Download - CSCU Module 13 Securing Mobile Devices.pdf
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
1/50
1 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Securing Mobile Devices
Simplifying Security.
Module 13
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
2/50
2 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Mobile security is the new malware battlefield as attackers take advantage
of users who don’t think their smartphones can get compromised.
Cyber‐attackers are gunning for Google’s Android as they take advantage of
a user base that is “unaware, disinterested or uneducated” in mobile
security, according to a recent research report.
Malware
developers
are
increasingly
focusing
on
mobile
devices,
and
Android malware has surged 400 percent since summer 2010, according to
the Malicious Mobile Threats Report 2010/2011 released May 11. The
increase in malware is a result of users not being concerned about security,
large number of downloads from unknown sources and the lack of mobile
security software, according to the Juniper Networks Global Threat Center,
which compiled the report.
“That’s where the momentum is for 2011,” said Dan Hoffman, Juniper’s chief mobile security evangelist. It’s important to remember that mobile
malware still accounts for less than 1 percent of all malware detected
globally.
Android Malware Jumps 400 Percent as All
Mobile
Threats
Rise
http://www.eweek.com
May 16, 2011
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
3/50
3 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
(Reuters) ‐ Hackers are increasingly aiming attacks at smartphones, touching off a race
among software
giants,
startups
and
telecom
operators
seeking
to
cash
in
on
ways
to
help
consumers protect themselves.
As the previously fragmented smartphone market coalesces around big operating systems
like Apple's iPhone and Google's Android, it has become a more attractive target for
hackers seeking to maximize damage with one hit.
That's creating a big business opportunity for everyone from traditional antivirus players
like Intel's
McAfee
to
mobile
operators
like
France
Telecom
and
handset
makers
like
Nokia.
Market research firm Infonetics forecasts sales of mobile security software will grow 50
percent a year through 2014 to hit $2 billion.
Mobile Hacking Sets Off Security
Gold Rush
http://www.reuters.com
Wed May
18,
2011
10:33am
EDT
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
4/50
4 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Objectives
Mobile Device Security
Mobile Phone Services
Mobile Device Security Risks
Mobile Malware
Threats to Bluetooth Devices
Mobile Security
Procedures
Mobile Phone Anti‐Virus Tools
Secure Bluetooth Connectivity
Securing iPhone
and
iPad
Securing Blackberry and
Windows Phone 7 Mobiles
Mobile Security Tools
Mobile Phone Security Checklists
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
5/50
5 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Introduction
to Mobile
Security
Mobile
Security
Threats
Mobile
Security
Tools
Securing
iPhone,
and iPad
Mobile
Security
Procedures
Securing
BlackBerry
and Windows
Phone 7
Mobiles
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
6/50
6 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Nokia
Samsung
LG Electronics
Apple
Sony Ericson
Motorola
ZTE
HTC
Huawei
Others
461,318.2
281,065.8
114,154.6
46,598.3
41,819.2
38,553.7
28,768.7
24,688.4
23,814.7
488,569.3
http://www.gartner.com
Mobile Device Security
Worldwide Mobile Device
Sales to End Users in 2011
• The rate of mobile device
adoption and sophistication
is increasing rapidly
• Mobile devices such as smartphones, PDAs, and
laptops facilitate seamless
communication and
information storage and have
been an incalculable
productivity
boon
for
today's
enterprises
• Mobile devices offer
flexibility and convenience,
while at the same time
mobility presents significant
security challenges for IT
security administrators
and
other users
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
7/50
7 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Other OSMicrosoft
Worldwide Smartphone Sales to End Users by
Operating System in 2011 Market Shares
Symbian
37.6%
15.7%
Android
iOS
22.7%
3.8%4.2%
111,576.7
67,224.5
46,598.3
12,378.2
11417.4
A smartphone is a mobile phone that has an
identifiable operating
system
and
offers
more
advanced computing ability and connectivity
than a contemporary feature phone
http://www.gartner.com
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
8/50
8 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Mobile Phone Services
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
