28
Mobile App Security and Malware in Mobile Platform Siupan Chan Sales Engineering Manager, Greater China 23 September, 2016

Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

  • Upload
    others

  • View
    3

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Mobile App Security and Malware in Mobile Platform

Siupan ChanSales Engineering Manager, Greater China

23 September, 2016

Page 2: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

The Mobile Security Epidemic

2

Page 3: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

2020

45%

40%

15%

2013

6%

A Radical Shift is Occurring“When will your organization cease to provide personal devices?”

*Source: Bring Your Own Device: The Facts and the Future, 2013n=2053 CIOs, worldwide

38%

2016

No BYOD*

All BYOD

Mixed

Page 4: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Trends

41) HM Gov’t, Information Security Breaches Survey 20152) Ovum, Employee Mobility Survey 2014

Data breaches involving smartphones or tablets

more than doubled in 2015 (1)

2x

of large organizations have had a security or

data breach involving smartphones or tablets in 2015 (1)

15%66%

26%

Smartphones Tablets Laptops

40%

17%

54%

17%

of employees say they use their personal smart-

phones for work; their companies think only 25% do… (2)

2/3

Work use reported by employees

Work use reported by IT in companies

Security or data breaches involving mobile devices are on the rise

More people use mobile devices for work than their companies think

Page 5: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Productivity/Management vs Security

Provide services while balancing both

• Secure the data

• Protect the customers

• Protect the users

• Protect the business

• Just let me do my job

• No training required

• Ease of use

• Access data on demand

Page 6: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,
Page 7: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

The Android Security Challenge

According to Sophos Labs,During the years 2010-2014, we have collected 1.1 million unique samples of malware

For 2014, we've identified about 500,000 new unique pieces of malware

And another 500,000 unique PUAs

From Sept 2013 – Sept 2014, there was an 1800% increase in malware

Page 8: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Android Malware Growth

Page 9: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Phishing via SMS

Page 10: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Your location has been shared 5398 times

Page 11: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Apple and Google in mobile malware slip-up

Page 12: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Anatomy of a security hole - Android Master Key

Page 13: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Anatomy of a security hole - Android Master Key

Page 14: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Quadrooter – the biggest bugs ever found

Page 15: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Apple iOS – zero-day attack seen in the wild

1. WebKit bug: visiting a maliciously crafted website may lead to arbitrary code execution.

2. Kernel bug: an application may be able to disclose kernel memory.

3. Kernel bug: an application may be able to execute arbitrary code with kernel privileges.

Page 16: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

FBI cracks *that* iPhone

Page 17: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

FBI or no FBI – how you can crack an iPhone for less than $100

Page 18: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Mobile Management

Page 19: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

BUSINESSDATA

Mobility Management Tomorrow

19

Smartphones/TabletsCOBO, COPE, BYOD

Unified EndpointsWindows, Mac, iOS, Android

IoTConnected homes, cars,

gadgets, pets…

WearablesSmartwatches, WYOD,

activity trackers

Page 20: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Why Is Managing Mobile Devices Important?

20

Enabling use of mobile devices lets users be productive – but comes at a price:

Users want to access everything, from anywhere, all the time

Users find a way to access business resources on unsecured devices

Not managing mobile devices means flying blind, with zero visibility

Manage your mobile devices with Sophos Mobile Control and limit the risks

Page 21: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Containers – Separate Business and Personal Data

21

PERSONALBUSINESS

Page 22: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Container Apps

22

Page 23: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Mobile Security

Page 24: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Mobile Security for Android

24

• Award-winning mobile AV and Malware protection

• Web Filtering

• Spam Protection

• Additional security tools and advisorso Privacy Advisor

o Authenticator

o Secure QR Code Scanner

• Centrally Managed

Page 25: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Mobile Security for iOS

25

• AV on iOS is inefficient

• Vulnerabilities are best fought by staying up-to-date

• Mobile Security for iOS version 1.0:o OS Version Advisor

o Secure QR Code Scanner

o Authenticator

• Not managed

Page 26: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Mobile Security Challenges

26

Security

Management

Page 27: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,

Mobile Security Challenges

•An unsecured device means unsecured dataYou can insure your devices – but what is your data worth?

•EMM helps enforce controls such as password, lock, etc.If you’re not sure, you’re not secure

•Protect Android devices with anti-malware protectionUsers can remove protection, so needs to be enforced

•Malicious websites can also target mobile usersApply web protection to keep web threats at bay

Page 28: Mobile App Security and Malware in Mobile Platform · 9/23/2016  · Enabling use of mobile devices lets users be productive –but comes at a price: Users want to access everything,