How to execute effective food safety control mechanism - hkbu public adminstration,hkbu/cass_2011
Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017...
Transcript of Beware of Hacking in Your Mobile - HKBU › isweek2017 › doc › seminar › 2017... · 4/25/2017...
April 25, 2017
Beware of Hacking in Your MobileHKBU IS Awareness Seminars
Stephen Chan CGEIT, PMP, CISSP, ISO27001 Lead Auditor
Note to audience:
The information in this document is strictly for educational purpose
within HKBU, and shall not be further distributed or duplicated
without due permission.
Agenda
• Using mobile
• Hacking mobile
• Protecting mobile
• Protecting yourself
USING MOBILE
This is the age of mobile-obsession..
Hey, how often do you use your mobile
• We’re obsessed with our phones, a new study has found. The heaviest smartphone users click, tap or swipe on their phone 5,427 times a day
• The rest of us still touch the addictive things 2,617 times a day on average. No small number.
Do you panic..
Even worse here
Bad..
We craved for mobile
• Sudden change in behavior
• Mood swings; irritable and grumpy and then suddenly happy and bright
• Withdrawal from family members
• Careless about personal grooming
• Loss of interest in hobbies, sports and other favorite activities
• Changed sleeping pattern; up at night and sleeping during the day
• Red or glassy eyes
• Sniffy or runny nose
All the above are:
Data in mobile – who & what?
Browser histories, records of items purchased,
movies watched, and info created by mobile
apps…
Phone misuse
• Mobile Phone misuse in public places creates social problems like
1. In attention blindness: overload – both physical and mental2. Caller Hegemony: asymmetric relationship between the caller and answerer3. Cognitive load4. Accidents
Phone OS
The World
Blurred distinction between human selves and digital selves
Connectivity is Destiny
HACKING MOBILE
A simple App can expose your entire phone
Security features must be kept ON
• To install malicious app, hackers turn OFF security scanning features
The App NOT from authorized app store
Hack an iPhone
“Doesn’t matter how secure the operating system is there is always flaws yon can get around with don’t even have to be a hacker always carefully protect you phone”
One-stop-shop for Cyber Crime
Specialized for both criminals as well as the victims:
- criminal upload stolen data which contains user credentials, credit data, stolen identities and any other kind of cyber-loot
- victims pay for the removal of those stolen data from the Dark Net, where any cyber criminal can buy the stolen data
Business model is quite simple as well as very user-friendly
Symptoms
• Unexpected / strange charges on statements
• Unexpected / unusual data usage
• Rapid battery drain
• Somebody has used your phone (physical access)
• Anti-virus stopped / security switch disabled
PROTECTING YOUR MOBILE
Very simple – Don’t be stupid
• Disabling the lock feature on the phone
• Keeping secrets in phone – plain-text, plain-sight
• Opening an application from an unsecured/unknown source
• Using the phone to access dangerous/risky sites
• Leaving the device open to access
Storing Sensitive data as Plain-text??
• Password is hard to remember
• A lot of them for all the online accounts – shopping, social networking, emails…
• No matter what, don’t store them plain-text in the phone!
Damage of phonebeing hacked Multiplies
through your Online Accounts
Even “legitimate” apps see your data
• Tons of legitimate apps that access contact information:
– Your social network apps
– Your shopping apps
– Utilities, personal productivities
– Emails
– Health and home kits
– Map and driving assistance
• Your data is being used by all these apps on your phone
Don’t root / jailbreak / use untrusted app
• Jailbreaking: The process of bypassing restrictions on iPhones and iPads to install other apps and tweaks not approved by Apple.
• Rooting: A process similar to jailbreaking for hacking Android devices, game consoles, and so on.
• App Store / Google Play / Windows Store
Keep update – it is about hygiene
• There are many critical security fixes that get pushed through these OS and app updates
• If ignored, we leave ourselves to attacks
• They won’t say it over the release notes
Wi-Fi
• Man-in-the-middle attack is a situation in which a malicious eavesdropper (the “man in the middle”) is able to read (or write) data that is being transmitted between you and the website you’re browsing.
Fake Wi-Fi captures your…
• Capture the webpages you are visiting
• Login Credentials
• Hijacking accounts
Wi-Fi
• Do not use Wi-Fi connections that aren’t yours
• Insist to use HTTPS
• Delete Wi-Fi networks from your devices that aren’t yours
A phone is different from a computer by
usage behaviour.. more easily phished
• At their computers, users are:
– Sitting at a desk
– Frequently in an office environment
– Often working
– Sometimes randomly surfing the web
– Often creating content
– Focused on the computer, not so much on their environment
• On a mobile device, however, users tend to be:
– Sitting on the couch at home
– Walking around, inside or outside
– Queuing for something
– Waiting for a bus, train, or plane, or travelling
– Looking for a specific piece of information
– Mostly consuming content
– Easily distracted by their environment
Beware of Phishing
Phishing email on Desktop
Source: berkeley.edu
www.i_am_actually_a_malicious_website.com
On desktop, you can move your mouse over suspicious links and
have a look
Phishing on mobile
1 新一批WhatsApp Emoji又準備推出啦,想知道更多同埋搶先使用?立即點擊以下連結登記試用啦!https://goo.gl/8ABCDEF
3 花1分鐘完成問卷,立即獲得Starbcuks $50現金禮券。https://goo.gl/8ABCDE8
On a mobile, you can just click or not click
Don’t get phished
• Control your fingers
Recap
• Sensitive data in phone / accessible by phone
• Apps
• Devices
• Update
• Wi-Fi
• Your fingers
• Backup
PROTECTING YOUR VERY SELF
Mobile is fixated into our psyche
1. I am my phone?
2. Personas and digital identities
3. Segregate your digital universe
4. Be truthful
5. Turn off your phone and return onto Earth
Thank You