9/50
9 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
International
Mobile Equipment
Identity (IMEI) is a
number unique
to
every mobile
phone
IMEI is a 15 digit
number and is
usually found
printed inside the
battery
compartment of the
phone
It can
also
be
displayed on
phone’s screen
by entering
*#06#
It is
used
to
deactivate the
phone if it is
stolen or lost
IMEI Number
Note: The *#06# does not work for all mobile phones
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
10/50
10 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module FlowIntroduction
to Mobile
Security
Mobile
Security
Threats
Mobile
Security
Tools
Securing
iPhone
and iPad
Securing
BlackBerry
and Windows
Phone 7
Mobiles
Mobile
Security
Procedures
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
11/50
11 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Mobile Device Security Risks
With the enormous growth in the usage of mobile devices, various new
risks and threats have made their way into the mobile platform
Mobile
Malware
Application
Vulnerabilities
Lost or
Stolen
Devices
Unauthorized
Access
Security
Risks
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
12/50
12Copyright
©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Mobile MalwareMobile malware comes through emails, IMs, Bluetooth, memory cards, and Wi‐Fi
Malware may spread when rogue software is installed
An infected PC can infect a mobile phone via IR and Bluetooth
Mobile malware
can capture
emails, text, and
multimedia
messages
Mobile malware
may allow an
attacker to silently
turn the phone on
and listen to the
conversation
Mobile malware can
make the phone
work slowly, crash
the phone, and wipe
out contacts and
other information on
the phone
Mobile malware
can monitor and
record all the
actions on a
mobile phone
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
13/50
13Copyright
©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Mobile Application Vulnerabilities
1. Symbian
2. Windows Phone 7
3. Windows Mobile
4. Pocket PC
5. iOS
6. RIM7. Android
1. Web browser
2. Mobile banking
application
3. Mobile gaming
The latest mobile devices provide openness platform functionality. This gives the user
the flexibility to operate and program any type of mobile applications that are
supported by and compatible with their smart phones.
Openness also leads to unrestricted access to mobile resources and applications
Vulnerabilities in applications can be used by attackers to access the device
Mobile Operating
Systems Applications
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
14/50
14Copyright
©
by
EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Threats to Bluetooth DevicesBluetooth
is
an
open
standard
wireless technology
for
exchanging
data
over
short
‐range
radio
frequencies from fixed to mobile devices by creating Wireless Personal Area Networks (WPANs)
Bluejacking refers to anonymously
sending an electronic business card
or photo to another Bluetooth user
Bluejacking
A Bluesnarfing attack is launched using
the Bluejacking technique
It allows an attacker to access the address
book, contact information, email, and text
messages on another user's mobile phone
Bluesnarfing
Bluesniping uses a highly directional
antenna and
laptop
to
establish
connections with Bluetooth‐enabled
devices from more than half a mile away
Bluesniping
War nibbling refers to finding
unsecured or
unpatched
Bluetooth
connections and cruising for open
802.11 networks
War Nibbling
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
15/50
15Copyright
©
by
EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module FlowIntroduction
to Mobile
Security
Mobile
Security
Threats
Mobile
Security
Tools
Securing
iPhone
and iPad
Mobile
Security
Procedures
Securing
BlackBerry
and Windows
Phone 7
Mobiles
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
16/50
16Copyright
©
by
EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Patch mobile platforms and applications
Avoid mobile device theft
Regularly back up important data
Use encryption to secure data in a mobile device
Use power
‐on
authentication
Enable auto‐lock feature
Install only signed applications
Install mobile phone antivirus
Secure Bluetooth connectivity
Mobile Security Procedure
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
17/50
17Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Patching of Mobile Platforms and
ApplicationsAll the mobile platforms and applications should be updated regularly with the patches
released by the vendor
Patching enhances the performance of a mobile device, updates the operating system,
fixes security holes and bugs, etc.
