Today I took part as speaker to an event organized by my Company concerning Cloud and Mobile security. For this occasion I prepared some slides summarizing some concepts spread all over my blogs.
In my vision (you should know if you follow my blog) mobile vulnerabilties are mainly due to:
- False security perception by users: they consider their device as a “simple” phone, forgetting they bring a small dual-core in their pockets;
- “Light” behaviour from users: Sideloading, Jailbreak and Rooting are not good security practices;
- Consumerization of Devices: well known (partially abused) concept: some mobile devices come from the consumer world and hence do not natively offer enterprise class security or suffer from intrinsic vulnerabilities:
- Consumerization of Users: many users think they have consumer device so they think they do not deserve enterprise class security measures.
And the risks are:
- False Security Perception leads to high probabilities of theft or loss of the device, and most of all, of its data;
- “Light” behaviour from users dramatically increases the probability to directly install malware or surf towards insecure shores…
- Consumerization of Devices leads to vulnerabilities that may be exploited to access and steal sensitive data or authentication credentials;
- Consumerization of Users leads the users themselves to adopt imprper habits not appropriate for an enterprise use, which in turn make the device even more vulnerable to malware (i.e. installing non business application, lending it to others, etc.).
How to mitigate the risks?
- Educate users to avoid “promiscuous” behaviours (no root or sideloading or jaibreak, do not accept virtual candies from unkown virtual persons);
- At an organizational Level, define security policy for managing (un)predictable events such as device thieft or loss;
- Beware of risks hidden behind social Network;
- Use (strong) Data Encryption;
- Do not forget to use security software;
- Enforce Strong Authentication;
- Keep the device update.
This in turn corresponds to enforce a device management policy in which mobile devices are treated like “traditional” endpoints (but they will sone become tradional endpoints).
You may find the slides on SlideShare… They are mainly in Italian but if you want, ask me and I will provide an additional translated version.
- 461,861 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- April 2013 Cyber Attacks Statistics
- 2012 Cyber Attacks Statistics
- 2012 Cyber Attacks Timeline Master Index
- 2013 Cyber Attacks Timeline Master Index
- 16-30 April 2013 Cyber Attacks Timeline
- March 2013 Cyber Attacks Statistics
- About Me
- Cyber Attacks Timeline Master Indexes
- A (Graphical) World of Botnets and Cyber Attacks
- RT @marco_cova: IE8 0-day exploit (CVE-2013-1347) analyzed on Wepawet: bit.ly/13IZs2E - 7 hours ago
- RT @jc_vazquez: Vista Equity Partners to Buy Websense #News #InfoSec on.wsj.com/13BfWaw via @WSJ - 1 day ago
- Pentagon OKs Androids, BlackBerrys for soldiers nakedsecurity.sophos.com/2013/05/07/pen… - 3 days ago
- April 2013 Cyber Attacks Statistics wp.me/p14J6X-2oX - 3 days ago
- RT @LastlineLabs: Marco Cova from Lastline talking about hacktivism on Italian TV ow.ly/l8Az6 - 4 days ago
- RT @lastlineinc: Malware can make itself invisible: in the case of RSA security's breach, malware went undetected for 1/2 year http://t.co/… - 4 days ago
- RT @gianlucaSB: SMS-based command and control protocols are here ow.ly/l47Ye - 6 days ago
- Skype with care Microsoft is reading everything you write h-online.com/security/news/… - 1 week ago
- How the Syrian Electronic Army Hacked The Onion - Onion Inc.'s Tech Blog theonion.github.com/blog/2013/05/0… - 1 week ago
- @Xyri3 sorry I forgot :) Done! - 1 week ago