Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Security & Precautions Using Case Studies

Published byCordelia Young Modified over 9 years ago

Similar presentations

Presentation on theme: "Mobile Security & Precautions Using Case Studies"— Presentation transcript:

1 Mobile Security & Precautions Using Case Studies
Alana Anderson – December 2014

2 Overview Introduction – Why I chose this topic Course Module
Case Study – Masa Kagawa Case Study – StealthGenie Results – Homework Results – Survey Conclusion Questions

3 Introduction Mobile device and application security has become a major issue as the world becomes more technically centered. Everyday applications and functions can be used to exploit a device. Mobile malware continues to rise and more companies are experiencing data breaches. Appeal to the interest of students

4 Purpose Educate students on mobile security issues and current events
Provide real world examples of how the exploitations are abused Peak interest in mobile security Inform users of simple techniques to aid in protecting a mobile device

5 Case Study – Masa Kagawa
Sept 2012 – April :Arrested for running an Android malware ring and operating a scam dating site in the form of an Android Application. Alleged to be behind the distribution of spam with Anroid.Enesoluty. Android.Enesoluty: requests permissions that will allow it to read and write contacts to an external device in a remote location. First introduced as a game, it later served as a frame for a fraudulent dating site. The user would pay for “talking tokens” to other “users”. Kagawa and his counterparts were “able to collect around 37 million addresses from over 800,000 Android devices.

6 Case Study – Masa Kagawa Analysis
Kagawa was able to appeal to a user’s emotion. Not only did he install an information stealing Trojan on the device, he was able to obtain funds from exploiting a person’s heart. Importance: This case teaches us that we should not only be mindful of what we download and the permissions it request but of the overall purpose and function of the application. Key takeaways: Be weary of the permissions that an application requests Be mindful of the functions of an application and the way it behaves. Do not respond to or open suspicious s Check for suspicious icons on the device.

7 Case Study – StealthGenie
Creator indicted for allegedly conspiring to advertise and sell StealthGenie. Allows reading of text messages viewing of call logs, access to s, GPS location tracking, spying on instant messenger chats, remotely monitoring their phone, and listening in on their live calls. This is the first case surrounding the sale and advertisement of mobile spyware. Hammad Akbar, creator of StealthGenie

8 Case Study – StealthGenie Analysis
This case showcases the capability that mobile devices have. It is important to not only protect ourselves from the known threats but the unknown as well. Importance: Case makes users aware potential vulnerability of a simple mobile phone and the software inside of it. StealthGenie provided a real life example of how mobile devices can truly invade our personal lives Key takeaways: StealthGenie allows user to see what type of potential is in the palm of there hands. Be mindful of how your devices operates Be mindful of who uses or operates a personal device

9 Course Module Components
Student Pre-Test/Post Test: Measure the students current knowledge on mobile device security and potential threats. It is not aimed at being too difficult or too easy. Practical information that a device user should know, as well as information that may not be common knowledge. Pre Test/Post Test Questions Apart from a physical computer what are some reasons why security must be enhanced for a mobile device? What is Bluesnarfing? True/False. The Android operating system has a higher threat level than IOS, meaning more malware is targeted at Android devices What does it mean to jailbreak an Apple device? What does a Tapjacking attack do? Which category of applications provides the greatest amount of mobile malware? Name some mobile hardware components that could make cellular devices insecure? What is mobile malware? What is a denial of service attack? What is spyware? Is it illegal to sale privacy invasive applications or software. This can be any software that monitors a target without their knowledge. Yes/No

10 Course Module Components (cont.)
Topics Covered include: Information on various device exploits(web browser, bluetooth, GPS) Overview between differences of mobile devices and desktops Incidents to back up exploitations Apple Vs. Android Debate Basic Malware Targets and popular application incidents SMS Malware Protection mechanisms (Strong passwords, using approved download locations, anti-virus)

11 Course Module Components (cont.)
Mobile Security Homework: Reinforce the lecture slides and information surrounding the case studies. Aids in providing practical practice of keeping our mobile devices secure while still hammering in the facts. Topics Covered include: Identifying fraudulent applications Definitions surrounding Bluetooth attacks Potential mobile security concerns Current Events surrounding insecurities Web browser exploitation Comparing fraudulent applications Homework Questions Find copies popular application/game within your device’s respective app store. Find copycat versions of the application and search the description and comments about the app to determine how we know it is not legit. List the name of the real app and the fake version app names below. Also, list at least 3 red flags for the copy apps.  Define bluesnarfing, bluejacking and bluebugging. Provides an example of how it could be used for each. Mobile Developer Concerns - In your opinion, what are the three biggest security issues that mobile application developers should consider in their design and implementation? Describe each of these issues in detail, and make an argument for their importance over other security concerns. Find a recent story about an application being hacked or a breach in information via mobile devices. Give a basic summary of that incident. When choosing to download an application are user comments and ratings taken into account. Yes/No If an app opens in a web-browser, would you think that it is a malicious application? Why or Why not. Find and list more spyware applications like StealthGenie that are still available for download and use. List them below.

12 Results – Pre Test/Post Test
Average Pre Test Score – 71% Average Post Test Score – 82% (11 Point increase after the lecture) Most Commonly Missed Questions: What does a tapjacking attacking do? What is mobile malware? (Many chose “Software or hardware aimed at taking over or disrupting service to a mobile device”)

13 Results – Survey Was the material worthwhile?
Avg – Very Worthwhile How motivated were you to learn about mobile security issues? Avg. 3.7 Moderately – Very Motivated “Provide live or simulated examples” “Explain every topic more detailed” “Very informative added knowledge and insight.” Additional material on – “Methods proposed for protecting mobile devices.”

14 Results – Homework Insecurity of app stores
Intended to reinforce the lecture but to get users to find practical real world examples and emphasize the importance behind the information provided to them. Students found an array of fraudulent apps and were able to clearly articulate red flags based on common knowledge and found information Students were able to think in terms of a mobile developer to come up with many concerns that developers should be worried about. These include: Insecurity of app stores Lack of encryption or weak encryption Secure connections or safety of data while in transit back to server Amount of testing that an application has been through

15 Conclusion Success was measured based on the result of the homework, pre/post test and survey results. The course module served as an overview for mobile security using the case studies as real world examples. Overall the course module proved to be a success. This is based on the survey given at the end of the lesson as well as the 11% increase in the average on the Post Test Vs. the Pre Test. Based on the survey students are interested in learning about mobile security and were interested in the topics presented to them.

16 Questions

Download ppt "Mobile Security & Precautions Using Case Studies"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Spyware and Adware Rick Carback 9/18/2005

Spyware and Adware Rick Carback 9/18/2005
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.

#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
Hidden Apps Carrier IQ and Privacy in Mobile Devices.

Hidden Apps Carrier IQ and Privacy in Mobile Devices.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.

Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Teach a man (person) to Phish Recognizing email scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Presentation By Deepak Katta

Presentation By Deepak Katta
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Similar presentations

Ads by Google