SlideShare une entreprise Scribd logo

Praetorian Veracode Webinar - Mobile Privacy

Tyler Shields
Tyler Shields
Technologie
1  sur  25
OWASP Mobile Top 10 List 1. Insecure or unnecessary client-side data storage 2. Lack of data protection in transit 3. Personal data leakage 4. Failure to protect resources with strong authentication 5. Failure to implement least privilege authorization policy 6. Client-side injection 7. Client-side DOS 8. Malicious third-party code 9. Client-side buffer overflow 10. Failure to apply server-side controls
• • • • • •
Static Analysis  Analysis of software performed without actually executing the program  Full coverage of the entire source or binary  In theory, having full application knowledge can reveal a wider range of bugs and vulnerabilities than the “trial and error” of dynamic analysis  Impossible to identify vulnerabilities based on system configuration that exist only in the deployment environment
Entire contents © 2011 Praetorian. All rights reserved. | Information Security Provider and Research Center | www.praetorian.com
Pervasive Permissions: Where They Come From & Why Users Accept Them Ryan W Smith Senior Security Researcher 11 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Android’s Open App Model • Low barrier to entry • Apps hosted and installed from anywhere • All apps are created equal • No distinction between core apps and 3rd party apps • Accept apps based on: 1. Trust of the source 2. Permissions requested 12 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Examples of Android Malware SMS Trojan – SMS based propagation – Link to site hosting rogue app for “free movie player” – Sends 2 Premium SMS messages to a Kazakhstan number (about $5 per message) Gemeni – Repackaged apps in Chinese market – Sex positions and MonkeyJump2 are known examples – Bot-like capabilities, with unknown impact or purpose Droid Dream – Approx. 50 Malicious apps in official market – Contained several sensitive exhilaration capabilities 13 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Praetorian’s Mobile Analyst Project (MAP) Phase 1: Scalable Tailored App Analysis Framework (STAAF) Goal: To aide an analyst’s investigation of a large number of applications Current Capabilities:  Extract permissions and other attributes  Analyze the application’s code using several methods  Gather high level trends, patterns, and statistics from extracted data 14 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Initial Results :: Permissions Requests 53,000 Applications Analyzed  Android Market: ~48,000  3rd Party Markets: ~5,000 Permissions Requested  Average: 3  Most Requested: 117 Top “Interesting” Permissions  GPS information: 24% (11,929)  Read Contacts: 8% (3,626)  Send SMS: 4% (1,693)  Receive SMS: 3% (1262)  Record Audio: 2% (1100)  Read SMS: 2% (832)  Process Outgoing Calls: 1% (323)  Use Credentials : 0.5% (248) 15 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Who Wants to Know? Ad/Marketing Networks Social Gaming Networks 16 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Initial Results :: Shared Libraries 52,000 Applications Analyzed  Android Market: ~48,000  3rd Party Markets: ~5,000 Third Party Libraries  Total Third Party Libraries: ~83,000  Top Shared Libraries  com.admob 38% (18,426 apps )  org.apache 8% ( 3,684 apps )  com.google.android 6% ( 2,838 apps )  com.google.ads 6% ( 2,779 apps )  com.flurry 6% ( 2,762 apps )  com.mobclix 4% ( 2,055 apps )  com.millennialmedia 4% ( 1,758 apps)  com.facebook 4% ( 1,707 apps) 17 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Do You User, Take Thee Permissions?  YOUR PERSONAL INFORMATION  READ CONTACT DATA  NETWORK COMMUNICATION  FULL INTERNET ACCESS  NETWORK COMMUNICATION  VIEW NETWORK STATE  SYSTEM TOOLS  PREVENT DEVICE FROM SLEEPING  PHONE CALLS  READ PHONE STATE AND IDENTITY  HARDWARE CONTROLS  CONTROL VIBRATOR  SERVICES THAT COST YOU MONEY  SEND SMS MESSAGES 18 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
What Really Happens? “Given a choice between dancing pigs and security, users will pick dancing pigs every time.” - Bruce Schneier 19 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Numbers Can Be Deceiving zsones & Droid Dream SMS Replicator Fake Security Tool Gemeni SMS Trojan 20 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
If You See Something, Say Something! Recommendations going forward 1. Carefully review the app, the permissions requested, the author, and be judicious 2. Support third party initiatives to monitor app markets proactively 3. Run security monitoring applications on your Android device 4. Visit Praetorian.com for more information on mobile security services 21 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Whitelisting • Conduct static analysis of candidate applications • Create a whitelist • Use an unbiased 3rd party • Enforcement via mobile policy
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy

Recommandé

IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
News Bytes - December 2012
News Bytes - December 2012News Bytes - December 2012
News Bytes - December 2012n|u - The Open Security Community
 
