Mobile Security

Group 1- David Crockett, Mohamed Maiga, Ryan Johnson, Ernest Adu Yirenky

Objectives
1.
2.
3.
4.
5.

6.

To inform the class of what Mobile Security is, Why its important, and how
it relates to our lives and this class.
Recognize the major risks, threats, vulnerabilities associated with MS.
Provide info. And key tips to mobile device users to better protect personal
assets from hackers.
Educate on why MS is becoming increasingly popular across enterprises.
Examine current routes to protection and provide an achievable mobile
security plan that can best protect the assets of the enterprise and respect
users privacy
Examine the future of mobile security

What is Mobile Security?

The protection of mobile devices &
networks against potential
threats/vulnerabilities dealing with wireless
computing

Securing mobile devices have become increasingly important in recent years as the
number of devices in operation have increased tremendously. Either used for personal or
business activity, the goal remains the same; provide the safest environment possible for
individuals and businesses to use their device.

About

Better protects assets of the enterprise

& persons

Fairly new

Created new IT businesses (e.g. Life

Lock & Lookout)

Also, added risks

Continue to grow

Increase in mobile usage for

several activities

Increase in hacker ability (faster,

more powerful devices) and
successful attempts to find and
attack vulnerable
systems/devices

*(see fig. 1)

Key Terminology
MDM - Mobile Device Management, provides end-to-end interaction of IT staff and activity
(network, apps, service providers) across entire network of users mobile devices
App - an app or application is a software program designed to run on a mobile device such
as a smartphone or tablet.
Drive-by download - An application that is downloaded to a device without the users
consent or even their knowledge.
Encryption - Technology used to protect private data by making it unreadable to anyone
without the encryption key.
Spyware - Designed to gather data about a large group of users, spyware collects or
transmits sensitive data about a user without their knowledge or consent.
Malware - Any software that gets installed on your machine and performs unwanted tasks,
often for a third partys benefit (e.g. worms, viruses, trojan horses, etc.)

Key Terminology Cont...

Risk - The potential for a threat exploiting vulnerabilities and causing harm.

*Risk is the intersection of assets, threats, and vulnerabilities.

Threat - Anything that has the potential to cause serious harm to a computer system.

*A threat is what were trying to protect against.

Vulnerability - A weakness in a computer system that can leave an opening to attack.

*A vulnerability is a weakness or gap in our protection efforts.

Asset -

*An asset is what were trying to protect.

*http://www.threatanalysis.com/security-metrics/

BYOD (Bring your own device) - An IT Policy where employees are allowed or
encouraged to use their personal mobile devices to access enterprise data and systems.

**(see fig. 2)

Goal: Safe and efficient activity to maximize

productivity to hopefully trump the added risks of
businesses
*BYOD cant be 100 percent safe

The Stats

1 in 5 organizations suffered mobile security breaches

Only 30% of organizations plan on increasing security

budgets for BYOD over next year

37 Million malware detected over 6 month time period

1 Million apps with bad trust score

150 Million apps scanned in 3 month period in over 190

countries

End users will spend over 3 hours each day on their smart
phones this year

(Growth to slow to single-digit pace starting in 2016, eMarketer)

Fill-in-the-blank Activity
1.

are the most cited source of compromised information.

(Alton, Aug. 2016)

2. In 93% of breaches, hackers take ____________ to compromise

systems. -2016 Data Breach Investigations Report, Verizon
3. In 2015, Which state reported the greatest amount of identity theft cases to the FTC? Frohlich & Stebbins, 10 States With the Most Identity Theft
May 18, 2016

Network security
According to Absolute Software who released in 2013 the results of the
Mobile Enterprise Risk Survey, 64% of people who use an unsecure
wireless network say they have little to no concern about using them.

Crypted/Non crypted wireless network

Encryption - Technology used to protect private data by making it unreadable to anyone

without the encryption key. It is mainly used to pretect data in transit so no one else can get
to it, or at least understand it without the proper key. When the network you connect to is
unencrypted, your data is more vulnerable to outside attacks

Mobile devices : Risks

Identity theft and data theft : When someone deliberately use your information
without your knowledge, usually as a method to gain financial advantage. This is one of
the main risk of mobile security. Considering the fact that you might lose your device
or get it stolen away from you, you might want to think twice before storing important
informations inside

Malware : Software within a software that might either gain access to private
computer system, or gather sensitive information. Malwares are a serious threat to
mobile security, knowing that you might trigger them yourself without even knowing;
since they can hide inside of other softwares (gaming system, apps, files)
Wireless transmission not crypted : many applications do not encrypt the data they
transmit and receive over the network, making it easy for the data to be intercepted.
We tend to use every wifi connection we come across to without knowing if it is
encrypted or no, informations can be easily intercepted when it is not the case.

Mobile devices : Threats

Smartphones are being used more and more by individuals and
businesses as a communication tool, but also as a mean of
planning and organizing their work and private life. Being able to
control informations that are retrieved from those mobile
devices is one of the top concern of smartphone users reason
why mobile security has become so important in the past couple
of years.
Mobile apps are double-edged swords to be wielded with care -- especially on
devices used for business. - Lisa A. Phifer, pres. Of Core Competence Inc.

Protecting personal assets

Personal challenge = Protecting personal information (e.g. bank
accounts, passwords, social security #, health records, etc.) against
theft, identity theft, financial losses

Mobile Banking

Use banking apps vs. online mobile banking sites

Public (unencrypted) Wifi - Dos & Donts

Bluetooth connectivity and location settings

Effective Measures
1.

2.

Increase end-user knowledge, providing awareness to issues in

BYOD, e.g. such as risks of downloading unwarranted third party
apps
Continued testing for system vulnerabilities and mobile app security
a.

3.

