Convenience product security
Download
1 / 10

Convenience product security - PowerPoint PPT Presentation


  • 143 Views
  • Uploaded on

Convenience product security. Collin Busch. What is a convenience product?. A convenience product is a device or application that makes your life easier For the purpose of this presentation, we will examine different cell phones, apps, and the security behind them

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Convenience product security' - gibson


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

What is a convenience product
What is a convenience product?

  • A convenience product is a device or application that makes your life easier

  • For the purpose of this presentation, we will examine different cell phones, apps, and the security behind them

  • Security software such as findmyphone

  • Browser security on mobile devices


The default
The default

  • By default, a brand new phone or tablet will not have basic levels of security

  • There will be no password or lock until it is set up

  • Different applications on the phone may handle their own security

    • Email clients may use SSL/TLS depending on the client/server

    • Browsers accessing certain websites may use https instead of http

    • Certain programs such as banking apps may have built in encryption


Default vulnerabilities
Default vulnerabilities

  • If you keep your device or program at base security, your entire phone is vulnerable.

  • In the case of an iPhone or iPad, one swipe will let anyone access all of the data stored on your phone.

  • The most important thing you can do to a mobile device to keep it safe is to require a passcode or pattern


Security breach in ios 7
Security Breach in IOS 7

  • Even if your device is protected by a password lock, it may still be accessible.

  • Due to bugs or bad programming, a sequence of actions may allow you access to a mobile device.

  • On an iPhone running IOS 7, you could bypass the lock screen without a passcode, and have access to the camera and stored photos as well as any app that would share these photos, such as Twitter, Facebook, and email apps.


Patching ios 7 breach
Patching IOS 7 breach

  • In IOS 7.0.2 it was documented that this breach was now closed, and that you could no longer bypass the IOS 7 lockscreen

  • 7.0.2 was released September 26 2013, 8 days after IOS 7 was release and 7 days after the exploit was discovered.

  • For an entire week, brand new software release by a huge and experienced software company had a gaping security hole

  • A simple lock screen is not enough.


Android vulnerabilities
Android vulnerabilities

  • Many android users are still using the “gingerbread” operating system, which is version 2.3.3 to 2.3.7, which was released in 2011.

  • This out of date OS has a number of vulnerabilities, including”

    • SMS message trojans which continually text a premium rate unknown to the user, resulting in extremely high charges that are usually only noticed at the end of the month/billing cycle

    • Rootkits: in 2011 a software developers rootkit was found on millions of android phones, which logged keystrokes, passwords, and user location data without the user’s knowledge

    • Malicious google play software- the play store is not as strictly monitored as the Apple store, so there are a number of malware programs masquerading as legitimate programs.


Biometric bypassing
Biometric bypassing

  • The iPhone 5s implemented a fingerprint biometric scanner to allow “secure” access to the phone

  • This biometric scanner was fooled when a hacking team photographed a fingerprint that had been left on a glass surface.

  • Retina scanners can also be bypassed because the scanner reads the “code” of the retina without checking that there is actually an eye.

  • Synthetic retina “codes” can be used to bypass most retina scanners, such as the one available for android.

  • As demonstrated in the previous vulnerabilities, you need some sort of security past lock screens


How to protect yourself
How to protect yourself

  • During web browsing, try to use sites that have https:// in their header.

  • You may be able to download software such as httpseverywhere to further secure browsers (this is also relevant on computers)

  • Disable automatic connections so that your device does not automatically connect to what could be a wifi network that will steal data from your phone

  • Encrypt your data so that if it is transmitted it is not realistically usable.

  • Consider anti malware software- malware for both android and IOS exists


Works cited
Works cited

  • http://www.bbb.org/blog/2013/09/warning-security-holes-found-in-new-iphone-ios7-update/

  • http://en.wikipedia.org/wiki/IOS_7

  • http://www.businessinsider.com/android-security-vulnerability-2013-8#!JOv0m

  • http://publicintelligence.net/dhs-fbi-android-threats/

  • http://www.entrust.com/bypassing-fingerprint-biometrics-nothing-new/

  • http://allgsmtips.com/default-security-code-of-all-mobile-phones/