Professional Documents
Culture Documents
Module 13
Simplifying Security.
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
May16,2011
AndroidMalwareJumps400PercentasAll
MobileThreatsRise
Mobilesecurityisthenewmalwarebattlefieldasattackerstakeadvantage
ofuserswhodontthinktheirsmartphonescangetcompromised.
CyberattackersaregunningforGooglesAndroidastheytakeadvantageof
auserbasethatisunaware,disinterestedoruneducatedinmobile
security,accordingtoarecentresearchreport.
Malwaredevelopersareincreasinglyfocusingonmobiledevices,and
Androidmalwarehassurged400percentsincesummer2010,accordingto
theMaliciousMobileThreatsReport2010/2011releasedMay11.The
increaseinmalwareisaresultofusersnotbeingconcernedaboutsecurity,
largenumberofdownloadsfromunknownsourcesandthelackofmobile
securitysoftware,accordingtotheJuniperNetworksGlobalThreatCenter,
whichcompiledthereport.
Thatswherethemomentumisfor2011,saidDanHoffman,Junipers
chiefmobilesecurityevangelist.Itsimportanttorememberthatmobile
malwarestillaccountsforlessthan1percentofallmalwaredetected
globally.
http://www.eweek.com
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
(Reuters) Hackersareincreasinglyaimingattacksatsmartphones,touchingoffarace
amongsoftwaregiants,startupsandtelecomoperatorsseekingtocashinonwaystohelp
consumersprotectthemselves.
Asthepreviouslyfragmentedsmartphonemarketcoalescesaroundbigoperatingsystems
likeApple'siPhoneandGoogle'sAndroid,ithasbecomeamoreattractivetargetfor
hackersseekingtomaximizedamagewithonehit.
That'screatingabigbusinessopportunityforeveryonefromtraditionalantivirusplayers
likeIntel'sMcAfeetomobileoperatorslikeFranceTelecomandhandsetmakerslikeNokia.
MarketresearchfirmInfonetics forecastssalesofmobilesecuritysoftwarewillgrow50
percentayearthrough2014tohit$2billion.
http://www.reuters.com
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Objectives
MobilePhoneAntiVirusTools
MobileDeviceSecurity
SecureBluetoothConnectivity
MobilePhoneServices
SecuringiPhoneandiPad
MobileDeviceSecurityRisks
SecuringBlackberryand
WindowsPhone7Mobiles
MobileMalware
ThreatstoBluetoothDevices
MobileSecurityTools
MobileSecurityProcedures
MobilePhoneSecurityChecklists
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Introduction
toMobile
Security
Mobile
Security
Threats
Mobile
Security
Procedures
Mobile
Security
Tools
Securing
BlackBerry
andWindows
Phone7
Mobiles
Securing
iPhone,
andiPad
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Nokia
281,065.8
Samsung
WorldwideMobileDevice
SalestoEndUsersin2011
114,154.6
LGElectronics
Apple
SonyEricson
Motorola
ZTE
46,598.3
41,819.2
38,553.7
28,768.7
HTC
24,688.4
Huawei
23,814.7
488,569.3
Others
Therateofmobiledevice
adoptionandsophistication
isincreasing rapidly
Mobiledevicessuchas
smartphones,PDAs,and
laptopsfacilitateseamless
communication and
informationstorageandhave
beenanincalculable
productivityboonfortoday's
enterprises
Mobiledevicesoffer
flexibility andconvenience,
whileatthesametime
mobilitypresentssignificant
security challenges forIT
securityadministratorsand
otherusers
http://www.gartner.com
6
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Android
67,224.5
Symbian
111,576.7
37.6%
Asmartphoneisamobilephonethathasan
identifiableoperatingsystemandoffersmore
advancedcomputingabilityandconnectivity
thanacontemporaryfeaturephone
22.7%
15.7%
4.2%
46,598.3
3.8%
iOS
12,378.2
11417.4
Other OS
Microsoft
http://www.gartner.com
7
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
IMEI Number
International
MobileEquipment
Identity(IMEI)isa
numberuniqueto
everymobile
phone
Itcanalsobe
displayedon
phonesscreen
byentering
*#06#
IMEIisa15digit
numberandis
usuallyfound
printedinsidethe
battery
compartmentofthe
phone
Itisusedto
deactivatethe
phoneifitis
stolenorlost