Updating Updated
Download your phone's
update to your mobile
device to install the patch
Back up all
the
data
and
files
on your mobile phone
Install the patch file to your
device
Turn off your mobile for 5 to
10
minutes
before
you
start
using the mobile phone
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
18/50
18Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Avoid Mobile Device TheftMobile phone thefts are increasing day by day and thousands of people lose their mobile handset
every day around the world
Loss of mobile phone results in, loss of important data, contacts, messages, images, and videos stored
in the mobile phone
Avoid lending mobile phone to
strangers
Do not talk while driving
Do not leave the handset in
the vehicle
Never leave
the
phone
unattended
Use PIN codes to lock the
phone
Turn off the ringer
Record the
unique
15
or
17
digit code IMEI number
Don’t walk and text
Pointers to Avoid Mobile Theft
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
19/50
19Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Use anti‐theft software to remotely wipe the data
and make the device unusable
Inform the local police and file First Information
Report (FIR)
Contact
the
service
provider
and
tell
them
to
cancel
the SIM card
Claim the mobile phone insurance to replace the
cost of the handset
What to Do if Your Mobile
is Lost or Stolen?
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
20/50
20Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Use Power-on Authentication
Set Power‐on Authentication
in your phone to ensure
maximum security
and
no
other unauthorized user can
use it
Power‐on Authentication
helps protect valuable
information from
malicious
users who can gain access to
a mobile phone
Use tool WaveSecure to lock
your mobile phone
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
21/50
21Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Most phones today come with suites and applications that allow a user to easily manage
and back up important data
To prevent losing important data such as contact details, calendar entries, messages, etc.,
regularly back up your phone data
A user can use third party tools and services like mobical.net to back up their mobile data
Regularly Back Up Important Data
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
22/50
22Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Use Encryption to Secure Data in
Mobile DeviceEncrypt the data stored in mobile
phones such as telephone numbers,
important messages, voice calls, and
emails to keep them safe from prying
eyes
It ensures that even if the mobile phone
is lost, the data cannot be accessed
once it is encrypted
Mobile phones such as Blackberries can
encrypt data
as
a standard
feature
whereas other mobile phones require
special applications to encrypt data
Encrypting stored files on Blackberry
smartphones:
To encrypt internal files:
Turn on the Content Protection option
(Options Security Options
General Settings)
To encrypt external files:
Turn on Media Card Support (Options
Media Card or Options Memory
Media Card Support)
Set the encryption mode for the
external file system. The BlackBerry
smartphone encrypts files stored on the
media card
Choose whether to encrypt media files
in external
memory
only
on
the
BlackBerry smartphone
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
23/50
23 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Enable Auto-Lock
Feature
Auto‐lock security feature allows only authorized viewing of mobile phone data
An unauthorized user cannot view or even use the phone once the auto‐lock
option is
enabled.
In
most
cases
valid
pin
number
has
to
be
entered
Navigate to your cell phone’s main menu screen
and select the icon labeled Settings
Press the OK or Home button on the keypad to
select the settings menu
Locate the Security option and press OK or
Home to select it
Scroll down and find the Auto Lock feature on
the list of security options
Press the OK or Home button on your keypad to
begin setting the auto lock feature
Choose a PIN number that you will remember to
unlock your device once the auto lock feature has
been saved
Type your four to eight digit PIN code on the
keypad. Press the Save button to save your pin, and
initiate the
auto
lock
feature
Press the End button to return to the main menu
General steps to enable auto‐lock option on mobile phones:
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
24/50
24 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Smart phones today provide open platform functionality and deliver the ability to install,
remove, or update applications multiple times
The openness gives unrestricted access to mobile resources and APIs
Unrestricted access to mobile resources presents challenges and risks and unsigned
applications that
may
likely
increase
the
complexity and security risks
Install Only Signed Applications
Identify
the
files
created
on
the
phone
by
the
application
during
the
installation
Always install the applications on external storage memory cards
Do not download mobile software from any untrusted third party vendors
Ensure the quality and accountability of mobile applications by carefully
investigating the vendor
Always try
to
download
the
applications
from
the
market
place provided
by
the
mobile manufacturer
To reduce the risk of malware and installing unsigned applications,
follow the guidelines:
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
25/50
25 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
http://www.f ‐secure.com
http://us.mcafee.com
Install Mobile Phone AntiVirus
People may unknowingly or knowingly install the
virus (programs or .exe files) through direct or
indirect transferring
Wi‐Fi
enabled
handsets
and
Bluetooth may
let
the malware in if the antivirus is not installed
Once in the system, the virus can alter or delete
all the contact details, or crash or permanently
lock up your mobile phone applications
Antivirus software prevents, detects, and removes malware including viruses, worms, and
trojan horses
Some of the mobile antivirus software include
Norton mobile security, F‐Secure mobile security,
Kaspersky mobile
antivirus,
etc.
