Sie sind auf Seite 1von 50

Securing Mobile Devices

Module 13

Simplifying Security.

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

May16,2011

AndroidMalwareJumps400PercentasAll
MobileThreatsRise
Mobilesecurityisthenewmalwarebattlefieldasattackerstakeadvantage
ofuserswhodontthinktheirsmartphonescangetcompromised.
CyberattackersaregunningforGooglesAndroidastheytakeadvantageof
auserbasethatisunaware,disinterestedoruneducatedinmobile
security,accordingtoarecentresearchreport.
Malwaredevelopersareincreasinglyfocusingonmobiledevices,and
Androidmalwarehassurged400percentsincesummer2010,accordingto
theMaliciousMobileThreatsReport2010/2011releasedMay11.The
increaseinmalwareisaresultofusersnotbeingconcernedaboutsecurity,
largenumberofdownloadsfromunknownsourcesandthelackofmobile
securitysoftware,accordingtotheJuniperNetworksGlobalThreatCenter,
whichcompiledthereport.
Thatswherethemomentumisfor2011,saidDanHoffman,Junipers
chiefmobilesecurityevangelist.Itsimportanttorememberthatmobile
malwarestillaccountsforlessthan1percentofallmalwaredetected
globally.

http://www.eweek.com

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Hacking Sets Off Security


Gold Rush
WedMay18,201110:33amEDT

(Reuters) Hackersareincreasinglyaimingattacksatsmartphones,touchingoffarace
amongsoftwaregiants,startupsandtelecomoperatorsseekingtocashinonwaystohelp
consumersprotectthemselves.
Asthepreviouslyfragmentedsmartphonemarketcoalescesaroundbigoperatingsystems
likeApple'siPhoneandGoogle'sAndroid,ithasbecomeamoreattractivetargetfor
hackersseekingtomaximizedamagewithonehit.
That'screatingabigbusinessopportunityforeveryonefromtraditionalantivirusplayers
likeIntel'sMcAfeetomobileoperatorslikeFranceTelecomandhandsetmakerslikeNokia.
MarketresearchfirmInfonetics forecastssalesofmobilesecuritysoftwarewillgrow50
percentayearthrough2014tohit$2billion.
http://www.reuters.com

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Objectives
MobilePhoneAntiVirusTools

MobileDeviceSecurity

SecureBluetoothConnectivity

MobilePhoneServices

SecuringiPhoneandiPad

MobileDeviceSecurityRisks

SecuringBlackberryand
WindowsPhone7Mobiles

MobileMalware
ThreatstoBluetoothDevices

MobileSecurityTools

MobileSecurityProcedures

MobilePhoneSecurityChecklists

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
Introduction
toMobile
Security

Mobile
Security
Threats

Mobile
Security
Procedures

Mobile
Security
Tools

Securing
BlackBerry
andWindows
Phone7
Mobiles

Securing
iPhone,
andiPad

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Device Security


461,318.2

Nokia

281,065.8

Samsung

WorldwideMobileDevice
SalestoEndUsersin2011

114,154.6

LGElectronics

Apple

SonyEricson
Motorola
ZTE

46,598.3
41,819.2
38,553.7
28,768.7

HTC

24,688.4

Huawei

23,814.7

488,569.3

Others

Therateofmobiledevice
adoptionandsophistication
isincreasing rapidly
Mobiledevicessuchas
smartphones,PDAs,and
laptopsfacilitateseamless
communication and
informationstorageandhave
beenanincalculable
productivityboonfortoday's
enterprises
Mobiledevicesoffer
flexibility andconvenience,
whileatthesametime
mobilitypresentssignificant
security challenges forIT
securityadministratorsand
otherusers

http://www.gartner.com
6

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Worldwide Smartphone Sales to End Users by


Operating System in 2011 Market Shares

Android

67,224.5
Symbian

111,576.7

37.6%
Asmartphoneisamobilephonethathasan
identifiableoperatingsystemandoffersmore
advancedcomputingabilityandconnectivity
thanacontemporaryfeaturephone

