1 / 31

Mobile Banking Dangers Denise Butler Rick Hebert & Associates denise8849@gmail

Mobile Banking Dangers Denise Butler Rick Hebert & Associates denise8849@gmail.com. http://usa.kaspersky.com/internet-security-center/infographics/android-threats. The Phone is Personal. Email Places You’ve Been Photos of Family & Friends Calendar Videos Passwords Facebook Linked In.

diana-cobb
Télécharger la présentation

Mobile Banking Dangers Denise Butler Rick Hebert & Associates denise8849@gmail

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Banking Dangers Denise Butler Rick Hebert & Associates denise8849@gmail.com

  2. http://usa.kaspersky.com/internet-security-center/infographics/android-threatshttp://usa.kaspersky.com/internet-security-center/infographics/android-threats

  3. The Phone is Personal • Email • Places You’ve Been • Photos of Family & Friends • Calendar • Videos • Passwords • Facebook • Linked In • Text Messaging • Phone Numbers of People known to you • Favorite Websites • Games • Music • Banking Apps

  4. Mobile Phones are outselling PCs • Mobile Phones have all the vulnerabilities of PCs • Plus Mobile Phones have additional vulnerabilities • Vulnerabilities are increasing

  5. Google ties Apple with 700,000 Android apps (October 2012) https://play.google.com/store/apps/details?id=com.touchtype.swiftkey&feature=top-paid#?t=W251bGwsMSwxLDIwNiwiY29tLnRvdWNodHlwZS5zd2lmdGtleSJd

  6. SwiftKey replaces the touchscreen keyboard on your phone with one that understands how words work together, giving the world’s most accurate autocorrect - and predicting your next word before you press a key. The keyboard learns as you use it to make corrections and predictions based on the way that you write. It can learn from your Gmail, Facebook, Twitter or blog to make its insights even more personalized. You can also enable up to three languages simultaneously, for true multi-lingual typing. “mind-reading capabilities”

  7. Permissions • THIS APPLICATION HAS ACCESS TO THE FOLLOWING: • YOUR MESSAGESREAD YOUR TEXT MESSAGES (SMS OR MMS) • Allows the app to read SMS messages stored on your device or SIM card. This allows the app to read all SMS messages, regardless of content or confidentiality. • NETWORK COMMUNICATIONFULL NETWORK ACCESS • Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet. • PHONE CALLSREAD PHONE STATUS AND IDENTITY • Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call. • STORAGEMODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE • Allows the app to write to the USB storage.

  8. MINECRAFT • THIS APPLICATION HAS ACCESS TO THE FOLLOWING: • NETWORK COMMUNICATIONFULL NETWORK ACCESS • Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet. • STORAGEMODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE • Allows the app to write to the USB storage. • Hide • SYSTEM TOOLSTEST ACCESS TO PROTECTED STORAGE • Allows the app to test a permission for USB storage that will be available on future devices. • AFFECTS BATTERYCONTROL VIBRATION • Allows the app to control the vibrator.

  9. Permissions YOUR ACCOUNTSCREATE ACCOUNTS AND SET PASSWORDS Allows the app to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords. ADD OR REMOVE ACCOUNTS Allows the app to perform operations like adding and removing accounts, and deleting their password. YOUR LOCATIONAPPROXIMATE LOCATION (NETWORK-BASED) Allows the app to get your approximate location. This location is derived by location services using network location sources such as cell towers and Wi-Fi. These location services must be turned on and available to your device for the app to use them. Apps may use this to determine approximately where you are. PRECISE LOCATION (GPS AND NETWORK-BASED) Allows the app to get your precise location using the Global Positioning System (GPS) or network location sources such as cell towers and Wi-Fi. These location services must be turned on and available to your device for the app to use them. Apps may use this to determine where you are, and may consume additional battery power. NETWORK COMMUNICATIONFULL NETWORK ACCESS Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.