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
26/50
26 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Mobile Phone Anti-Virus Tools
ESET Mobile Antivirushttp://www.eset.com
Trend Micro Mobile Security http://us.trendmicro.com
Symantec Antivirus for
Handheldshttp://www.symantec.com
Kaspersky Antivirus Mobilehttp://www.kaspersky.com
BitDefender Mobile Securityhttp://www.bitdefender.com
Avast! PDA Editionhttp://www.avast.com
Avira AntiVir Mobilehttp://www.avira.com
Norton Mobile Securityhttp://us.norton.com
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
27/50
27 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Secure Bluetooth Connectivity
Choose a strong PIN for
connecting the Bluetooth
Use Strong
PIN
Turn off Bluetooth
interfaces when not in use,
and disable
Bluetooth's
discovery featureBasic Bluetooth security
mechanism refers to
identifying whether a device
is in "Visible/Discoverable"
mode or "non‐visible/non‐
discoverable" mode
Bluetooth
Security
Turn OFF
Bluetooth
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
28/50
28 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Introduction
to Mobile
Security
Mobile
Security
Threats
Mobile
Security
Procedures
Mobile
Security
Tools
Securing
iPhone
and iPad
Securing
BlackBerry
and Windows
Phone 7
Mobiles
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
29/50
29 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Enable Passcode Protection
Tap iPhone's Settings app
tap on General
select Passcode Lock
tap Turn Passcode On
Enter a four‐digit
passcode that can be
remembered; re‐enter
it to confirm
Press the power
button to put iPhone
to
sleep
Press it again and
iPhone will ask you to
enter a password to
unlock it
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
30/50
30 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Tap iPhone's Settings app Select
Phone select SIM PIN tap Change
PIN
Enter the
current
password
(if
it
is
for
the first time contact, wait and find
out the default SIM PIN code)
Enter the new password, a four‐digit
passcode that can be remembered
and re
‐enter
it
to
confirm
Enable SIM PIN Protection
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
31/50
31 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Enable Auto-Lock and Re-map Button
Tap iPhone's Settings app tap General tap
Auto‐Lock
Select the amount of idle time you want the
iPhone to wait before it goes to sleep
Tap iPhone's Settings app tap on General
select Home Button
Instead of "Phone Favorites," select either
Home or iPod
Enable Auto‐Lock Re‐map Home Button
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
32/50
32 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
iPad Security
Auto‐Lock Feature in iPad
Set the auto‐lock feature to turn off the display and
prevent unintended operation of your iPad
To set the amount of time before iPad locks, select
General select Auto‐Lock specify the time
Passcode Lock
To set a passcode, select General click Passcode Lock
select Turn Passcode On
Enter a four‐digit passcode enter the passcode again
to verify
iPad then requires
you
to
enter
the
passcode
to
unlock
it
or to display the passcode lock settings
To set how long before your passcode is required, select
General click Passcode Lock enter passcode
Tap Require Passcode and select how long iPad can be
idle before you need to enter a passcode to unlock it.
