1. /// Mobile (in)security ?Cludio Andr / ca@integrity.pt

2. 2/// MOBILE (IN)SECURITY ?WHOAMI Pentester at Integrity S.A. Web applications, Mobile Applications andInfrastructure BSc in Management Information Technology Offensive Security Certified Professional 3. 301.3 million shipments3/// MOBILE (IN)SECURITY ?MOBILE EQUIPMENTS2014Q2http://www.idc.com/prodserv/smartphone-os-market-share.jsp 4. 4/// MOBILE (IN)SECURITY ?2014Q2 MARKETSHARE2.5% 0.5% 0.7%84.7%11.7%AndroidiOSWindows PhoneBlackBerry OSOthershttp://www.idc.com/prodserv/smartphone-os-market-share.jsp 5. 5/// MOBILE (IN)SECURITY ?MOBILE PLATFORMS ON ENTERPRISEBYOD & Mobile Security 2013 Survey Linkedin Information Security Group 6. 6/// MOBILE (IN)SECURITY ?ENTERPRISES MAIN SECURITY CONCERNSBYOD & Mobile Security 2013 Survey Linkedin Information Security Group 7. 7/// MOBILE (IN)SECURITY ?ENTERPRISES MAIN SECURITY CONCERNSI'm not a Hacker. Just a silly guy with a skimask on. Don't know what I'm doing. 8. 8/// MOBILE (IN)SECURITY ?SECURITY HORROR STORIES 2014 (SO FAR...)Ebay - 145 million users and encrypted email address.JP Morgan Chase - Customer information of 76 million households and 7 million business.Home Depot - 56 million debit and credit cards.Target - 40 million credit and debit cards.Community Health Systems - Personal data of 4.5 million patients. 9. 9/// MOBILE (IN)SECURITY ?ATTACK VECTORS 10. 10/// MOBILE (IN)SECURITY ?ATTACK VECTORSDevice Network Server 11. 11/// MOBILE (IN)SECURITY ?ATTACK VECTORS Browser System Phone / SMS Apps Malware ...Device 12. 12/// MOBILE (IN)SECURITY ?ATTACK VECTORSTech details in: http://security.claudio.pt 13. 13/// MOBILE (IN)SECURITY ?ATTACK VECTORSNetwork Packet Sniffing Man-In-The-Middle (MITM) Rogue Access Point ... 14. 14/// MOBILE (IN)SECURITY ?ATTACK VECTORSServer Brute Force Attacks SQL Injections OS Command Execution ... 15. 15/// MOBILE (IN)SECURITY ?A WAY TO...Mobile Device Management;Mobile Application Management;Endpoint Security Tools;Network Access Control (NAC)Endpoint Malware Protections;.. 16. 16/// MOBILE (IN)SECURITY ?MOBILE DEVICE MANAGEMENT- Focus on the Device- Provisioning- Security Policies Enforcement- Reporting and Monitoring- Software Distribution 17. 17/// MOBILE (IN)SECURITY ?MOBILE APPLICATION MANAGEMENT- Focus on the Applications- Same as previous but applied to the applications.- Corporate App Store (wrapping) 18. 18/// MOBILE (IN)SECURITY ?WHICH ONE TO CHOOSE ?- Depends on your objectives- Mixed solution 19. 19/// MOBILE (IN)SECURITY ?NOT ONLY *WARE APPROACH- Defense-In-Depth- Raise User Awareness- Secure Development Best Practises (OWASP)- Threat Modeling- Continuous Penetration Testing 20. Thank you.20