  10. PHONE CALLS DIRECTLY CALL PHONE NUMBERS • Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Note that this doesn't allow the app to call emergency numbers. Malicious apps may cost you money by making calls without your confirmation. READ PHONE STATUS AND IDENTITY • Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call. STORAGEMODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE • Allows the app to write to the USB storage. SYSTEM TOOLS INSTALL SHORTCUTS • Allows an app to add shortcuts without user intervention. READ BATTERY STATISTICS • Allows an application to read the current low-level battery use data. May allow the application to find out detailed information about which apps you use. YOUR APPLICATIONS INFORMATIONRETRIEVE RUNNING APPS • Allows the app to retrieve information about currently and recently running tasks. This may allow the app to discover information about which applications are used on the device.

  11. CAMERA TAKE PICTURES AND VIDEOS • Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation. • OTHER APPLICATION UIDRAW OVER OTHER APPS • Allows the app to draw on top of other applications or parts of the user interface. They may interfere with your use of the interface in any application, or change what you think you are seeing in other applications. • MICROPHONERECORD AUDIO • record audio • YOUR SOCIAL INFORMATIONWRITE CALL LOG • Allows the app to modify your device's call log, including data about incoming and outgoing calls. Malicious apps may use this to erase or modify your call log. • READ YOUR CONTACTS • Allows the app to read data about your contacts stored on your device, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge. • MODIFY YOUR CONTACTS • Allows the app to modify the data about your contacts stored on your device, including the frequency with which you've called, emailed, or communicated in other ways with specific contacts. This permission allows apps to delete contact data. • READ CALL LOG • Allows the app to read your device's call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge.

  12. ZEDGE NETWORK COMMUNICATION FULL NETWORK ACCESS • Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet. STORAGE • MODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE • Allows the app to write to the USB storage.

  13. ZEDGE YOUR SOCIAL INFORMATION • READ YOUR CONTACTS • Allows the app to read data about your contacts stored on your device, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge. • MODIFY YOUR CONTACTS • Allows the app to modify the data about your contacts stored on your device, including the frequency with which you've called, emailed, or communicated in other ways with specific contacts. This permission allows apps to delete contact data. • READ CALL LOG • Allows the app to read your device's call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge. • WRITE CALL LOG • Allows the app to modify your device's call log, including data about incoming and outgoing calls. Malicious apps may use this to erase or modify your call log.

  14. ZEDGE NETWORK COMMUNICATIONVIEW NETWORK CONNECTIONS • Allows the app to view information about network connections such as which networks exist and are connected. SYSTEM TOOLSMODIFY SYSTEM SETTINGS • Allows the app to modify the system's settings data. Malicious apps may corrupt your system's configuration. SET PREFERRED APPS • Allows the app to modify your preferred apps. Malicious apps may silently change the apps that are run, spoofing your existing apps to collect private data from you. TEST ACCESS TO PROTECTED STORAGE • Allows the app to test a permission for USB storage that will be available on future devices.

  15. ZEDGE YOUR APPLICATIONS INFORMATIONRUN AT STARTUP • Allows the app to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the app to slow down the overall device by always running. WALLPAPER • SET WALLPAPER • Allows the app to set the system wallpaper.

  16. NETWORK COMMUNICATION FULL NETWORK ACCESS Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet. PHONE CALLSREAD PHONE STATUS AND IDENTITY Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.

