Time
8 hours 33 minutes
Difficulty
Beginner
CEU/CPE
9

Video Transcription

00:05
So now let's go ahead and discuss mobile device security and how the operating systems and the networks are actually protecting your data on the different devices.
00:17
So at the completion of this module, you should be able to describe how the securities implemented on the four major OS is we're talking about.
00:24
The four of us is were discussing Apple IOS,
00:28
Google Android
00:30
Rim BlackBerry
00:32
and Windows Home.
00:33
Each of them uses some of the same techniques to protect your data, and there's also some unique things that each of them does to protect your data.
00:42
We'll also describe the network access signal and data transmission encryption. So this is when I'm making a call. How is my data being protected? What are the carriers or what is the what is GSM or CD M, a network standard doing to protect the data that I'm sending over the air
01:00
and then understanding network ports, Preinstalled service's and default applications that air common on these
01:07
on these devices?
01:08
When we talk about Apple,
01:11
every apple phone that's released has the same default applications. That's not necessarily true with some of the other manufacturers. When you buy a Google phone, it depends on who makes the phone as to what applications are installed.
01:25
Microsoft. The manufacturers do have the option to pre load some software on the phones. We'll discuss this more as we go in depth on this.
01:34
You'll also be able to discuss application management methods. So when an application is installed, how can I get it removed from the device? And how is the marketplace scanning these files to make sure the information there's no malicious information or software in the application.
01:53
Be familiar with security features of WiFi and why Max.
01:56
How is a WiFi transmission protected? How is information protected over why Max understand built in antivirus and anti malware capabilities?
02:07
I'll tell you now, most of the phones do not have built in anti buyers, and it depends on who you talk thio whether they feel that anti virus is needed on a mobile platform or not. But we'll discuss those
02:19
and then understanding the wireless access security model for Apple, Macintosh, OS X, Microsoft Windows and Limits.
02:28
So overview mobile devices are quickly becoming the communication choice, for
02:34
this has millions of users.
02:37
I would say in the US alone it's millions of users if I get an email the first place, I'm probably going to see that email unless I'm sitting in front of my computer, is on my mobile device. My mobile device gets my personal email, I guess my work email
02:53
it gets any other email account that gets my Facebook updates. It gets any Twitter
02:58
feeds that I'm registered to have signed up for.
03:02
It all comes into my phone, and then after I look on my phone, I decide. Well, this is an email that I really want to type with. My virtual keyboard or die is gonna be a longer email that I want to use a physical keyboard and if the longer email, then I'll go to the laptop. Otherwise,
03:20
most of the work I do throughout the day can probably be done from my mobile device.
03:27
Voice email data. Personal versus business
03:30
Does your company allow you to use your personal phone
03:34
toe? Also, look at work email.
03:36
If so, how does your company make sure that the work email on your phone is one protected and to convey wiped without wiping your personal phone
03:46
with certain applications? It's possible, and we'll discuss those as we go forward.
03:52
The challenge is understanding how the device can be effectively secured to prevent unauthorized access and use
04:00
criminals. Hackers
04:02
Somebody wanted to see what pictures you have in your phone.
04:06
They have an incentive to try to get the information off your phone.
04:11
There's a lot of people that would like to get your information from the phone. You might not think the information on your phone is important, but if you do any type of banking, if you do any type of shopping on your phone,
04:21
there's probably credit card information on your phone.
04:25
And they would love to get your credit card information just to make charges against your money instead of having to use their own money. So they are targeting
04:33
users
04:35
as government employees or those of you who are government employees or have their corporate email on the phone. You also
04:43
will be targeted for your business.
04:46
Um, e mail.
04:47
They want other companies want to know what your business your company's doing. If you have a rival in whatever field you're in,
04:56
maybe you're the rival wants the information from your phone.
05:00
I know of one corporation, 30,000 employees out of San Diego. I was talking one of their security guys. They lose five laptops
05:10
a week
05:11
and mobile devices. Also,
05:14
If they do not or did not have the ability to remote, wipe them or remote track them, they would have no idea who would be able to see that information. Who recovered the device, was it? Espionage wasn't just lost.
05:27
The only way to know is to be ableto have applications or capabilities to get rid of the data on that device before
05:36
a year down the road, you're competitive comes out with something that you are working on in secret,
05:42
and there's also social engineering.
05:44
We
05:46
I'll include myself in it,
05:47
are probably the weakest link of this security model.
05:51
We get a cool email click on this to see a video of
05:57
the latest Big Bang theory.
06:00
I love the big being bank there. It's my favorite show on TV. Probably click on the link if it looks like somebody I know.
06:06
But
06:08
the bad guys know this.
06:10
They are baiting you with something that looks tempting, and if you go ahead and go after it, suddenly they have access to your personal information.
06:23
So while the mobile device level security features of very somewhat. Some things they do the same, some things they do differently.
06:30
It is a multilayered function involving both the user, the vendor and the cellular provider.
06:36