To turn the passcode off, select General click Passcode
Lock click Turn Passcode Off enter your passcode
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
33/50
33 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Module Flow
Introduction
to Mobile
Security
Mobile
Security
Threats
Mobile
Security
Tools
Securing
iPhone
and iPad
Mobile
Security
Procedures
Securing
BlackBerry
and Windows
Phone 7
Mobiles
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
34/50
34 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
BlackBerry: Setting Device
PasswordOn the Home screen or in a folder, click
Options
Click Security Password
Click Set Password
Type a password
Press the key click Save
To turn
off
the
BlackBerry
device’s
password, clear the Enable check box
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
35/50
35 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
BlackBerry: Changing the
Device PasswordOn the Home screen or in a folder, click the Options icon
Click Security Password Change Password
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
36/50
36 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
BlackBerry: Lock Your
DeviceYou can lock the screen to avoid pressing it
accidentally
To lock your BlackBerry device, do one of the
following: If you have set a device password, then on the Home
screen or in a folder, click the Password Lock icon
To lock the screen, press the key on the top left
area of your device
To unlock your device, type device password press
the Enter
To unlock the screen, press the key again, and if
necessary, type your device password
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
37/50
37 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
BlackBerry: Device Password
Locking the device when inserted in the
holster:
On the Home screen or in a folder, click
Options
Click Security Password select the
Lock Handheld Upon Holstering check box
Press the key click Save
Setting a limit for device password attempts:
On the Home screen or in a folder, click
Options
Click Security Password Change the
Number of Password Attempts field
Press the key click Save
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
38/50
38 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
BlackBerry Password Keeper
Password keeper stores all the passwords in one place
The password keeper is designed to protect your passwords with a password keeper password
When you type this password, the password keeper decrypts your passwords.
You can also use the password keeper to generate random passwords that contain numbers,
letters, and
symbols
Changing the password in the password keeper
1. On the Home screen or in the Applications folder,
click Password Keeper Highlight a password
2. Press the key and click Open
3. Change the
password
information
4. Press the key Save
Add a password to the password keeper
1. On the Home screen or in the Applications folder,
click the Password Keeper icon
2. Press the key
New Type
the
password
information
3. Press the key
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
39/50
39 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Prevent password
copying
On the Home screen or in the Applications
folder, click the Password Keeper icon
Press the key Options
Clear the Allow Clipboard Copy check box
Press the key
Save
Set a limit for password attempts in the password
keeper
On the Home screen or in the Applications
folder, click the Password Keeper icon
Press the key Options
Set the Password Attempts field
Press the key and click Save
Hide passwords in the password keeper
On the Home screen or in the Applications
folder, click the Password Keeper icon
Press the
key
Options
Clear the Show Password check box
Press the key Save
BlackBerry Password Keeper
E ti Data o Yo Bla kBe
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
40/50
40 Copyright © by EC-CouncilAll
Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Encrypting Data on Your BlackBerry
DeviceWhen the user turns ON the encryption option in BlackBerry phone, the phone uses a private
key to encrypt data
A user can encrypt files on the device and on a media card using an encryption key generated
by the device
Turn on encryption
To encrypt data on your BlackBerry device, first set a
password for your device.
1. On the Home screen or in a folder, click Options
2. Click Security Encryption
3. Select the
Encrypt
check
box
to
encrypt
data
on
your
device
in
the Device Memory section
4. Select the Media Card check box to encrypt the media card
files and do one of the following:
a. Change the Mode field to Device Key
b. Change the Mode field to Device Password
c. Change the Mode field to Device Password & Device Key
5. Select the
Include
Media
Files
check box to encrypt media files such as pictures, songs, and videos
6. Press the key Save
Wi d Ph 7 M bil U f
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
41/50
41 Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Windows Phone 7 Mobile: Use of
PIN to Lock SIM CardYou can use a PIN for the SIM (Subscriber Identity Module) card in your phone to prevent
people from making unauthorized phone calls
After turning on SIM security, you will be prompted to enter your SIM PIN each time you start
your phone
On Start,
click/tap
Phone click
More click
Call
Settings
Turn on SIM Security
It prompts you to Enter SIM PIN enter the PIN for your SIM card
by doing one of the following:
If you are setting the PIN for the first time, try typing 1234 tap Enter
If you
have
already
set
a PIN
for
the
SIM
card,
type
your
PIN and
tap
Enter
Steps to turn ON SIM security
Windows Phone 7 Mobile: Changing the
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
42/50
42 Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
1
2
3
4
5
To set up a password for the first time turn ON Password enter a
password in the New password text box reenter it in the Confirm
password text box
If the phone already has a password and you want to change it, tap Change
password enter the phone's current password in the Current password
text box before entering your new password
In Settings,
tap
Lock
&
wallpaper
Tap Done to save your changes
On Start flick left to the App list tap Settings
Windows Phone 7 Mobile: Changing the
Password of the Phone
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
43/50
43 Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Windows Phone 7 Mobile: Changing the
Password of the Phone
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
44/50
44 Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Module Flow
Introduction
to Mobile
Security
Mobile
Security
Threats
Mobile
Security
Tools
Securing
iPhone
and iPad
Mobile
Security
Procedures
Securing
BlackBerry
and Windows
Phone 7 Mobiles
Mobile Security Tools: PhoneBAK
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
45/50
45 Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Mobile Security Tools: PhoneBAK
Anti-theft
http://www.bak2u.com
PhoneBAK protects a PDA phone
from theft and risk of unauthorized
access to sensitive information and,
if stolen, tracks down the thief via
his/her mobile
phone
number
PhoneBAK checks on any
Subscriber Identity Module (SIM)
card inserted into the PDA phone
and if unauthorized, it sends SMS
text alerts to notify the theft and
wipes out
all
video,
photos,
and
documents!
