/
Smart Phones and Tablets: Security Issues Smart Phones and Tablets: Security Issues

Smart Phones and Tablets: Security Issues - PowerPoint Presentation

pamella-moone
pamella-moone . @pamella-moone
Follow
347 views
Uploaded On 2018-11-22

Smart Phones and Tablets: Security Issues - PPT Presentation

S Roy 1 Acknowledgement In preparing the presentation slides and the demo I received help from Professor Simon Ou Professor Gurdip Singh Professor Eugene Vasserman Fengguo Wei 2 ID: 732491

device phone app android phone device android app vpn security user ios lock setting ksu smart step passcode time

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Smart Phones and Tablets: Security Issue..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Smart Phones and Tablets: Security Issues

S. Roy

1Slide2

Acknowledgement

In preparing the presentation slides and the demo, I received help from

Professor Simon

Ou

Professor Gurdip SinghProfessor Eugene VassermanFengguo Wei

2Slide3

What is a Smart Phone?

Smart Phone = Phone + Computer + Sensors

Provides various services

phone call, SMS,

computation, storage, accessing the Internet, data download, GPS, camera, and so on …OS:

Android

,

iOS, Windows Mobile, BlackBerryOS Make: Google, Apple, Microsoft, BlackBerryDevice Make: Samsung, Apple, HTC, BlackBerryPopular models: Galaxy S III, iPhone 5Connection/Service Providers: Att, Verizon, T-mobileConnection types: 3G, 4G, Wi-Fi, Bluetooth

3Slide4

What is a Tablet?

Tablet is a specialized mobile computer with a big screen

primarily

operated by touching the screen

used for reading books, watching videos, accessing the Internet, and so on wireless connections: 3G, 4G, Wi-Fi, BluetoothOS: Android,

iOS

p

opular models: Samsung Galaxy Tab, Apple iPad 4Slide5

Why to Secure Smart Phones/Tablets?

T

hese devices can do most of what a

computer

(e.g. a laptop) does.

Smartphones have extra features, such as

GPS, phone calls, SMS

.

Smartphones/tablets

probably

contain lot of

personal

information

.

There is some chance that we can

lose these devices.Recent study shows these devices are a growing target for malware.

Smartphones and tablets need to meet the same security standards as any computer

. The security issues of a smart phone are similar to those of a tablet. So, without loss of generality, we will focus only on smart phone security in this class.

5Slide6

Risks a Smart Phone Faces

Include risks of

insecure Wi-Fi

if this device uses an open Wi-Fi

Include risks of insecure Web browsing if done from this device

Include

a

dditional risks: Physical vulnerability (e.g. attacker physically capturing the phone and performing comprehensive scan)Sensitive information (GPS location, photo, contact list, etc.) leakage 6Slide7

Installing a VPN Client

To avoid the risk of using a smartphone in a public Wi-Fi, you may install a VPN client

As an example, visit KSU ITS website to get

the

instructions for installationAndroid : https://www.ksu.edu/its/security/vpn/androidinstall.html

iOS

:

https://www.ksu.edu/its/security/vpn/iosinstall.htmlFinally, you can use your KSU eID as the username and KSU password as the password to connect to the KSU VPN server.7Slide8

Installing the VPN App on Android: Step 1

8Slide9

Installing the VPN App on Android: Step 2

9Slide10

How to Start the KSU VPN Client?

10Slide11

Connected to the KSU VPN Server

11Slide12

Accessing the IEEE

Xplore Library from any Physical Location

12Slide13

Now let’s do the Hands-On

Activity

Search the Cisco VPN client

app

at the App store, and download it on your phoneInstall it and make the proper setting so that it can connect to the KSU VPN serverStart / Run the VPN client; then securely browse web sites (e.g. yahoo email)Take screenshots of your activitiesConnect your phone to your computer to transfer the screenshots

Use a “paint/photo” edit software to erase any private information present on the screenshots

You may need to submit the screenshots while doing the homework

13Slide14

M

inimize the Phone Data Loss Risk: Using a PIN or Password

A

user should lock the phone screen with a numeric PIN or a password. How long/complex should this PIN be to thwart cracking in a reasonable amount of time?