This chart there was there was a poll by cell phones DOT or GE, who's responsible for smartphone security And this poll. The poll results actually surprised me.
06:47
55% of the people that were pulled and I I don't know how many people were pulled was it were 10 people on the street pole. Was there 100 was there 1000 people? I don't know. The polling numbers are the polling methodology that was used. But 55% of the people feel the individual themselves
07:05
is responsible for protecting the information on their device
07:10
eyes. A security person would agree it ultimately comes down to the individual.
07:16
I shouldn't install stuff that I don't know what's gonna happen on my phone, but I'm also in the security field, and my thought is that's why I think that way.
07:26
I don't think my mother believes that it's up to the individual to protect the data on her phone.
07:31
She gets the device from Verizon
07:34
so Verizon should make darn well sure that the information that is on her phone is protected.
07:42
She hasn't HTC phone HCC should be the one protecting it.
07:46
So when I saw the results of this, I was a little shocked that this many people came to the conclusion that the individual is responsible for the data on their phone.
07:57
I don't disagree at all.
08:00
I hope the numbers would increase as time goes on because as this number increases,
08:05
andMe or individuals feel that they're responsible for protecting the data on the phone, we might see users start protecting that information and not just treating the phone as a phone and start treating it as a computer rather than just a mobile device.
08:24
So how exactly do they secure the information on the device?
08:28
One of the first things they all four of these operating systems D'oh
08:33
is they run a virtual machine to separate the Colonel
08:37
from the rest of the data on the phone.
08:41
All smartphones, or at least all of the smartphones were discussing this part of this class. Use a virtual machine that separates the Colonel and the platform OS from third party applications.
08:52
We don't want the third party applications running in the same area as the system colonel. We want the system kernel to remain pristine and separate over here and the applications to be a SW far away from them as possible, because the greater the divide between them,
09:07
the less chance a rogue application can make a change to the system. Colonel
09:13
that could
09:13
that could effects not the right word, but bypassed the security of the caramel
09:20
Veum wear announced back in 2009. BM Where m v p,
09:26
it's ah, it's supposed to be a layer of software that interfaces between the mobile device and the operating system.
09:35
Basically, what it's supposed allow you to do is
09:37
I have my personal phone. I load the M where the M V P on it,
09:43
and then my work stuff is run within the M V P virtual machine.
09:50
So if I leave the company
09:52
or if I lose the phone, the company congest wipe the VM wear portion of the phone and not have to wipe my personal phone. So my email, my contacts, my personal information remains distinctly separate
10:09
from the information that's inside the V M, where M V P.
10:13
And this works
10:15
almost exactly like a V M. Where. Session on a computer. It's an entirely different operating system. When I click on the VM wear icon, it pops up an entirely different home screen, and those acts are run just within that V M.
10:31
Now there's some issues with this. For one, it hasn't been released yet. It's still in The development to Apple is very protective of their software.
10:41
So currently, Android is the only device that this works on.
10:46
The Android operating system is the only one who works on
10:50
and then, furthermore, with Android when when Google comes out with a new version of the operating system,
10:58
it doesn't just get released to the wild. First gets released a phone manufacturers and the phone manufacturers go. Do I want to release this version for the phone?
11:07
Yes or no?
11:09
If yes, then they have to do customization to it because every single manufacturer customizes the OS at least a little bit. Custom maps, custom overlays. HTC Sense is one of the custom overlays that is used,
11:24
so they have to make some adjustments to what Google just released to make it ready for the actual phone model. Then it has to go to the carrier, and the carrier has two new testing, and they have to sign off, and they might add additional APS to the phone.
11:41
So Google releases I. C s ice cream sandwich
11:46
late last year. Late in 2011
11:50
very few devices have been updated ice cream sandwich. At this point, developers, phone developers, manufactures have come out and said, Yes, we are going to release
12:01
I. C. S for these make and model of tablets and phones,
12:05
but there's very few that have actually been updated this point. We might see updates still going on in the summer for an operating system that came out last year.
12:15
The thought is the next version of Android Jelly. Bean will come out sometime this summer this fall, so manufacturers are almost a whole release behind by that point.
12:26
Plus, older models might not be able to run the M V peace. You have to make sure the company has to make sure that the personal advice will actually run. The virtual is virtual ization software,
12:41
so this is the different
12:46
V, EMS and colonels for android blackberry, Symbian iPhone memo. Lennox, this was a nice graph we found. This does not include how Microsoft is actually
13:00
segregating them, and we'll talk about that when we get to the Microsoft specific section. But as you can see for each of these,
13:07
the colonel is the little box or rectangle at the bottom. So we have limits. Colonel Proprietary BlackBerry operating system, Symbian operating system.
13:16
Um, iPhone Use mock BSD, colonel. And then memo, which is Nokia uses May Mullinix,
13:24
but it's all separated from
13:28
the VM portion.
13:30
So you have the colonel, and then you have usually a job of virtual machine.
13:35
Apple doesn't like Java doesn't like flash. They don't use a Java virtual machine. They built a custom virtual environment called Coco.

Up Next