Phones and the people who exploit them

Transcript

1. Security of Smartphones Benjamin Scott github.com/benjaminxscott

2. Overall Issues • Slow fixes for problems ◦ Carrier dictates

   schedule ◦ Old versions may be left behind • Advertising = $ ◦ Price for "free app" is your information ◦ Lots of sensitive info on location and contacts • Malicious software ◦ Common in unofficial stores ◦ Some in Google Play ◦ Rare in App Store

3. Apple • Verified Platform ◦ All apps are checked by

   Apple ◦ Pricey and high bar to become developer ◦ In-depth examination • Devices ◦ Common hardware platform ◦ Fast distribution of fixes • Applications ◦ Permissions and Sandbox to limit damage

4. Android • Open Platform ◦ Apps approved by their creators

   ◦ Cheap and easy to be developer ◦ Light examination • Devices ◦ Diverse hardware and software platforms ◦ Slow distribution of fixes • Applications ◦ Permissions and Sandbox to limit damage ◦ Small updates possible without App store

5. General Best Practices 1. Use a Screen Lock a. Password

   is best, pattern is OK 2. Don't root your phone a. Opens security holes 3. Pay attention to app permissions a. Access to Location and Contacts especially AppWatchdog helps find apps with scary permissions

6. Apple Best Practices 1. Only Connect to Known Wifi a.

   Settings -> Wifi -> "Ask to Join Network" 2. Set a Passcode to enable encryption a. Settings -> General -> Passcode Lock 3. Delete Personal Data when donating a. Settings -> Reset -> Erase All Content and Settings

7. Android Best Practices 1. Turn Off USB Debugging a. Settings

   -> Developer Options -> USB debugging 2. Encrypt your data a. Personal > Security > Encryption > Encrypt phone 3. Only install known good apps a. Search for app's name online