S

et

a timeout (after this interval the phone gets locked and the user needs to enter PIN)Before doing the PIN setup, ensure that your Android device has the latest updates. 14Slide15

Setting Lock in an Android Device: Step 1

N

avigate

to your devices

settings, and select  Security, then select Set up screen lock

.  

Acknowledgement:

http://xbase.ucdavis.edu/itexpress 15Slide16

Setting Lock in an Android Device: Step 2

Choose one option among the available ones: a

 

Pattern

, PIN, or Password. 

16Slide17

Setting Lock in an Android Device: Step 3

Depending on which option you chose, you will see one of the following three screens:

17Slide18

Setting Lock in an Android Device: Step 4

Return to the 

Security

settings

and set the lockout time. This feature locks your phone after it has been inactive for the length of time you choose.

18Slide19

Setting Lock in an

iOS Device: Step 1

To set a passcode navigate

through the following:

Settings > General > Passcode Lock > Turn Passcode On.  

Acknowledgement:

http://xbase.

ucdavis.edu/itexpress

19Slide20

Setting Lock in an

iOS Device: Step 2

E

nter

a four digit passcode twice and then return to the Passcode Lock settings page. 

Acknowledgement:

http://xbase.

ucdavis.edu/itexpress 20Slide21

Setting Lock in an

iOS Device: Step 3

You can create

a more

complex passcode with spaces and alphanumeric characters, not just numbers.  Y

ou

can also change the 

Require Passcode timing. This feature locks your phone after it has been inactive for the length of time you chooseAt this location you can also enable the Erase Data feature, which will wipe your personal information from your phone after 10 failed passcode attempts.Acknowledgement: http://xbase.ucdavis.edu/itexpress

21Slide22

Unlocking an

iOS Device

Y

our

passcode should unlock your iOS device once the screen has been turned off for the specified Require Passcode timing.  

Acknowledgement:

http://xbase.

ucdavis.edu/itexpress 22Slide23

Further Improvement on Security

Back up

data

on the

device to be sure the data can be recovered Turn off

unused

services if any

such as Wi-Fi, Bluetooth or VPN. unused services could expose your device to unwelcome remote connections.turning off unused services can also prolong the device’s battery lifeLabel the device with minimal contact information such as an email address or office phone number. If you lose the device, report the loss to police. 23Slide24

Encryption and Remote Wipe Options

A

n

iPhone

(and an android phone) can encrypt all the data stored using the user’s passcode. by using the feature available on your smartphone or consider using a reputable data encryption app.You may protect yourself for when

you lose a mobile

device

by using the “remote wipe” feature, which can work via a Microsoft Exchange serverbut the benefit of “remote wipe” feature is debatable24Slide25

How an App can Exploit the Security Model

An example with Android:

t

he user installs a third-party app P from the

Android marketP does not demand (to require) “Internet” permissions during the installation time, so the user does not suspect P

later P sends a request (called

Intent

) to the standard “browser” app to open an Internet connection on behalf of Pthus P exploits the permission model and can harm the user (e.g. by leaking the user’s sensitive information to outside). Mitigation:Android market or you should have a tool for rigorous vetting of an app before the user install/use itUser should think twice before granting critical permissions during the app installationWe should always upgrade the apps and the system25Slide26

Comparing the Security Model of

Android and iPhone (iOS)

Android allows anybody to develop an app and make it available in the market with minimal vetting process;

On the other hand, Apple claims to rigorously vet a third-party app before it goes into the App Store.

The user grants permissions to an Android app during the installation time (all or none permission policy

) and there is no run-time monitoring

iOS

may ask the user for permission in run-time (and an app can run with partial permission set).26Slide27

Managing the Phone Settings

In the default setting, numerous apps open themselves in an automated fashion on a smart

phone. The user needs to be informed.

As an example, on an Android phone all Google apps (Gmail, Google Plus, etc.) are always ON by default.

The user needs to modify the settings to securely manage the apps: email apps, social network apps, messaging

apps, etc.

27Slide28

Summary

We discussed common security issues of smart phones/tablets.

We presented a few standard countermeasures to mitigate the risks

Remainder

:the next homework is due before the next class (1pm on March 7)

t

he next class will be held in

Room 12828