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
46/50
46 Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Mobile Security Tools
Sprite Terminatorhttp://www.spritesoftware.com
Airscanner Mobile Encrypter
http://www.airscanner.com
Mobile Securityhttp://www.f
‐secure.com
Resco Backup for Pocket PChttp://www.resco.net
SecuBoxhttp://www.aikosolutions.com
eWallethttp://www.iliumsoft.com
Kaspersky Mobile Securityhttp://usa.kaspersky.com
WaveSecurehttps://www.wavesecure.com
M d l S
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
47/50
47 Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Module Summary
Mobile phones are becoming the new PCs to check email and browse the Internet
Mobile malware comes through email, IMs, Bluetooth, memory cards, and WiFi
Bluetooth is an open standard wireless technology for exchanging data over short‐
range radio frequencies from fixed to mobile devices by creating Wireless Personal
Area Networks (WPANs)
All applications should be updated regularly with the patches released by the vendor
Use antivirus
software
to
prevent,
detect,
and
remove
malware
including
viruses,
worms, and Trojan horses
Bluetooth devices should be configured by default as, and remain, undiscoverable
except as needed for pairing
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
48/50
48 Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Bluetooth Security Checklist
Choose PIN codes that are sufficiently random and long
Bluetooth devices
should
be
configured
by
default
as,
and
remain,
undiscoverable except as needed for pairing
Change the default settings of the Bluetooth device
Ensure
that
portable
devices
with
Bluetooth
interfaces
are
configured
with a password to prevent unauthorized access if lost or stolen
Install antivirus software on Bluetooth‐enabled hosts that are
frequently targeted by malware
Ensure that Bluetooth devices are turned off when they are not in use
Install Bluetooth
software
patches
and
upgrades
regularly
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
49/50
49 Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Users should perform pairing of Bluetooth devices as infrequently as possible
Unnecessary Bluetooth services, user controls, and applications should be
removed from the host device
Users should not accept transmissions of any kind from unknown or suspicious
devices
If a Bluetooth device is lost or stolen, unpair the missing device from all other Bluetooth devices with which it was previously paired
The user should authorize all initial incoming connection requests
Devices should support only a single headset connection between one headset
and one handheld device
Bluetooth Security Checklist
Ensure
that
Bluetooth
devices
are
turned
off
when
they
are
not
in
use
-
8/19/2019 CSCU Module 13 Securing Mobile Devices.pdf
50/50
50 Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
Mobile Phone Security Checklist
Use antivirus and antispyware software for mobile devices
Keep mobile phone operating system and other applications up‐to‐date
Create a password to access the device and change the default Bluetooth
password
Encrypt sensitive data on the device and regularly back up mobile data to a PC
Wipe all
the
data
before
disposing
of
wireless
devices
and
Properly
read
the
device
user manuals to ensure appropriate protection
When entering a crowded zone, make sure the Bluetooth is switched off
Never follow links from unsolicited email or text messages
Never transmit sensitive information when connected to the Internet at public
places (shopping malls, cafes, etc.)