mobile banking dangers denise butler rick hebert associates denise8849@gmail com n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Mobile Banking Dangers Denise Butler Rick Hebert & Associates denise8849@gmail PowerPoint Presentation
Download Presentation
Mobile Banking Dangers Denise Butler Rick Hebert & Associates denise8849@gmail

Loading in 2 Seconds...

play fullscreen
1 / 31

Mobile Banking Dangers Denise Butler Rick Hebert & Associates denise8849@gmail - PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on

Mobile Banking Dangers Denise Butler Rick Hebert & Associates denise8849@gmail.com. http://usa.kaspersky.com/internet-security-center/infographics/android-threats. The Phone is Personal. Email Places You’ve Been Photos of Family & Friends Calendar Videos Passwords Facebook Linked In.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Mobile Banking Dangers Denise Butler Rick Hebert & Associates denise8849@gmail' - diana-cobb


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
mobile banking dangers denise butler rick hebert associates denise8849@gmail com
Mobile Banking Dangers

Denise Butler

Rick Hebert & Associates

denise8849@gmail.com

slide2

http://usa.kaspersky.com/internet-security-center/infographics/android-threatshttp://usa.kaspersky.com/internet-security-center/infographics/android-threats

the phone is personal
The Phone is Personal
  • Email
  • Places You’ve Been
  • Photos of Family & Friends
  • Calendar
  • Videos
  • Passwords
  • Facebook
  • Linked In
  • Text Messaging
  • Phone Numbers of People known to you
  • Favorite Websites
  • Games
  • Music
  • Banking Apps
slide4

Mobile Phones are outselling PCs

  • Mobile Phones have all the vulnerabilities of PCs
  • Plus Mobile Phones have additional vulnerabilities
  • Vulnerabilities are increasing
slide5

Google ties Apple with 700,000 Android apps

(October 2012)

https://play.google.com/store/apps/details?id=com.touchtype.swiftkey&feature=top-paid#?t=W251bGwsMSwxLDIwNiwiY29tLnRvdWNodHlwZS5zd2lmdGtleSJd

slide6

SwiftKey replaces the touchscreen keyboard on your phone with one that understands how words work together, giving the world’s most accurate autocorrect - and predicting your next word before you press a key.

The keyboard learns as you use it to make corrections and predictions based on the way that you write. It can learn from your Gmail, Facebook, Twitter or blog to make its insights even more personalized. You can also enable up to three languages simultaneously, for true multi-lingual typing.

“mind-reading capabilities”

slide7

Permissions

  • THIS APPLICATION HAS ACCESS TO THE FOLLOWING:
  • YOUR MESSAGESREAD YOUR TEXT MESSAGES (SMS OR MMS)
  • Allows the app to read SMS messages stored on your device or SIM card. This allows the app to read all SMS messages, regardless of content or confidentiality.
  • NETWORK COMMUNICATIONFULL NETWORK ACCESS
  • Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.
  • PHONE CALLSREAD PHONE STATUS AND IDENTITY
  • Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.
  • STORAGEMODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE
  • Allows the app to write to the USB storage.
slide8

MINECRAFT

  • THIS APPLICATION HAS ACCESS TO THE FOLLOWING:
  • NETWORK COMMUNICATIONFULL NETWORK ACCESS
  • Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.
  • STORAGEMODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE
  • Allows the app to write to the USB storage.
  • Hide
  • SYSTEM TOOLSTEST ACCESS TO PROTECTED STORAGE
  • Allows the app to test a permission for USB storage that will be available on future devices.
  • AFFECTS BATTERYCONTROL VIBRATION
  • Allows the app to control the vibrator.
slide9

Permissions

YOUR ACCOUNTSCREATE ACCOUNTS AND SET PASSWORDS

Allows the app to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords.

ADD OR REMOVE ACCOUNTS

Allows the app to perform operations like adding and removing accounts, and deleting their password.

YOUR LOCATIONAPPROXIMATE LOCATION (NETWORK-BASED)

Allows the app to get your approximate location. This location is derived by location services using network location sources such as cell towers and Wi-Fi. These location services must be turned on and available to your device for the app to use them. Apps may use this to determine approximately where you are.

PRECISE LOCATION (GPS AND NETWORK-BASED)

Allows the app to get your precise location using the Global Positioning System (GPS) or network location sources such as cell towers and Wi-Fi. These location services must be turned on and available to your device for the app to use them. Apps may use this to determine where you are, and may consume additional battery power.

