Mobile Security: Vulnerabilities and Risks
Today I took part as speaker to an event organized by my Company concerning Cloud and Mobile security. For this occasion I prepared some slides summarizing some concepts spread all over my blogs.
In my vision (you should know if you follow my blog) mobile vulnerabilties are mainly due to:
- False security perception by users: they consider their device as a “simple” phone, forgetting they bring a small dual-core in their pockets;
- “Light” behaviour from users: Sideloading, Jailbreak and Rooting are not good security practices;
- Consumerization of Devices: well known (partially abused) concept: some mobile devices come from the consumer world and hence do not natively offer enterprise class security or suffer from intrinsic vulnerabilities:
- Consumerization of Users: many users think they have consumer device so they think they do not deserve enterprise class security measures.
And the risks are:
- False Security Perception leads to high probabilities of theft or loss of the device, and most of all, of its data;
- “Light” behaviour from users dramatically increases the probability to directly install malware or surf towards insecure shores…
- Consumerization of Devices leads to vulnerabilities that may be exploited to access and steal sensitive data or authentication credentials;
- Consumerization of Users leads the users themselves to adopt imprper habits not appropriate for an enterprise use, which in turn make the device even more vulnerable to malware (i.e. installing non business application, lending it to others, etc.).
How to mitigate the risks?
- Educate users to avoid “promiscuous” behaviours (no root or sideloading or jaibreak, do not accept virtual candies from unkown virtual persons);
- At an organizational Level, define security policy for managing (un)predictable events such as device thieft or loss;
- Beware of risks hidden behind social Network;
- Use (strong) Data Encryption;
- Do not forget to use security software;
- Enforce Strong Authentication;
- Keep the device update.
This in turn corresponds to enforce a device management policy in which mobile devices are treated like “traditional” endpoints (but they will sone become tradional endpoints).
You may find the slides on SlideShare… They are mainly in Italian but if you want, ask me and I will provide an additional translated version.
Leave a Reply Cancel reply
- 489,218 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 2013 Cyber Attacks Timeline Master Index
- 2012 Cyber Attacks Statistics
- 2012 Cyber Attacks Timeline Master Index
- 15-31 May 2013 Cyber Attacks Timeline
- May 2013 Cyber Attacks Statistics
- March 2013 Cyber Attacks Statistics
- 2013 Cyber Attacks Master Index
- About Me
- A (Graphical) World of Botnets and Cyber Attacks
- @taosecurity @Mandiant Sure, could I have more details? - 1 week ago
- 2013 Cyber Attacks Master Index wp.me/p14J6X-2q5 - 1 week ago
- Edward Snowden: the whistleblower behind revelations of NSA surveillance gu.com/p/3gec7/tw via @guardian - 1 week ago
- May 2013 Cyber Attacks Statistics lnkd.in/FFm8cN - 1 week ago
- May 2013 Cyber Attacks Statistics hackmageddon.com/2013/06/09/may… #Infosec #Cybercrime - 1 week ago
- Domino’s Pizza testing pizza-delivering drones fxn.ws/10NTX38 via @hushedfeet - 2 weeks ago
- Hard Work during the WE to post in time the May 2013 Cyber Attacks TImeline lnkd.in/BABPvC I'm abusing of my wife's patience :) - 2 weeks ago
- 15-31 May 2013 Cyber Attacks Timeline wp.me/p14J6X-2pl - 2 weeks ago
- RT @teamcymru: 30million 'wi-fi' credit cards can be plundered by cyber identity thieves exploiting contactless payment technology http://t… - 2 weeks ago