phone memory slows phone operations fully charge phone first, keep plugged in during encryption #watitis2013

18 Encrypt phone storage Depending on device, select one of –Settings > Security –Settings > Storage select Storage encryption checkbox storage will be encrypted can’t undo encryption, factory reset only way to unencrypt, causing data loss #watitis2013

19 Network security Turn off WiFi/Bluetooth/NFC when not needed WiFi –avoid joining unknown networks and using public hotspots Don't use unencrypted communications –VPN (AnyConnect) –Web (https) #watitis2013

20 Near field communication (NFC) NFC tags are chips that will share digital information on some Android devices, NFC is allowed to automatically launch the web browser could download malware villain creates malicious NFC tags and places them near legitimate ones #watitis2013

21 Controlling network access JuiceDefender https://play.google.com/store/apps/details? id=com.latedroid.juicedefender&hl=en location-aware WiFi Control (e.g. enable WiFi only at home/work, disable it otherwise) #watitis2013

22 Usage security phishing vishing smishing #watitis2013

23 QR codes encode URLS as bar code used to disguise malware #watitis2013

24

25 App security some apps, even from the Google Play store, have malicious features –keyloggers –contact snooping –data theft –malware downloads more malware –root attacks #watitis2013

26 Limit the apps you install limit the number don't automatically install apps if website/message/popup tells you to do so don’t install if permissions are suspicious limit app permissions buy your apps instead of installing free cracked versions #watitis2013

27

28 App security disable untrusted app stores open one of –Settings>Applications –Settings>Security locate the Unknown sources ensure it is unchecked #watitis2013

29

30 Maintain your apps Prevent accidental app purchases Update your apps Remove old apps #watitis2013

31

32 System security patch and update Android vendor updates reliable third-party distributions –Cyanogenmod http://www.cyanogenmod.org/ –Replicant http://replicant.us #watitis2013

33 System security disable Google sync of WiFi passwords, settings, etc. #watitis2013

34

35 Security software Software suites Avast! Mobile Security –antivirus, firewall, phone tracker, privacy, etc. Lookout Security & Antivirus –antivirus, phone tracker, privacy, etc. 360 Mobile Security –antivirus, privacy, etc. #watitis2013

36 Security software Kaspersky Internet Security for Android –antivirus, phone tracker, privacy, etc. Norton Security antivirus –antivirus, phone tracker, privacy, etc. #watitis2013

37 Privacy software Wickr - Top Secret Messenger –self-destructing, encrypted messages Clueful for Android –shows you how installed apps use your personal information #watitis2013

38 My phone’s been stolen! report to campus police change passwords on accounts used by the device immediately attempt to locate using a software suite mentioned above, or Where's My Droid Android Device Manager #watitis2013

39 Where's My Droid special text message to phone will cause it to respond in some cases, can install from Play Store after phone is lost or stolen risk of misuse if someone knows you use this app #watitis2013

40 Android Device Manager https://www.google.com/android/devicema nager Remotely locate and factory reset your device #watitis2013

41

42 References - Canada Public Safety Canada –Using mobile devices http://www.getcybersafe.gc.ca/cnt/rsks/nln- ctvts/mbl-eng.aspx –Using web-enabled devices safely http://www.getcybersafe.gc.ca/cnt/prtct-dvcs/mbl- dvcs/index-eng.aspx #watitis2013

43 References - US United States Computer Emergency Readiness Team –http://www.us-cert.gov –Technical Information Paper: Cyber Threats to Mobile Devices –http://www.us-cert.gov/reading_room/TIP10- 105-01.pdfhttp://www.us-cert.gov/reading_room/TIP10- 105-01.pdf #watitis2013

44 References - US CERT (Computer Emergency Response Team) –http://www.cert.org –Mobile Device Security: Threats, Risks, and Actions to Take –http://www.cert.org/podcast/show/20100831fr ederick.html #watitis2013

45 References - technical XDA Developers –http://www.xda-developers.com/ XDA Android Developers forum –http://forum.xda-developers.com/android 20 security and privacy apps for Androids and iPhones –http://www.csoonline.com/slideshow/detail/66 493 #watitis2013

46 References - UW University of Waterloo Information Security Services (ISS) team –https://uwaterloo.ca/information-systems- technology/about/organizational- structure/information-security-services University of Waterloo Security Operations Centre (SOC) –soc@uwaterloo.ca #watitis2013

47 References - UW Terry Labach –tlabach@uwaterloo.catlabach@uwaterloo.ca User education Developer and project consulting Web application scanning #watitis2013

48 Questions? #watitis2013

49

50

51

Download ppt "Securing Your Android Device Terry Labach Information Security Services, IST."

Similar presentations

Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Alcatel Onetouch Antivirus. 2 Thinking about security on your smartphone Alcatel OneTouch? We have the solution. Among the applications on your smartphone,

1 Alcatel Onetouch Antivirus. 2 Thinking about security on your smartphone Alcatel OneTouch? We have the solution. Among the applications on your smartphone,
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Smartphone Security How safe are you?. Main Points 1. Malware/Spyware 2. Other Mischief 3. How a phone might get infected 4. Staying Safe a. Malware b.

Smartphone Security How safe are you?. Main Points 1. Malware/Spyware 2. Other Mischief 3. How a phone might get infected 4. Staying Safe a. Malware b.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Remote Access. What is the Remote Access Domain? remote access: the ability for an organization’s users to access its non-public computing resources from.

Remote Access. What is the Remote Access Domain? remote access: the ability for an organization’s users to access its non-public computing resources from.
Quiz Review.

Quiz Review.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration www.nasa.gov.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Mobile Policy. Overview Security Risks with Mobile Devices Guidelines for Managing the Security of Mobile Devices in the Enterprise Threats of Mobile.

Mobile Policy. Overview Security Risks with Mobile Devices Guidelines for Managing the Security of Mobile Devices in the Enterprise Threats of Mobile.
eScan Total Security Suite with Cloud Security

eScan Total Security Suite with Cloud Security
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?

Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?

Similar presentations

Ads by Google