NETWORK COMMUNICATIONFULL NETWORK ACCESS

Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.

slide10

PHONE CALLS DIRECTLY CALL PHONE NUMBERS

  • Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Note that this doesn't allow the app to call emergency numbers. Malicious apps may cost you money by making calls without your confirmation.

READ PHONE STATUS AND IDENTITY

  • Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.

STORAGEMODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE

  • Allows the app to write to the USB storage.

SYSTEM TOOLS INSTALL SHORTCUTS

  • Allows an app to add shortcuts without user intervention.

READ BATTERY STATISTICS

  • Allows an application to read the current low-level battery use data. May allow the application to find out detailed information about which apps you use.

YOUR APPLICATIONS INFORMATIONRETRIEVE RUNNING APPS

  • Allows the app to retrieve information about currently and recently running tasks. This may allow the app to discover information about which applications are used on the device.
slide11

CAMERA TAKE PICTURES AND VIDEOS

  • Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation.
  • OTHER APPLICATION UIDRAW OVER OTHER APPS
  • Allows the app to draw on top of other applications or parts of the user interface. They may interfere with your use of the interface in any application, or change what you think you are seeing in other applications.
  • MICROPHONERECORD AUDIO
  • record audio
  • YOUR SOCIAL INFORMATIONWRITE CALL LOG
  • Allows the app to modify your device's call log, including data about incoming and outgoing calls. Malicious apps may use this to erase or modify your call log.
  • READ YOUR CONTACTS
  • Allows the app to read data about your contacts stored on your device, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge.
  • MODIFY YOUR CONTACTS
  • Allows the app to modify the data about your contacts stored on your device, including the frequency with which you've called, emailed, or communicated in other ways with specific contacts. This permission allows apps to delete contact data.
  • READ CALL LOG
  • Allows the app to read your device's call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge.
slide12

ZEDGE

NETWORK COMMUNICATION

FULL NETWORK ACCESS

  • Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.

STORAGE

  • MODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE
  • Allows the app to write to the USB storage.
slide13

ZEDGE

YOUR SOCIAL INFORMATION

  • READ YOUR CONTACTS
  • Allows the app to read data about your contacts stored on your device, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge.
  • MODIFY YOUR CONTACTS
  • Allows the app to modify the data about your contacts stored on your device, including the frequency with which you've called, emailed, or communicated in other ways with specific contacts. This permission allows apps to delete contact data.
  • READ CALL LOG
  • Allows the app to read your device's call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge.
  • WRITE CALL LOG
  • Allows the app to modify your device's call log, including data about incoming and outgoing calls. Malicious apps may use this to erase or modify your call log.
slide14

ZEDGE

NETWORK COMMUNICATIONVIEW NETWORK CONNECTIONS

  • Allows the app to view information about network connections such as which networks exist and are connected.

SYSTEM TOOLSMODIFY SYSTEM SETTINGS

  • Allows the app to modify the system's settings data. Malicious apps may corrupt your system's configuration.

SET PREFERRED APPS

  • Allows the app to modify your preferred apps. Malicious apps may silently change the apps that are run, spoofing your existing apps to collect private data from you.

TEST ACCESS TO PROTECTED STORAGE

  • Allows the app to test a permission for USB storage that will be available on future devices.
slide15

ZEDGE

YOUR APPLICATIONS INFORMATIONRUN AT STARTUP

  • Allows the app to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the app to slow down the overall device by always running.

WALLPAPER

  • SET WALLPAPER
  • Allows the app to set the system wallpaper.
slide16

NETWORK COMMUNICATION

FULL NETWORK ACCESS

Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.