22.7%

15.7%
4.2%

46,598.3

3.8%
iOS

12,378.2
11417.4
Other OS

Microsoft

http://www.gartner.com
7

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Phone Services

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

IMEI Number
International
MobileEquipment
Identity(IMEI)isa
numberuniqueto
everymobile
phone

Itcanalsobe
displayedon
phonesscreen
byentering
*#06#

IMEIisa15digit
numberandis
usuallyfound
printedinsidethe
battery
compartmentofthe
phone

Itisusedto
deactivatethe
phoneifitis
stolenorlost

Note:The*#06#doesnotworkforallmobilephones

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
Introduction
toMobile
Security

Mobile
Security
Threats

Mobile
Security
Procedures

Mobile
Security
Tools

Securing
BlackBerry
andWindows
Phone7
Mobiles

Securing
iPhone
andiPad

10

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Device Security Risks


Withtheenormousgrowthintheusageofmobiledevices,variousnew
risks andthreats havemadetheirwayintothemobileplatform

Security
Risks

11

Mobile
Malware

Application
Vulnerabilities

Lostor
Stolen
Devices

Unauthorized
Access

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Malware
Mobilemalwarecomesthroughemails,IMs,Bluetooth,memorycards,andWiFi
Malwaremayspreadwhenrogue software isinstalled
AninfectedPCcaninfectamobilephoneviaIR andBluetooth

Mobilemalware
canmonitorand
recordallthe
actionsona
mobilephone

Mobilemalware
mayallowan
attackertosilently
turnthephoneon
andlistentothe
conversation

Mobilemalware
cancapture
emails,text,and
multimedia
messages

12

Mobilemalwarecan
makethephone
workslowly,crash
thephone,andwipe
outcontactsand
otherinformationon
thephone

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Application Vulnerabilities


Thelatestmobiledevicesprovideopennessplatformfunctionality.Thisgivestheuser
theflexibilitytooperateandprogramanytypeofmobileapplications thatare
supportedbyandcompatiblewiththeirsmartphones.
Opennessalsoleadstounrestrictedaccess tomobileresourcesandapplications
Vulnerabilitiesinapplicationscanbeusedbyattackerstoaccessthedevice

MobileOperating
Systems
1.
2.
3.
4.
5.
6.
7.

Applications

Symbian
WindowsPhone7
WindowsMobile
PocketPC
iOS
RIM
Android

1. Webbrowser
2. Mobilebanking
application
3. Mobilegaming

13

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Threats to Bluetooth Devices


Bluetoothisanopenstandardwireless technologyforexchangingdataovershortrangeradio
frequencies fromfixedtomobiledevicesbycreatingWirelessPersonalAreaNetworks(WPANs)

Bluejacking

Bluesnarfing
ABluesnarfing attackislaunchedusing
theBluejacking technique

Bluejacking referstoanonymously
sendinganelectronicbusinesscard
orphototoanotherBluetoothuser

Itallowsanattackertoaccesstheaddress
book,contactinformation,email,andtext
messagesonanotheruser'smobilephone

Bluesniping

WarNibbling

Bluesnipingusesahighlydirectional
antennaandlaptoptoestablish
connectionswithBluetoothenabled
devicesfrommorethanhalfamileaway

Warnibblingreferstofinding
unsecuredorunpatchedBluetooth
connectionsandcruisingforopen
802.11networks

14

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
Introduction
toMobile
Security

Mobile
Security
Threats

Mobile
Security
Procedures

Mobile
Security
Tools

Securing
BlackBerry
andWindows
Phone7
Mobiles

Securing
iPhone
andiPad

15

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Security Procedure


Patchmobileplatformsandapplications
Avoidmobiledevicetheft
Usepoweronauthentication
Regularlybackupimportantdata
Useencryptiontosecuredatainamobiledevice
Enableautolockfeature
Installonlysignedapplications
Installmobilephoneantivirus
SecureBluetoothconnectivity

16

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Patching of Mobile Platforms and


Applications
Allthemobileplatformsandapplicationsshouldbeupdatedregularlywiththepatches
releasedbythevendor
Patchingenhancestheperformanceofamobiledevice,updatestheoperatingsystem,
fixessecurityholesandbugs,etc.

