Mobile security trends

22
_experience the commitment TM Security Trends in a Mobile Environment: Access in an Anytime, Anywhere World Ken Huang & James Hewitt HDI Executive Forum | June 22, 2011

Transcript of Mobile security trends

Page 1: Mobile security trends

_experience the commitment TM

Security Trends in a Mobile Environment: Access in an Anytime, Anywhere World

Ken Huang & James Hewitt

 HDI Executive Forum | June 22, 2011

Page 2: Mobile security trends

2

About CGI

• Full Service IT company• Managed service, BPO• IP based Business Solutions• SI&C• Cloud and Mobile Computing:

• Cloud IT services• Cloud security services

• Approximately 31,000 professionals worldwide

• Total Revenue: $4.5 Billion.

Page 3: Mobile security trends

3

Who Are We?

• Ken Huang• Director of Security Engineering

• Cloud/Mobile Security• ST&E• IDAM• E-Signature, etc.• Frequent Speaker• Blog: http://cloud-identity.blogspot.com/• Linkedin: www.linkedin.com/in/kenhuang8• Twitter: http://twitter.com/#!/kenhuangus

• James Hewitt• Director of Security Governance

• CISO• ST&E• Database Security• Frequent Speaker• Linkedin: http://www.linkedin.com/pub/jim-hewitt/0/6ab/552

Page 4: Mobile security trends

4

Topics

• Mobile Technology and Trends• Mobile Application and Trends• Mobile Security and Trends• Data Loss Prevention for Mobile Devices and Trends

• Discussion Topics

Page 5: Mobile security trends

5

Mobile Technology and Trends

Technology Trends

Wi-Fi •More Wi-Fi hotspots will be added•Wi-Fi still plays a huge role in WLAN

3G & 4G•3G will gradually phase out•4G networks will increase, as it is a major competing ground for carriers to attract new customers

Bluetooth •Will continue to be used to connect personal network devices

NFC •Will gain more momentum for payment, ticketing, and check-in devices

Page 6: Mobile security trends

6

Mobile Technology and Trends

Technology TrendsWiMAX (Worldwide Interoperability for

Microwave Access)• Sprint

WiMAX and LTE are the winners3GPP LTE (3rd Generation Partnership Project Long Term Evaluation)

• AT&T• Verizon Wireless

UMB (Ultra Mobile Broadband) Being replaced by LTE

Flash-OFDM (Fast Low-Latency Access with Seamless Handoff Orthogonal Frequency Division Multiplexing)

• T-Mobile Germany

Page 7: Mobile security trends

7

3G vs 4G Networks

3G 4G

DSL speeds Wired network speeds

Max speed up to 3.1 Mbps Max speed up to 100+ Mbps

Includes all 2G and 2.5G features plus:•Real-time location-based services•Full motion videos•Streaming music•3D gaming•Faster web browsing

Includes all 3G features plus:•On-demand video•Video conferencing•High-quality streaming video•High-quality Voice-over-IP (VoIP)•Added security features

Trends: 4G will be the winner

Page 8: Mobile security trends

8

WiMAX vs. Wi-Fi

WiMAX Wi-Fi

Speed Up to 4 Mbps Up to 2 Mbps

Bandwidth Up to 75 Mbps Up to 54 Mbps

Range 30 miles (50 km) 100 feet (30 m)

Intended Number of Users 100+ 20

Quality of Service Weaker encryption (WEP or WPP)

Stronger encryption (TDES or AES)

Trends: Both WiMAX and Wi-Fi will co-exist for the foreseeable future

Page 9: Mobile security trends

9

NFC• Based on RFID Technology at 13.56 MHz• Operating distance typically up to 10 cm• Compatible with today’s field-proven contactless RFID technology

• Data exchange rate today up to 424 kilobits/s• Uses less power than Bluetooth• Does not need pairing

Trends: NFC will get wider use due to payment and ticketing apps

Page 10: Mobile security trends

10

Mobile Application Trends

• Payment• Using your phone to pay will become a reality

• Federal Government Adoption• Mobile apps will become more widely used• Cloud and Mobile Computing

• During an appearance in Silicon Valley, Aneesh Chopra, the nation’s first-ever CTO, acknowledged the inevitable emergence of cloud and mobile as solutions for the federal government, but sees them as supplementing, rather than replacing, legacy systems

• Transportation Department gets $100 million for mobile apps

Page 11: Mobile security trends

11

Mobile Application Trends (cont.)

• Federal Government Adoption (cont.)• FBI – most wanted listing app on iPhone• IRS – check refund status• The White House mobile app – news, videos, podcasts,

blogs, etc.• Productivity tool

• Mobile apps will become more mature over time• Banking

• Check balances, transfer funds, etc.