PHONE CALLSREAD PHONE STATUS AND IDENTITY

Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.

slide17

STORAGE MODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE

  • Allows the app to write to the USB storage.
  • NETWORK COMMUNICATION VIEW NETWORK CONNECTIONS
  • Allows the app to view information about network connections such as which networks exist and are connected.
  • RECEIVE DATA FROM INTERNET
  • Allows apps to accept cloud to device messages sent by the app's service. Using this service will incur data usage. Malicious apps could cause excess data usage.
  • VIEW WI-FI CONNECTIONS
  • Allows the app to view information about Wi-Fi networking, such as whether Wi-Fi is enabled and name of connected Wi-Fi devices.
  • SYSTEM TOOLSTEST ACCESS TO PROTECTED STORAGE
  • Allows the app to test a permission for USB storage that will be available on future devices.
  • AFFECTS BATTERY PREVENT DEVICE FROM SLEEPING
  • Allows the app to prevent the device from going to sleep.
  • CONTROL VIBRATION
  • Allows the app to control the vibrator.
  • DEFAULT CHANGE SCREEN ORIENTATION
  • Allows the app to change the rotation of the screen at any time. Should never be needed for normal apps
portability
Portability
  • Easy to steal
  • All information is lost
  • Attackers can gain access to any information stored
slide19
Apps
  • Apps that appear legitimate may be malicious
  • Few safety evaluation processes are present for Apps
  • Unregulated sources of Apps may encourage bypassing security to make an App run
  • Users anxious to use an app are willing to bypass security features, called “root” or “jailbreaking”
any software can be exploited
Any software can be exploited
  • Eavesdropping (listening in)
  • Crashing the phone software
  • Attacks can originate from a website
  • Services installed on a mobile phone can perform the attack running in the background
phishing vishing smishing
Phishing & Vishing & Smishing
  • Phishing – email sent to link to a website – same as on a PC
  • Vishing – Call the phone and talk the user into revealing passwords and other information
  • Smishing – SMS/MMS messages that trick users by falsely soliciting

For example, charitable donations, spamming after tragedy or other false advertising

slide22

Bluesnarfing

  • Using Blue Tooth to Steal Your Data Off Your Phone
  • Word, Excel, Email Communications

Prevention

  • Disable Blue Tooth
  • Use in Hidden Mode
how important is security
How Important is Security?
  • Mobile Phones can be added to malicious networks and controlled by an attacker (botnet)
  • Software can send device info to attackers for purposes of performing additional attacks
  • Viruses can harm the phone and phone apps and any pcs or networks the phone is attached to
protection
Protection
  • File encryption
  • Remote drive wiping
  • Authentication – device passwords
  • Encrypt backups
  • Anti-virus
  • For VPNs – certificate based authentication
protection1
Protection
  • Enable the password feature
  • Use Secure connections and settings for web sites – https, SSL
  • Don’t follow email links or text message links if you don’t know where the email came from
  • Don’t publish mobile phone numbers on the web
protection2
Protection
  • Think before you download a file or store information on your phone
  • Be wary of all apps, if an app requires you to allow it to have ownership of the phone, don’t use it
  • Always know where your phone is
protection3
Protection
  • Don’t join unknown

Wi-Fi networks

  • Remove information on your phone before you get rid of the phone
  • Check with the manufacturer on how to wipe it clean
location
Location
  • Turn off location tracking for applications that don’t require it
  • Understand how the location information will be used before using it
3 rd party access
3rd Party Access

Root and Jailbreak

  • Don’t use 3rd party software that lets you access portions of the operating system and firmware that you shouldn’t
  • Rooting / Jailbreaking might prevent future releases and feature from being installed
what to do if you lose your phone
What to Do if you Lose Your Phone
  • Report it to your company
  • Contact the Mobile phone provider to limit malicious usage
  • Report to local police
  • Change all passwords, passcodes and other credentials
  • Wipe the phone
  • Use software that can find your phone with GPS
slide31

Sources:

http://news.cnet.com/8301-1035_3-57542502-94/google-ties-apple-with-700000-android-apps/

http://www.us-cert.gov/reading_room/cyber_threats_to_mobile_phones.pdf

Additional Resources

  • US-CERT Resources

• “Technical Information Paper: Cyber Threats to Mobile Devices” (http://www.us-cert.gov/reading_room/TIP10-105-01.pdf)

• “Protecting Portable Devices: Physical Security” (http://www.us-cert.gov/cas/tips/ST04-017.html)

• “Protecting Portable Devices: Data Security” (http://www.us-cert.gov/cas/tips/ST04-020.html)

• “Securing Wireless Networks” (http://www.us-cert.gov/cas/tips/ST05-003.html)

• “Cybersecurity for Electronic Devices” (http://www.us-cert.gov/cas/tips/ST05-017.html)

• “Defending Cell Phones and PDAs Against Attack” (http://www.us-cert.gov/cas/tips/ST06-007.html)