Downloadyourphone's
updatetoyourmobile
devicetoinstallthepatch
Backup allthedataandfiles
onyourmobilephone
Install thepatchfiletoyour
device
Turn off yourmobilefor5to
10minutesbeforeyoustart
usingthemobilephone

Updating
17

Updated
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Avoid Mobile Device Theft


Mobilephonetheftsareincreasing daybydayandthousandsofpeoplelosetheirmobilehandset
everydayaroundtheworld
Lossofmobilephoneresultsin,lossofimportantdata,contacts,messages,images,andvideosstored
inthemobilephone

Pointers to Avoid Mobile Theft


Avoidlendingmobilephoneto
strangers

UsePINcodestolockthe
phone

Donottalkwhiledriving

Turnofftheringer

Donotleavethehandsetin
thevehicle

Dontwalkandtext

Neverleavethephone
unattended

Recordtheunique15or17
digitcodeIMEInumber

18

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

What to Do if Your Mobile


is Lost or Stolen?
Useantitheftsoftwaretoremotelywipethedata
andmakethedeviceunusable

InformthelocalpoliceandfileFirstInformation
Report(FIR)

Contacttheserviceproviderandtellthemtocancel
theSIMcard

Claimthemobilephoneinsurancetoreplacethe
costofthehandset

19

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Use Power-on Authentication


Set PoweronAuthentication
inyourphonetoensure
maximumsecurityandno
otherunauthorizedusercan
useit
PoweronAuthentication
helpsprotectvaluable
informationfrommalicious
userswhocangainaccessto
amobilephone
UsetoolWaveSecure tolock
yourmobilephone

20

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Regularly Back Up Important Data


Mostphonestodaycomewithsuites andapplications thatallowausertoeasilymanage
andback up importantdata
Toprevent losing importantdatasuchascontactdetails,calendarentries,messages,etc.,
regularlybackupyourphonedata
Ausercanusethirdpartytools andservices likemobical.net tobackuptheirmobiledata

21

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Use Encryption to Secure Data in


Mobile Device
Encryptthedatastoredinmobile
phonessuchastelephonenumbers,
importantmessages,voicecalls,and
emailstokeepthemsafefromprying
eyes

EncryptingstoredfilesonBlackberry
smartphones:
Toencryptinternalfiles:
TurnontheContentProtectionoption
(Options SecurityOptions
GeneralSettings)

Itensuresthatevenifthemobilephone
islost,thedatacannotbeaccessed
onceitisencrypted

Toencryptexternalfiles:
TurnonMediaCardSupport(Options
MediaCardor Options Memory
MediaCardSupport)

MobilephonessuchasBlackberriescan
encryptdataasastandardfeature
whereasothermobilephonesrequire
specialapplicationstoencryptdata

Settheencryptionmodeforthe
externalfilesystem.TheBlackBerry
smartphoneencryptsfilesstoredonthe
mediacard
Choosewhethertoencryptmediafiles
inexternalmemoryonlyonthe
BlackBerrysmartphone

22

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Enable Auto-Lock
Feature
Autolocksecurityfeatureallowsonlyauthorizedviewingofmobilephonedata
Anunauthorizedusercannotvieworevenusethephoneoncetheautolock
optionisenabled.Inmostcasesvalidpinnumberhastobeentered

Generalstepstoenableautolockoptiononmobilephones:
Navigatetoyourcellphonesmainmenuscreen
andselecttheiconlabeledSettings

PresstheOK orHome buttononyourkeypadto


beginsettingtheautolockfeature

PresstheOK orHome buttononthekeypadto


selectthesettingsmenu

ChooseaPINnumber thatyouwillrememberto
unlockyourdeviceoncetheautolockfeaturehas
beensaved

LocatetheSecurity optionandpressOK or
Home toselectit

TypeyourfourtoeightdigitPINcodeonthe
keypad.PresstheSave buttontosaveyourpin,and
initiatetheautolockfeature

ScrolldownandfindtheAutoLock featureon
thelistofsecurityoptions

PresstheEnd buttontoreturntothemainmenu

23

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Install Only Signed Applications


