Study into the Implications of Smartphone Operating System Security

Recommendations

Info

Study into the implications of Smartphone operating system security ago they still offer a fair representation on current threats and risks. They are represented in the following table, table 6.1. Table 6.1: ENISA Top Ten Smartphone Security Risks No. Title Risk Description 1 Data leakage resulting from device loss or theft High The Smartphone is stolen or lost and its memory or removable media are unprotected, allowing an attacker access to the data stored on it. 2 Unintentional disclosure of data High The Smartphone user unintentionally discloses data on 3 Attacks on decommissioned Smartphones the Smartphone. High The Smartphone is decommissioned improperly allowing an attacker access to the data on the device. 4 Phishing attacks Medium An attacker collects user credentials (such as passwords and credit card numbers) by means of fake apps or (SMS, email) messages that seem genuine. 5 Spyware attacks Medium The Smarphone has spyware installed, allowing an attacker to acces or onfer personal data. 6 Network Spoofing Attacks Medium An attacker deploys a rogue network access point (WiFi or GSM) and users connect to it. 7 Surveillance attacks Medium An attacker keeps a specific user under surveillance through the target user’s Smartphone. 8 Diallerware attacks Medium An attacker steals money from the user by means of malware that makes hidden use of premium rate SMS services or numbers 9 Financial malware Medium The Smartphone is infected with malware specifically designed for stealing credit card numbers, online banking credentials or subverting online banking or ecommerce transactions 10 Network congestion Low Network resource overload due to Smartphone usage leading to network unavailability for the enduser ENISA’s advice and support is technology focused and offers support for Smartphone security currently with a number of activities including: Source: ENISA Goode Intelligence © 2013 P a g e | 101 www.goodeintelligence.com
Study into the implications of Smartphone operating system security 1. Secure app development 2. App store security Secure app development ENISA has drafted, together with the Open Web Application Security Project (OWASP) mobile security project, security guideline for app developers 96 . Written in 2011, the guidelines have been written for developers of Smartphone apps as a guide to developing secure mobile apps. It offers practical advice on securing mobile apps with ten control mechanisms: 1. Identify and protect sensitive data on the mobile device. 2. Handle password credentials securely on the device. 3. Ensure sensitive data is protected in transit. 4. Implement user authentication and authorisation (including session management). 5. Securing backend APIs (services) and the platform (server) secure. 6. Secure data integration with third party services and applications. 7. Pay specific attention to the collection and storage of consent for collection and use of user’s data. 8. Implement controls to prevent unauthorised access to paid-for resources (wallet, SMS, phone calls etc.). 9. Ensure the secure distribution and provisioning of mobile apps. 10. Checking for runtime interpretation of code for errors. App store security – Mobile malware ENISA offers advice against the threat of mobile malware in a report published in September 2011 entitled “Appstore security – 5 lines of defence against malware”. 97 In the report ENISA identifies these five lines of defence against mobile malware: 1. App review: App stores should review apps before admitting them to the app store. 2. Reputation mechanism: App stores should show the reputation of apps and app developers. 3. App revocation (aka kill-switch): Smartphone platforms should support remote removal of installed apps by app stores. 4. Device security: Includes supporting sandboxes to install and run apps “to reduce the impact of malware”. 96 Smartphone Secure Development Guidelines, ENISA, 25 November 2011: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-applications/smartphone-security- 1/smartphone-secure-development-guidelines 97 Appstore security – 5 lines of defence against malware, ENISA, 12 September 2011: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-applications/smartphone-security- 1/appstore-security-5-lines-of-defence-against-malware Goode Intelligence © 2013 P a g e | 102 www.goodeintelligence.com
Page 1 and 2:
www.goodeintelligence.com £ Study
Page 3 and 4:
Study into the implications of Smar
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52: Study into the implications of Smar
Page 101: Study into the implications of Smar
show all

Study into the Implications of Smartphone Operating System Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?