Note:The*#06#doesnotworkforallmobilephones
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Introduction
toMobile
Security
Mobile
Security
Threats
Mobile
Security
Procedures
Mobile
Security
Tools
Securing
BlackBerry
andWindows
Phone7
Mobiles
Securing
iPhone
andiPad
10
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Security
Risks
11
Mobile
Malware
Application
Vulnerabilities
Lostor
Stolen
Devices
Unauthorized
Access
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Mobile Malware
Mobilemalwarecomesthroughemails,IMs,Bluetooth,memorycards,andWiFi
Malwaremayspreadwhenrogue software isinstalled
AninfectedPCcaninfectamobilephoneviaIR andBluetooth
Mobilemalware
canmonitorand
recordallthe
actionsona
mobilephone
Mobilemalware
mayallowan
attackertosilently
turnthephoneon
andlistentothe
conversation
Mobilemalware
cancapture
emails,text,and
multimedia
messages
12
Mobilemalwarecan
makethephone
workslowly,crash
thephone,andwipe
outcontactsand
otherinformationon
thephone
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
MobileOperating
Systems
1.
2.
3.
4.
5.
6.
7.
Applications
Symbian
WindowsPhone7
WindowsMobile
PocketPC
iOS
RIM
Android
1. Webbrowser
2. Mobilebanking
application
3. Mobilegaming
13
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Bluejacking
Bluesnarfing
ABluesnarfing attackislaunchedusing
theBluejacking technique
Bluejacking referstoanonymously
sendinganelectronicbusinesscard
orphototoanotherBluetoothuser
Itallowsanattackertoaccesstheaddress
book,contactinformation,email,andtext
messagesonanotheruser'smobilephone
Bluesniping
WarNibbling
Bluesnipingusesahighlydirectional
antennaandlaptoptoestablish
connectionswithBluetoothenabled
devicesfrommorethanhalfamileaway
Warnibblingreferstofinding
unsecuredorunpatchedBluetooth
connectionsandcruisingforopen
802.11networks
14
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Introduction
toMobile
Security
Mobile
Security
Threats
Mobile
Security
Procedures
Mobile
Security
Tools
Securing
BlackBerry
andWindows
Phone7
Mobiles
Securing
iPhone
andiPad
15
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
16
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Downloadyourphone's
updatetoyourmobile
devicetoinstallthepatch
Backup allthedataandfiles
onyourmobilephone
Install thepatchfiletoyour
device
Turn off yourmobilefor5to
10minutesbeforeyoustart
usingthemobilephone
Updating
17
Updated
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
UsePINcodestolockthe
phone
Donottalkwhiledriving
Turnofftheringer
Donotleavethehandsetin
thevehicle
Dontwalkandtext
Neverleavethephone
unattended
Recordtheunique15or17
digitcodeIMEInumber
18
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
InformthelocalpoliceandfileFirstInformation
Report(FIR)
Contacttheserviceproviderandtellthemtocancel
theSIMcard
Claimthemobilephoneinsurancetoreplacethe
costofthehandset
19
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
20
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
21
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
EncryptingstoredfilesonBlackberry
smartphones:
Toencryptinternalfiles:
TurnontheContentProtectionoption
(Options SecurityOptions
GeneralSettings)
Itensuresthatevenifthemobilephone
islost,thedatacannotbeaccessed
onceitisencrypted
Toencryptexternalfiles:
TurnonMediaCardSupport(Options
MediaCardor Options Memory
MediaCardSupport)
MobilephonessuchasBlackberriescan
encryptdataasastandardfeature
whereasothermobilephonesrequire
specialapplicationstoencryptdata
Settheencryptionmodeforthe
externalfilesystem.TheBlackBerry
smartphoneencryptsfilesstoredonthe
mediacard
Choosewhethertoencryptmediafiles
inexternalmemoryonlyonthe
BlackBerrysmartphone
22
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Enable Auto-Lock
Feature