Smartphonestodayprovideopenplatformfunctionality anddelivertheabilitytoinstall,
remove,orupdateapplicationsmultipletimes
Theopennessgivesunrestrictedaccess tomobileresourcesandAPIs
Unrestrictedaccesstomobileresourcespresentschallengesandrisksandunsigned
applicationsthatmaylikelyincreasethecomplexity and security risks

Toreducetheriskofmalwareandinstallingunsignedapplications,
followtheguidelines:
Identifythefilescreatedonthephonebytheapplicationduringtheinstallation
Alwaysinstalltheapplicationsonexternalstorage memorycards
Donotdownloadmobilesoftwarefromanyuntrustedthirdpartyvendors
Ensurethequalityandaccountability ofmobileapplicationsbycarefully
investigatingthevendor
Alwaystrytodownloadtheapplicationsfromthemarketplace providedbythe
mobilemanufacturer

24

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Install Mobile Phone AntiVirus


Peoplemayunknowinglyorknowinglyinstallthe
virus (programsor.exefiles)throughdirector
indirecttransferring
WiFienabledhandsetsandBluetooth maylet
themalwareiniftheantivirusisnotinstalled
Onceinthesystem,theviruscanalterordelete
allthecontactdetails,orcrashorpermanently
lockupyourmobilephoneapplications

http://www.fsecure.com

Antivirussoftwareprevents,detects,and
removesmalwareincludingviruses,worms,and
trojanhorses
Someofthemobileantivirussoftwareinclude
Nortonmobilesecurity,FSecuremobilesecurity,
Kasperskymobileantivirus,etc.
http://us.mcafee.com

25

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Phone Anti-Virus Tools


NortonMobileSecurity

KasperskyAntivirusMobile

http://us.norton.com

http://www.kaspersky.com

ESETMobileAntivirus

BitDefender MobileSecurity

http://www.eset.com

http://www.bitdefender.com

TrendMicroMobileSecurity

Avast!PDAEdition

http://us.trendmicro.com

http://www.avast.com

SymantecAntivirusfor
Handhelds

AviraAntiVir Mobile
http://www.avira.com

http://www.symantec.com

26

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Secure Bluetooth Connectivity

BasicBluetoothsecurity
mechanismrefersto
identifyingwhetheradevice
isin"Visible/Discoverable"
modeor"nonvisible/non
discoverable"mode

TurnOFF
Bluetooth

TurnoffBluetooth
interfaceswhennotinuse,
anddisableBluetooth's
discoveryfeature

Bluetooth
Security

UseStrong
PIN

27

ChooseastrongPIN for
connectingtheBluetooth

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
Introduction
toMobile
Security

Mobile
Security
Threats

Mobile
Security
Procedures

Mobile
Security
Tools

Securing
BlackBerry
andWindows
Phone7
Mobiles

Securing
iPhone
andiPad

28

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Enable Passcode Protection


TapiPhone'sSettingsapp
taponGeneral
selectPasscodeLock
tapTurnPasscodeOn

Enterafourdigit
passcodethatcanbe
remembered;reenter
ittoconfirm

Pressitagainand
iPhonewillaskyouto
enterapasswordto
unlockit

Pressthepower
buttontoputiPhone
tosleep

29

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Enable SIM PIN Protection


TapiPhone'sSettingsapp Select
Phone selectSIMPIN tapChange
PIN

Enterthecurrentpassword(ifitisfor
thefirsttimecontact,waitandfind
outthedefaultSIMPINcode)
Enterthenew password,afourdigit
passcode thatcanberemembered
andreenterittoconfirm

30

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Enable Auto-Lock and Re-map Button


EnableAutoLock

RemapHomeButton

TapiPhone'sSettingsapp tapGeneral tap


AutoLock
Selecttheamountofidletimeyouwantthe
iPhonetowaitbeforeitgoestosleep

TapiPhone'sSettingsapp taponGeneral
selectHomeButton
Insteadof"PhoneFavorites,"selecteither
Home oriPod

