Mobile security trends
Transcript of Mobile security trends
_experience the commitment TM
Security Trends in a Mobile Environment: Access in an Anytime, Anywhere World
Ken Huang & James Hewitt
HDI Executive Forum | June 22, 2011
2
About CGI
• Full Service IT company• Managed service, BPO• IP based Business Solutions• SI&C• Cloud and Mobile Computing:
• Cloud IT services• Cloud security services
• Approximately 31,000 professionals worldwide
• Total Revenue: $4.5 Billion.
3
Who Are We?
• Ken Huang• Director of Security Engineering
• Cloud/Mobile Security• ST&E• IDAM• E-Signature, etc.• Frequent Speaker• Blog: http://cloud-identity.blogspot.com/• Linkedin: www.linkedin.com/in/kenhuang8• Twitter: http://twitter.com/#!/kenhuangus
• James Hewitt• Director of Security Governance
• CISO• ST&E• Database Security• Frequent Speaker• Linkedin: http://www.linkedin.com/pub/jim-hewitt/0/6ab/552
4
Topics
• Mobile Technology and Trends• Mobile Application and Trends• Mobile Security and Trends• Data Loss Prevention for Mobile Devices and Trends
• Discussion Topics
5
Mobile Technology and Trends
Technology Trends
Wi-Fi •More Wi-Fi hotspots will be added•Wi-Fi still plays a huge role in WLAN
3G & 4G•3G will gradually phase out•4G networks will increase, as it is a major competing ground for carriers to attract new customers
Bluetooth •Will continue to be used to connect personal network devices
NFC •Will gain more momentum for payment, ticketing, and check-in devices
6
Mobile Technology and Trends
Technology TrendsWiMAX (Worldwide Interoperability for
Microwave Access)• Sprint
WiMAX and LTE are the winners3GPP LTE (3rd Generation Partnership Project Long Term Evaluation)
• AT&T• Verizon Wireless
UMB (Ultra Mobile Broadband) Being replaced by LTE
Flash-OFDM (Fast Low-Latency Access with Seamless Handoff Orthogonal Frequency Division Multiplexing)
• T-Mobile Germany
7
3G vs 4G Networks
3G 4G
DSL speeds Wired network speeds
Max speed up to 3.1 Mbps Max speed up to 100+ Mbps
Includes all 2G and 2.5G features plus:•Real-time location-based services•Full motion videos•Streaming music•3D gaming•Faster web browsing
Includes all 3G features plus:•On-demand video•Video conferencing•High-quality streaming video•High-quality Voice-over-IP (VoIP)•Added security features
Trends: 4G will be the winner
8
WiMAX vs. Wi-Fi
WiMAX Wi-Fi
Speed Up to 4 Mbps Up to 2 Mbps
Bandwidth Up to 75 Mbps Up to 54 Mbps
Range 30 miles (50 km) 100 feet (30 m)
Intended Number of Users 100+ 20
Quality of Service Weaker encryption (WEP or WPP)
Stronger encryption (TDES or AES)
Trends: Both WiMAX and Wi-Fi will co-exist for the foreseeable future
9
NFC• Based on RFID Technology at 13.56 MHz• Operating distance typically up to 10 cm• Compatible with today’s field-proven contactless RFID technology
• Data exchange rate today up to 424 kilobits/s• Uses less power than Bluetooth• Does not need pairing
Trends: NFC will get wider use due to payment and ticketing apps
10
Mobile Application Trends
• Payment• Using your phone to pay will become a reality
• Federal Government Adoption• Mobile apps will become more widely used• Cloud and Mobile Computing
• During an appearance in Silicon Valley, Aneesh Chopra, the nation’s first-ever CTO, acknowledged the inevitable emergence of cloud and mobile as solutions for the federal government, but sees them as supplementing, rather than replacing, legacy systems
• Transportation Department gets $100 million for mobile apps
11
Mobile Application Trends (cont.)
• Federal Government Adoption (cont.)• FBI – most wanted listing app on iPhone• IRS – check refund status• The White House mobile app – news, videos, podcasts,
blogs, etc.• Productivity tool
• Mobile apps will become more mature over time• Banking
• Check balances, transfer funds, etc.