Page 12: Mobile security trends

12

Mobile Application Trends (cont.)

• Entertainment• Videos, gaming, etc.

• Social networking• Facebook• Twitter• Foursquare• Linkedin• Any new apps?

• Activists• Collective bargaining and

strikes• Other

• Price comparison for various products

Page 13: Mobile security trends

13

Wi-Fi Security Trends

• Use a strong password• Don’t broadcast your SSID• Use good wireless encryption (WPA, not WEP)• Use another layer of encryption when possible (e.g. VPN, SSL)• Restrict access by MAC address• Shut down the network and wireless network when not in use• Monitor your network for intruders• Use a firewall

Trends: More Wi-Fi hotspots (but more attacks on hotspots as well) – avoid free Wi-Fi whenever possible; Wi-Fi-enabled mobile devices can become the stepping stone to your secured network

Page 14: Mobile security trends

14

4G Security Trends

• Backward compatibility to 3G or GSM capabilities exposes 4G to 3G and GSM security vulnerabilities

• 4G also has a roaming vulnerability associated with mutual authentication: a fake network can easily claim to be a “roaming partner”

Trends: More bandwidth comes with a greater possibility of being attacked

Page 15: Mobile security trends

15

Bluetooth Security Trends

• Bluejacking• Sending either a picture or a message from one user to an

unsuspecting user through Bluetooth wireless technology.• DoS Attacks• Eavesdropping• Man-in-the-middle attacks• Message modification• NIST published a Guide to Bluetooth Security in 2008

Trends: Dependent on new apps on bluetooth – I don’t see any significant increase in attacks on bluetooth

Page 16: Mobile security trends

16

NFC Security Trends

• Ghost and Leech Attack• Hacker’s RFID reader steals or transmits credentials to a

fake RFID card• Eavesdropping

• Hacker must have a good receiver and stay close• To avoid this, use a secure channel as compensating

control• Data Corruption

• Jams the data so that it is not readable by the receiver• Check RF field as compensating control.

Page 17: Mobile security trends

17

NFC Security Trends (cont.)

• Data Modification• Changes the semantics of the data• Use secure channel

Trends: iPhones, iPads, and iPods will have NFC; Secure channels for NFC; Payments through smartphones will replace plastic cards and keys; Google Wallet and the security

Page 18: Mobile security trends

18

Attack on the app

• Currently, Androids are the target due to Google’s loose vetting process• According to USA Today (June 5, 2011), Google had to

remove 25 apps from the Android market, but not before 125,000 users have downloaded the apps1

• These apps allow hackers to download more malicious programs when the user makes phone calls

• iPhones and iPads are lightly hacked – but will become targets in the future

Trends: Apps will be more vulnerable to attacks in the future

1 http://www.usatoday.com/tech/products/2011-06-03-tougher-security-sought-in-google-apple-devices_n.htm

Page 19: Mobile security trends

19

Data Protection for Mobile Device and Trends

• File-level encryption (PocketCrypt or PointSafe)• Encryption of data in the transit• Remote data wipe-out• Device tracking• Data backup (Cloud Storage As Service)• Mobile Device Management (MDM)- Example GSA use Fiberlink.

Trends: Currently, the market is very fragmented, and consolidation will take place over the time.

Page 20: Mobile security trends

20

Gartner Predications

• 2014 will witness over 3 billion mobile users worldwide

• Mobiles phones will become the preferred and most commonly used web device globally by 2013.

• As a result, a large number of mobile applications will be built for multiple platforms (Android, J2ME, Symbian, iOS, etc.) and domains (mobile payments, mobile, commerce, mobile VAS, etc.).

Page 21: Mobile security trends

21

Do Cell Phones Cause Cancer?

• According to an article in the HuffingtonPost (June 1, 2011):• The World Health Organization announced that cell

phones could possibly cause cancer.• The WHO’s cancer research arm, the International Agency

for Research on Cancer, classifies cell phones as a class 2b possible carcinogen. “The IARC also identified known as well as probable carcinogens, including a few others which some of us come into contact with on a regular basis.” 1

• CNN link: http://www.cnn.com/2011/HEALTH/05/31/who.cell.phones/index.html

1 http://www.huffingtonpost.com/2011/05/20/cell-phone-radiation_n_864799.html

Page 22: Mobile security trends

22

Topics for discussion

• What is the security policy for mobile technology in your organization?

• How can data be protected?• Data encryption for mobile device• Data Loss Prevention for mobile technology• Mobile technology and cloud computing• Trends on Telecommuting or telework