Botnet
BotnetBotnet
Botnetlokenra
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
Report of android hacking
Report of android hackingReport of android hacking
Report of android hackingdiv2345
 
Computer security
Computer securityComputer security
Computer securityDhani Ahmad
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Cscu module 04 data encryption
Cscu module 04 data encryptionCscu module 04 data encryption
Cscu module 04 data encryptionAlireza Ghahrood
 

Recommandé

IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
News Bytes - December 2012
News Bytes - December 2012News Bytes - December 2012
News Bytes - December 2012n|u - The Open Security Community
 
Botnet
BotnetBotnet
Botnetlokenra
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
Report of android hacking
Report of android hackingReport of android hacking
Report of android hackingdiv2345
 
Computer security
Computer securityComputer security
Computer securityDhani Ahmad
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Cscu module 04 data encryption
Cscu module 04 data encryptionCscu module 04 data encryption
Cscu module 04 data encryptionAlireza Ghahrood
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiYury Chemerkin
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesChristian Spolaore
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defenseDATA SECURITY SOLUTIONS
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksGraeme Wood
 
Cscu module 07 securing network connections
Cscu module 07 securing network connectionsCscu module 07 securing network connections
Cscu module 07 securing network connectionsAlireza Ghahrood
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Covert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakageCovert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakageLeMeniz Infotech
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of securitySejahtera Affif
 
P01761113118
P01761113118P01761113118
P01761113118IOSR Journals
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”iosrjce
 
Green Security
Green SecurityGreen Security
Green SecurityShahar Geiger Maor
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2Gaurav Srivastav
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Securitysumit saurav
 
Anonymizers
AnonymizersAnonymizers
AnonymizersGregory Hanis
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Netpluz Asia Pte Ltd
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...Tyler Shields
 

Contenu connexe

Tendances

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiYury Chemerkin
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesChristian Spolaore
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksGraeme Wood
 
Cscu module 07 securing network connections
Cscu module 07 securing network connectionsCscu module 07 securing network connections
Cscu module 07 securing network connectionsAlireza Ghahrood
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Covert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakageCovert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakageLeMeniz Infotech
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of securitySejahtera Affif
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”iosrjce
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2Gaurav Srivastav
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Securitysumit saurav
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Netpluz Asia Pte Ltd
 

Tendances (20)

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issues
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacks
 
Cscu module 07 securing network connections
Cscu module 07 securing network connectionsCscu module 07 securing network connections
Cscu module 07 securing network connections
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Covert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakageCovert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakage
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
 
P01761113118
P01761113118P01761113118
P01761113118
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
 
Green Security
Green SecurityGreen Security
Green Security
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Security
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™
 

En vedette

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...Tyler Shields
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora PitfallTyler Shields
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile DeviceTyler Shields
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Tyler Shields
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
 
Del Garabateo A La Escritura Convencional
Del Garabateo A La Escritura ConvencionalDel Garabateo A La Escritura Convencional
Del Garabateo A La Escritura Convencionalguest57e31527
 

En vedette (7)

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile Device
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social Media
 
Del Garabateo A La Escritura Convencional
Del Garabateo A La Escritura ConvencionalDel Garabateo A La Escritura Convencional
Del Garabateo A La Escritura Convencional
 

Similaire à Praetorian Veracode Webinar - Mobile Privacy

Udi and juniper networks BYOD
Udi and juniper networks BYODUdi and juniper networks BYOD
Udi and juniper networks BYODstefriche0199
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...Praetorian
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint LLC
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Tripwire
 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?lorzinian
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Mark Evertz
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
 
Junos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite LaunchJunos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite LaunchJuniper Networks
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsVenkata Sreeram
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 

Similaire à Praetorian Veracode Webinar - Mobile Privacy (20)

CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Udi and juniper networks BYOD
Udi and juniper networks BYODUdi and juniper networks BYOD
Udi and juniper networks BYOD
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 
Junos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite LaunchJunos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite Launch
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation tools
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
 

Plus de Tyler Shields

Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsTyler Shields
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointTyler Shields
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxTyler Shields
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesTyler Shields
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesTyler Shields
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application BackdoorsTyler Shields
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareTyler Shields
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers ViewTyler Shields
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityTyler Shields
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More ProblemsTyler Shields
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyTyler Shields
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerTyler Shields
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksTyler Shields
 
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareTyler Shields
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTyler Shields
 
GovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The BerriesGovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The BerriesTyler Shields
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRTyler Shields
 
CarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingCarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingTyler Shields
 
CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101Tyler Shields
 

Plus de Tyler Shields (20)

Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part Deux
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the Berries
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the Berries
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application Backdoors
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers View
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More Problems
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
 
