1 / 10

Convenience product security

Convenience product security. Collin Busch. What is a convenience product?. A convenience product is a device or application that makes your life easier For the purpose of this presentation, we will examine different cell phones, apps, and the security behind them

gibson
Télécharger la présentation

Convenience product security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Convenience product security Collin Busch

  2. What is a convenience product? • A convenience product is a device or application that makes your life easier • For the purpose of this presentation, we will examine different cell phones, apps, and the security behind them • Security software such as findmyphone • Browser security on mobile devices

  3. The default • By default, a brand new phone or tablet will not have basic levels of security • There will be no password or lock until it is set up • Different applications on the phone may handle their own security • Email clients may use SSL/TLS depending on the client/server • Browsers accessing certain websites may use https instead of http • Certain programs such as banking apps may have built in encryption

  4. Default vulnerabilities • If you keep your device or program at base security, your entire phone is vulnerable. • In the case of an iPhone or iPad, one swipe will let anyone access all of the data stored on your phone. • The most important thing you can do to a mobile device to keep it safe is to require a passcode or pattern

  5. Security Breach in IOS 7 • Even if your device is protected by a password lock, it may still be accessible. • Due to bugs or bad programming, a sequence of actions may allow you access to a mobile device. • On an iPhone running IOS 7, you could bypass the lock screen without a passcode, and have access to the camera and stored photos as well as any app that would share these photos, such as Twitter, Facebook, and email apps.

  6. Patching IOS 7 breach • In IOS 7.0.2 it was documented that this breach was now closed, and that you could no longer bypass the IOS 7 lockscreen • 7.0.2 was released September 26 2013, 8 days after IOS 7 was release and 7 days after the exploit was discovered. • For an entire week, brand new software release by a huge and experienced software company had a gaping security hole • A simple lock screen is not enough.

  7. Android vulnerabilities • Many android users are still using the “gingerbread” operating system, which is version 2.3.3 to 2.3.7, which was released in 2011. • This out of date OS has a number of vulnerabilities, including” • SMS message trojans which continually text a premium rate unknown to the user, resulting in extremely high charges that are usually only noticed at the end of the month/billing cycle • Rootkits: in 2011 a software developers rootkit was found on millions of android phones, which logged keystrokes, passwords, and user location data without the user’s knowledge • Malicious google play software- the play store is not as strictly monitored as the Apple store, so there are a number of malware programs masquerading as legitimate programs.

  8. Biometric bypassing • The iPhone 5s implemented a fingerprint biometric scanner to allow “secure” access to the phone • This biometric scanner was fooled when a hacking team photographed a fingerprint that had been left on a glass surface. • Retina scanners can also be bypassed because the scanner reads the “code” of the retina without checking that there is actually an eye. • Synthetic retina “codes” can be used to bypass most retina scanners, such as the one available for android. • As demonstrated in the previous vulnerabilities, you need some sort of security past lock screens

  9. How to protect yourself • During web browsing, try to use sites that have https:// in their header. • You may be able to download software such as httpseverywhere to further secure browsers (this is also relevant on computers) • Disable automatic connections so that your device does not automatically connect to what could be a wifi network that will steal data from your phone • Encrypt your data so that if it is transmitted it is not realistically usable. • Consider anti malware software- malware for both android and IOS exists

  10. Works cited • http://www.bbb.org/blog/2013/09/warning-security-holes-found-in-new-iphone-ios7-update/ • http://en.wikipedia.org/wiki/IOS_7 • http://www.businessinsider.com/android-security-vulnerability-2013-8#!JOv0m • http://publicintelligence.net/dhs-fbi-android-threats/ • http://www.entrust.com/bypassing-fingerprint-biometrics-nothing-new/ • http://allgsmtips.com/default-security-code-of-all-mobile-phones/

More Related