TaaS- testing as a software

Implementing Mobile Device Management (MDM), or achieving the

containerization, across clouds and business operations
a.
b.

Included- the ability to locate, lock, and potentially wipe the device clean of data
SaaS, e.g. Intels McAfee software

Mobile Security Plan for Enterprise

In order to prepare for the increasing numbers of BYOD policies, organizations need to
ensure they have proper security strategies that include:

Mobile Device Management that includes encryption for mobile devices, authentication
and authorization for mobile devices, and remote wipe for mobile device security.
Data Loss Prevention (DLP): A strategy of making sure end users do not send
sensitive or critical information outside the corporate network.
Sandboxing: A security mechanism of separating running programs, often used to
execute untested or untrusted programs, without risking harm to the host operating
system.

Organizations should plan for the future of mobile security planning by continuing to monitor
and test for vulnerabilities in systems and address ways to protect against the growing
numbers of malware on mobile devices each year.

SaaS for Enterprise + Personal Protection

Software-as-a-Service (SaaS) - Any cloud service where consumers are able to access software
applications over the internet.
Blacklisting - Making a list of applications and/or programs that will be denied system access and
preventing them from installing and running, where all other programs are granted system access.
*Top 5 consumer apps blacklisted by companies
1. Dropbox

2. Angry Birds

3. Facebook

4. Microsoft OneDrive

5. Google Drive

*Q4 Mobile Security and Risk Review, October 1 - December 31, 201510.

Whitelisting - Making a list of applications and/or programs that have been granted permission by the
user or an administrator, where all other programs are denied system access.

SAAS VS. ON-PREMISES SERVICES

SaaS is easier to use and is cheaper, but not all platforms are suitable for cloud
hosting.
On-Premise has more security and is better for more sensitive data.

Major Mobile Mishaps

Hacking group Our Mine breaks into Mark Zuckerbergs personal

account

Hackers hijack Hillary Clintons campaign computer network

U.S. Olympic athletes, such as Simone Byles, fall victim to attack

via World Anti-Doping Agency database (WADA) by Russian Hackers

https://plus.google.com/115348709808964504349/posts/gG3VDgwfke3

Looking Ahead

Wearables

BYOD continues to grow

Smart apps = the norm

Combining deep analytic & cognitive capabilities for more immersive
experience
More emphasis on data mining
Owning the insights or means to retrieve the external data

Enterprise development specialists work towards

Greater emphasis on benefits to operations

Mobile technology in the enterprise, or where physical meets digital,

will shift

Greater hacker capability

Greater emphasis on benefits of operations

Highly customizable industry-specific experience to solve important issues

Not without new risks

Bibliography
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.

Dimensional Research. The Impact Of Mobile Devices On Information Security: A Survey Of It Professionals. Downloads, Products, June 2013,
www.Checkpoint.com. Pdf accessed 30 Aug. 2016.
Wigmore, Ivy; Westervelt, Robert. Mobile Security (Wireless Security). November 2012, http://whatis.techtarget.com/definition/mobile-security.
Accessed 30 August 2016.
Carter, Jonathan; Thankur, Milan Singh; Boberski, Mike. OWASP Mobile Project 2012 Goals.
https://docs.google.com/document/d/1bScrvrLJLOHcSbztjBxYoN-jN3kR8bViy9tF8Nx0c08/edit. Accessed 13 Oct. 2016.
Gartner Research. About Intel Security. Intel Security Fact Sheet. February 2016.
http://www.mcafee.com/us/resources/brochures/br-intel-security-fact-sheet.pdf. Accessed 17 Oct. 2016.
2016 NowSecure Mobile Security Report. Accessed 30 August 2016, www.nowsecure.com.
Q4 Mobile Security and Risk Review. October 1 - December 31, 2015, Mobile Iron, Inc 2016, www.mobileiron.com. Pdf accessed 24 Nov. 2016.
Mobile Security Solutions For business, user protection, mobile security, Trend Micro, Inc. 2016, www.trendmicro.com. Accessed 23 Nov. 2016.
Wigmore, Ivy; Westervelt, Robert. Network Security (Wireless Security). Definition, TechTarget; WhatIs.com, Nov. 2012,
www.whatis.techtarget.com/definition/mobile-security. Accessed 25 Aug. 2016.
Security Intelligence, brought to you by IBM. Topics, Mobile Security, 2016, www.securityintelligence.com. Accessed 26 Nov. 2016.
Mobile Threat Report: Whats on the Horizon for 2016. Intel Security; McAfee, 2016,
www.mcafee.com/us/resources/reports/rp-mobile-threat-report-2016.pdf. Pdf accessed 27 Nov. 2016.
Urmey, Wyatt. Future of Mobile Perspectives for 2016: The long runway ahead. Mobile Business Insights, 12 Feb. 2016.
www.mobilebusinessinsights.com/2016/02/future-of-mobile-perspectives-for-2016-the-long-runway-ahead/. Accessed 29 Nov. 2016.
*Fig. 1. 90% of Time on Mobile is Spent on Apps. Flurry Analytics, comScore, Pandora, Facebook, NetMarketShare, US June 2015. Phunware;
phunware.com; Chin, Matt, 17 Sept. 2015, http://www.phunware.com/blog/mobile-stat-snack-90-of-mobile-time-spent-in-apps/.
**Fig. 2. BYOD balances employee productivity and enterprise security; TweakYourBiz; tweakyourbiz.com, 01 July 2013,
www.tweakyourbiz.com/technology/2013/01/07/no-byod-policy-how-to-reduce-security-fears-and-embrace-productivity/.
Alton, Larry. 6 Cyber Security Statistics You Should Know for 2016. Socialnomics blog; Socialnomics.net;
www.socialnomics.net/2016/08/17/6-cyber-security-statistics-you-should-know-for-..