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
 
GovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The BerriesGovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The Berries
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIR
 
CarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingCarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-Debugging
 
CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101
 

Dernier

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Dernier (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Praetorian Veracode Webinar - Mobile Privacy

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. OWASP Mobile Top 10 List 1. Insecure or unnecessary client-side data storage 2. Lack of data protection in transit 3. Personal data leakage 4. Failure to protect resources with strong authentication 5. Failure to implement least privilege authorization policy 6. Client-side injection 7. Client-side DOS 8. Malicious third-party code 9. Client-side buffer overflow 10. Failure to apply server-side controls
  • 7. • • • • •
  • 8.
  • 9. Static Analysis  Analysis of software performed without actually executing the program  Full coverage of the entire source or binary  In theory, having full application knowledge can reveal a wider range of bugs and vulnerabilities than the “trial and error” of dynamic analysis  Impossible to identify vulnerabilities based on system configuration that exist only in the deployment environment
  • 10. Entire contents © 2011 Praetorian. All rights reserved. | Information Security Provider and Research Center | www.praetorian.com
  • 11. Pervasive Permissions: Where They Come From & Why Users Accept Them Ryan W Smith Senior Security Researcher 11 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 12. Android’s Open App Model • Low barrier to entry • Apps hosted and installed from anywhere • All apps are created equal • No distinction between core apps and 3rd party apps • Accept apps based on: 1. Trust of the source 2. Permissions requested 12 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 13. Examples of Android Malware SMS Trojan – SMS based propagation – Link to site hosting rogue app for “free movie player” – Sends 2 Premium SMS messages to a Kazakhstan number (about $5 per message) Gemeni – Repackaged apps in Chinese market – Sex positions and MonkeyJump2 are known examples – Bot-like capabilities, with unknown impact or purpose Droid Dream – Approx. 50 Malicious apps in official market – Contained several sensitive exhilaration capabilities 13 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 14. Praetorian’s Mobile Analyst Project (MAP) Phase 1: Scalable Tailored App Analysis Framework (STAAF) Goal: To aide an analyst’s investigation of a large number of applications Current Capabilities:  Extract permissions and other attributes  Analyze the application’s code using several methods  Gather high level trends, patterns, and statistics from extracted data 14 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 15. Initial Results :: Permissions Requests 53,000 Applications Analyzed  Android Market: ~48,000  3rd Party Markets: ~5,000 Permissions Requested  Average: 3  Most Requested: 117 Top “Interesting” Permissions  GPS information: 24% (11,929)  Read Contacts: 8% (3,626)  Send SMS: 4% (1,693)  Receive SMS: 3% (1262)  Record Audio: 2% (1100)  Read SMS: 2% (832)  Process Outgoing Calls: 1% (323)  Use Credentials : 0.5% (248) 15 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 16. Who Wants to Know? Ad/Marketing Networks Social Gaming Networks 16 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 17. Initial Results :: Shared Libraries 52,000 Applications Analyzed  Android Market: ~48,000  3rd Party Markets: ~5,000 Third Party Libraries  Total Third Party Libraries: ~83,000  Top Shared Libraries  com.admob 38% (18,426 apps )  org.apache 8% ( 3,684 apps )  com.google.android 6% ( 2,838 apps )  com.google.ads 6% ( 2,779 apps )  com.flurry 6% ( 2,762 apps )  com.mobclix 4% ( 2,055 apps )  com.millennialmedia 4% ( 1,758 apps)  com.facebook 4% ( 1,707 apps) 17 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 18. Do You User, Take Thee Permissions?  YOUR PERSONAL INFORMATION  READ CONTACT DATA  NETWORK COMMUNICATION  FULL INTERNET ACCESS  NETWORK COMMUNICATION  VIEW NETWORK STATE  SYSTEM TOOLS  PREVENT DEVICE FROM SLEEPING  PHONE CALLS  READ PHONE STATE AND IDENTITY  HARDWARE CONTROLS  CONTROL VIBRATOR  SERVICES THAT COST YOU MONEY  SEND SMS MESSAGES 18 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 19. What Really Happens? “Given a choice between dancing pigs and security, users will pick dancing pigs every time.” - Bruce Schneier 19 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 20. Numbers Can Be Deceiving zsones & Droid Dream SMS Replicator Fake Security Tool Gemeni SMS Trojan 20 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 21. If You See Something, Say Something! Recommendations going forward 1. Carefully review the app, the permissions requested, the author, and be judicious 2. Support third party initiatives to monitor app markets proactively 3. Run security monitoring applications on your Android device 4. Visit Praetorian.com for more information on mobile security services 21 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 22.
  • 23. Whitelisting • Conduct static analysis of candidate applications • Create a whitelist • Use an unbiased 3rd party • Enforcement via mobile policy