12
Mobile Application Trends (cont.)
• Entertainment• Videos, gaming, etc.
• Social networking• Facebook• Twitter• Foursquare• Linkedin• Any new apps?
• Activists• Collective bargaining and
strikes• Other
• Price comparison for various products
13
Wi-Fi Security Trends
• Use a strong password• Don’t broadcast your SSID• Use good wireless encryption (WPA, not WEP)• Use another layer of encryption when possible (e.g. VPN, SSL)• Restrict access by MAC address• Shut down the network and wireless network when not in use• Monitor your network for intruders• Use a firewall
Trends: More Wi-Fi hotspots (but more attacks on hotspots as well) – avoid free Wi-Fi whenever possible; Wi-Fi-enabled mobile devices can become the stepping stone to your secured network
14
4G Security Trends
• Backward compatibility to 3G or GSM capabilities exposes 4G to 3G and GSM security vulnerabilities
• 4G also has a roaming vulnerability associated with mutual authentication: a fake network can easily claim to be a “roaming partner”
Trends: More bandwidth comes with a greater possibility of being attacked
15
Bluetooth Security Trends
• Bluejacking• Sending either a picture or a message from one user to an
unsuspecting user through Bluetooth wireless technology.• DoS Attacks• Eavesdropping• Man-in-the-middle attacks• Message modification• NIST published a Guide to Bluetooth Security in 2008
Trends: Dependent on new apps on bluetooth – I don’t see any significant increase in attacks on bluetooth
16
NFC Security Trends
• Ghost and Leech Attack• Hacker’s RFID reader steals or transmits credentials to a
fake RFID card• Eavesdropping
• Hacker must have a good receiver and stay close• To avoid this, use a secure channel as compensating
control• Data Corruption
• Jams the data so that it is not readable by the receiver• Check RF field as compensating control.
17
NFC Security Trends (cont.)
• Data Modification• Changes the semantics of the data• Use secure channel
Trends: iPhones, iPads, and iPods will have NFC; Secure channels for NFC; Payments through smartphones will replace plastic cards and keys; Google Wallet and the security
18
Attack on the app
• Currently, Androids are the target due to Google’s loose vetting process• According to USA Today (June 5, 2011), Google had to
remove 25 apps from the Android market, but not before 125,000 users have downloaded the apps1
• These apps allow hackers to download more malicious programs when the user makes phone calls
• iPhones and iPads are lightly hacked – but will become targets in the future
Trends: Apps will be more vulnerable to attacks in the future
1 http://www.usatoday.com/tech/products/2011-06-03-tougher-security-sought-in-google-apple-devices_n.htm
19
Data Protection for Mobile Device and Trends
• File-level encryption (PocketCrypt or PointSafe)• Encryption of data in the transit• Remote data wipe-out• Device tracking• Data backup (Cloud Storage As Service)• Mobile Device Management (MDM)- Example GSA use Fiberlink.
Trends: Currently, the market is very fragmented, and consolidation will take place over the time.
20
Gartner Predications
• 2014 will witness over 3 billion mobile users worldwide
• Mobiles phones will become the preferred and most commonly used web device globally by 2013.
• As a result, a large number of mobile applications will be built for multiple platforms (Android, J2ME, Symbian, iOS, etc.) and domains (mobile payments, mobile, commerce, mobile VAS, etc.).
21
Do Cell Phones Cause Cancer?
• According to an article in the HuffingtonPost (June 1, 2011):• The World Health Organization announced that cell
phones could possibly cause cancer.• The WHO’s cancer research arm, the International Agency
for Research on Cancer, classifies cell phones as a class 2b possible carcinogen. “The IARC also identified known as well as probable carcinogens, including a few others which some of us come into contact with on a regular basis.” 1
• CNN link: http://www.cnn.com/2011/HEALTH/05/31/who.cell.phones/index.html
1 http://www.huffingtonpost.com/2011/05/20/cell-phone-radiation_n_864799.html
22
Topics for discussion
• What is the security policy for mobile technology in your organization?
• How can data be protected?• Data encryption for mobile device• Data Loss Prevention for mobile technology• Mobile technology and cloud computing• Trends on Telecommuting or telework