Autolocksecurityfeatureallowsonlyauthorizedviewingofmobilephonedata
Anunauthorizedusercannotvieworevenusethephoneoncetheautolock
optionisenabled.Inmostcasesvalidpinnumberhastobeentered
Generalstepstoenableautolockoptiononmobilephones:
Navigatetoyourcellphonesmainmenuscreen
andselecttheiconlabeledSettings
ChooseaPINnumber thatyouwillrememberto
unlockyourdeviceoncetheautolockfeaturehas
beensaved
LocatetheSecurity optionandpressOK or
Home toselectit
TypeyourfourtoeightdigitPINcodeonthe
keypad.PresstheSave buttontosaveyourpin,and
initiatetheautolockfeature
ScrolldownandfindtheAutoLock featureon
thelistofsecurityoptions
PresstheEnd buttontoreturntothemainmenu
23
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Toreducetheriskofmalwareandinstallingunsignedapplications,
followtheguidelines:
Identifythefilescreatedonthephonebytheapplicationduringtheinstallation
Alwaysinstalltheapplicationsonexternalstorage memorycards
Donotdownloadmobilesoftwarefromanyuntrustedthirdpartyvendors
Ensurethequalityandaccountability ofmobileapplicationsbycarefully
investigatingthevendor
Alwaystrytodownloadtheapplicationsfromthemarketplace providedbythe
mobilemanufacturer
24
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
http://www.fsecure.com
Antivirussoftwareprevents,detects,and
removesmalwareincludingviruses,worms,and
trojanhorses
Someofthemobileantivirussoftwareinclude
Nortonmobilesecurity,FSecuremobilesecurity,
Kasperskymobileantivirus,etc.
http://us.mcafee.com
25
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
KasperskyAntivirusMobile
http://us.norton.com
http://www.kaspersky.com
ESETMobileAntivirus
BitDefender MobileSecurity
http://www.eset.com
http://www.bitdefender.com
TrendMicroMobileSecurity
Avast!PDAEdition
http://us.trendmicro.com
http://www.avast.com
SymantecAntivirusfor
Handhelds
AviraAntiVir Mobile
http://www.avira.com
http://www.symantec.com
26
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
BasicBluetoothsecurity
mechanismrefersto
identifyingwhetheradevice
isin"Visible/Discoverable"
modeor"nonvisible/non
discoverable"mode
TurnOFF
Bluetooth
TurnoffBluetooth
interfaceswhennotinuse,
anddisableBluetooth's
discoveryfeature
Bluetooth
Security
UseStrong
PIN
27
ChooseastrongPIN for
connectingtheBluetooth
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Introduction
toMobile
Security
Mobile
Security
Threats
Mobile
Security
Procedures
Mobile
Security
Tools
Securing
BlackBerry
andWindows
Phone7
Mobiles
Securing
iPhone
andiPad
28
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Enterafourdigit
passcodethatcanbe
remembered;reenter
ittoconfirm
Pressitagainand
iPhonewillaskyouto
enterapasswordto
unlockit
Pressthepower
buttontoputiPhone
tosleep
29
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Enterthecurrentpassword(ifitisfor
thefirsttimecontact,waitandfind
outthedefaultSIMPINcode)
Enterthenew password,afourdigit
passcode thatcanberemembered
andreenterittoconfirm
30
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
RemapHomeButton
TapiPhone'sSettingsapp taponGeneral
selectHomeButton
Insteadof"PhoneFavorites,"selecteither
Home oriPod
31
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
iPad Security
AutoLockFeatureiniPad
Settheautolock featuretoturnoffthedisplayand
preventunintendedoperationofyouriPad
TosettheamountoftimebeforeiPad locks,select
General selectAutoLock specifythetime
PasscodeLock
Tosetapasscode,selectGeneral clickPasscodeLock
selectTurnPasscodeOn
Enterafourdigitpasscode enterthepasscodeagain
toverify
iPad thenrequiresyoutoenterthepasscodetounlockit
ortodisplaythepasscodelocksettings
Tosethowlongbeforeyourpasscodeisrequired,select
General clickPasscodeLock enterpasscode
TapRequirePasscodeandselecthowlongiPad canbe
idlebeforeyouneedtoenterapasscodetounlockit.