  17. STORAGE MODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE • Allows the app to write to the USB storage. • NETWORK COMMUNICATION VIEW NETWORK CONNECTIONS • Allows the app to view information about network connections such as which networks exist and are connected. • RECEIVE DATA FROM INTERNET • Allows apps to accept cloud to device messages sent by the app's service. Using this service will incur data usage. Malicious apps could cause excess data usage. • VIEW WI-FI CONNECTIONS • Allows the app to view information about Wi-Fi networking, such as whether Wi-Fi is enabled and name of connected Wi-Fi devices. • SYSTEM TOOLSTEST ACCESS TO PROTECTED STORAGE • Allows the app to test a permission for USB storage that will be available on future devices. • AFFECTS BATTERY PREVENT DEVICE FROM SLEEPING • Allows the app to prevent the device from going to sleep. • CONTROL VIBRATION • Allows the app to control the vibrator. • DEFAULT CHANGE SCREEN ORIENTATION • Allows the app to change the rotation of the screen at any time. Should never be needed for normal apps

  18. Portability • Easy to steal • All information is lost • Attackers can gain access to any information stored

  19. Apps • Apps that appear legitimate may be malicious • Few safety evaluation processes are present for Apps • Unregulated sources of Apps may encourage bypassing security to make an App run • Users anxious to use an app are willing to bypass security features, called “root” or “jailbreaking”

  20. Any software can be exploited • Eavesdropping (listening in) • Crashing the phone software • Attacks can originate from a website • Services installed on a mobile phone can perform the attack running in the background

  21. Phishing & Vishing & Smishing • Phishing – email sent to link to a website – same as on a PC • Vishing – Call the phone and talk the user into revealing passwords and other information • Smishing – SMS/MMS messages that trick users by falsely soliciting For example, charitable donations, spamming after tragedy or other false advertising

  22. Bluesnarfing • Using Blue Tooth to Steal Your Data Off Your Phone • Word, Excel, Email Communications Prevention • Disable Blue Tooth • Use in Hidden Mode

  23. How Important is Security? • Mobile Phones can be added to malicious networks and controlled by an attacker (botnet) • Software can send device info to attackers for purposes of performing additional attacks • Viruses can harm the phone and phone apps and any pcs or networks the phone is attached to

  24. Protection • File encryption • Remote drive wiping • Authentication – device passwords • Encrypt backups • Anti-virus • For VPNs – certificate based authentication

  25. Protection • Enable the password feature • Use Secure connections and settings for web sites – https, SSL • Don’t follow email links or text message links if you don’t know where the email came from • Don’t publish mobile phone numbers on the web

  26. Protection • Think before you download a file or store information on your phone • Be wary of all apps, if an app requires you to allow it to have ownership of the phone, don’t use it • Always know where your phone is

  27. Protection • Don’t join unknown Wi-Fi networks • Remove information on your phone before you get rid of the phone • Check with the manufacturer on how to wipe it clean

  28. Location • Turn off location tracking for applications that don’t require it • Understand how the location information will be used before using it

  29. 3rd Party Access Root and Jailbreak • Don’t use 3rd party software that lets you access portions of the operating system and firmware that you shouldn’t • Rooting / Jailbreaking might prevent future releases and feature from being installed

  30. What to Do if you Lose Your Phone • Report it to your company • Contact the Mobile phone provider to limit malicious usage • Report to local police • Change all passwords, passcodes and other credentials • Wipe the phone • Use software that can find your phone with GPS

  31. Sources: http://news.cnet.com/8301-1035_3-57542502-94/google-ties-apple-with-700000-android-apps/ http://www.us-cert.gov/reading_room/cyber_threats_to_mobile_phones.pdf Additional Resources • US-CERT Resources • “Technical Information Paper: Cyber Threats to Mobile Devices” (http://www.us-cert.gov/reading_room/TIP10-105-01.pdf) • “Protecting Portable Devices: Physical Security” (http://www.us-cert.gov/cas/tips/ST04-017.html) • “Protecting Portable Devices: Data Security” (http://www.us-cert.gov/cas/tips/ST04-020.html) • “Securing Wireless Networks” (http://www.us-cert.gov/cas/tips/ST05-003.html) • “Cybersecurity for Electronic Devices” (http://www.us-cert.gov/cas/tips/ST05-017.html) • “Defending Cell Phones and PDAs Against Attack” (http://www.us-cert.gov/cas/tips/ST06-007.html)

More Related