Toturnthepasscodeoff,selectGeneral clickPasscode
Lock clickTurn Passcode Off enteryourpasscode
32
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Introduction
toMobile
Security
Mobile
Security
Threats
Mobile
Security
Procedures
Mobile
Security
Tools
Securing
BlackBerry
andWindows
Phone7
Mobiles
Securing
iPhone
andiPad
33
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
key clickSave
ToturnofftheBlackBerrydevices
password,cleartheEnablecheckbox
34
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
35
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
36
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Lockingthedevicewheninsertedinthe
holster:
OntheHomescreenorinafolder,click
Options
OntheHomescreenorinafolder,click
Options
Pressthe
keyclick Save
keyclick Save
37
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
keyandclickOpen
3. Changethepasswordinformation
4. Pressthe
keySave
Addapasswordtothepasswordkeeper
1. OntheHomescreenorintheApplications folder,
clickthePasswordKeeper icon
2. Pressthe
information
3. Pressthe
key
38
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
39
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
40
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
StepstoturnONSIMsecurity
OnStart,click/tapPhone
TurnonSIMSecurity
clickMore
clickCallSettings
41
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
InSettings,tapLock&wallpaper
Ifthephonealreadyhasapasswordandyouwanttochangeit,tapChange
password enterthephone'scurrentpassword intheCurrentpassword
textboxbeforeenteringyournewpassword
TapDone tosaveyourchanges
42
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
43
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Introduction
toMobile
Security
Mobile
Security
Threats
Mobile
Security
Procedures
Mobile
Security
Tools
Securing
BlackBerry
andWindows
Phone7
Mobiles
Securing
iPhone
andiPad
44
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
http://www.bak2u.com
45
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Resco BackupforPocketPC
https://www.wavesecure.com
http://www.resco.net
SpriteTerminator
SecuBox
http://www.spritesoftware.com
http://www.aikosolutions.com
Airscanner MobileEncrypter
eWallet
http://www.airscanner.com
http://www.iliumsoft.com
MobileSecurity
KasperskyMobileSecurity
http://www.fsecure.com
http://usa.kaspersky.com
46
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Summary
MobilephonesarebecomingthenewPCstocheckemailandbrowsetheInternet
Mobilemalwarecomesthroughemail,IMs,Bluetooth,memorycards,andWiFi
Bluetoothisanopenstandardwirelesstechnologyforexchangingdataovershort
rangeradiofrequenciesfromfixedtomobiledevicesbycreatingWirelessPersonal
AreaNetworks(WPANs)
Allapplicationsshouldbeupdatedregularlywiththepatchesreleasedbythevendor
Useantivirussoftwaretoprevent,detect,andremovemalwareincludingviruses,
worms,andTrojanhorses
Bluetoothdevicesshouldbeconfiguredbydefaultas,andremain,undiscoverable
exceptasneededforpairing
47
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
48
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
EnsurethatBluetoothdevicesareturnedoffwhentheyarenotinuse
49
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Useantivirusandantispywaresoftwareformobiledevices
Encryptsensitivedata onthedeviceandregularlybackupmobiledatatoaPC
Whenenteringacrowdedzone,makesuretheBluetoothisswitchedoff
Neverfollowlinksfromunsolicitedemailortextmessages
NevertransmitsensitiveinformationwhenconnectedtotheInternetatpublic
places(shoppingmalls,cafes,etc.)
WipeallthedatabeforedisposingofwirelessdevicesandProperlyreadthedevice
usermanualstoensureappropriateprotection
50
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.