31

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

iPad Security
AutoLockFeatureiniPad
Settheautolock featuretoturnoffthedisplayand
preventunintendedoperationofyouriPad
TosettheamountoftimebeforeiPad locks,select
General selectAutoLock specifythetime

PasscodeLock
Tosetapasscode,selectGeneral clickPasscodeLock
selectTurnPasscodeOn
Enterafourdigitpasscode enterthepasscodeagain
toverify
iPad thenrequiresyoutoenterthepasscodetounlockit
ortodisplaythepasscodelocksettings

Tosethowlongbeforeyourpasscodeisrequired,select
General clickPasscodeLock enterpasscode
TapRequirePasscodeandselecthowlongiPad canbe
idlebeforeyouneedtoenterapasscodetounlockit.
Toturnthepasscodeoff,selectGeneral clickPasscode
Lock clickTurn Passcode Off enteryourpasscode

32

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
Introduction
toMobile
Security

Mobile
Security
Threats

Mobile
Security
Procedures

Mobile
Security
Tools

Securing
BlackBerry
andWindows
Phone7
Mobiles

Securing
iPhone
andiPad

33

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

BlackBerry: Setting Device


Password
OntheHomescreenorinafolder,click
Options
ClickSecurity Password
Click SetPassword
Typeapassword
Pressthe

key clickSave

ToturnofftheBlackBerrydevices
password,cleartheEnablecheckbox

34

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

BlackBerry: Changing the


Device Password
OntheHomescreenorinafolder,clicktheOptions icon
ClickSecurity Password ChangePassword

35

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

BlackBerry: Lock Your


Device
Youcanlockthescreentoavoidpressingit
accidentally
TolockyourBlackBerrydevice,dooneofthe
following:
Ifyouhavesetadevicepassword,thenontheHome
screenorinafolder,clickthePasswordLock icon
Tolockthescreen,pressthekeyonthetopleft
areaofyourdevice
Tounlockyourdevice,typedevicepassword press
theEnter
Tounlockthescreen,pressthe keyagain,andif
necessary,typeyourdevicepassword

36

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

BlackBerry: Device Password


Settingalimitfordevicepasswordattempts:

Lockingthedevicewheninsertedinthe
holster:

OntheHomescreenorinafolder,click
Options

OntheHomescreenorinafolder,click
Options

ClickSecurity Password Changethe


NumberofPasswordAttempts field

ClickSecurity Password selectthe


LockHandheldUponHolstering checkbox
Pressthe

Pressthe

keyclick Save

keyclick Save

37

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

BlackBerry Password Keeper


Passwordkeeperstoresallthepasswordsinoneplace
Thepasswordkeeperisdesignedtoprotectyourpasswordswithapasswordkeeperpassword
Whenyoutypethispassword,thepasswordkeeperdecryptsyourpasswords.
Youcanalsousethepasswordkeepertogeneraterandompasswordsthatcontainnumbers,
letters,andsymbols
Changingthepasswordinthepasswordkeeper
1. OntheHomescreenorintheApplications folder,
clickPasswordKeeper Highlightapassword
2. Pressthe

keyandclickOpen

3. Changethepasswordinformation
4. Pressthe

keySave

Addapasswordtothepasswordkeeper
1. OntheHomescreenorintheApplications folder,
clickthePasswordKeeper icon
2. Pressthe
information

key New Typethepassword

3. Pressthe

key

38

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

BlackBerry Password Keeper


Preventpasswordcopying
OntheHomescreenorintheApplications
folder,clickthePasswordKeepericon
Pressthe
key Options
CleartheAllowClipboardCopycheckbox
Pressthe
key Save
Setalimitforpasswordattemptsinthepassword
keeper
OntheHomescreenorintheApplications
folder,clickthePasswordKeepericon
Pressthe
key Options
SetthePasswordAttemptsfield
PressthekeyandclickSave
Hidepasswordsinthepasswordkeeper
OntheHomescreenorintheApplications
folder,clickthePasswordKeepericon
Pressthe
key Options
CleartheShowPasswordcheckbox
Pressthe
key Save

39

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Encrypting Data on Your BlackBerry


Device
WhentheuserturnsONtheencryptionoption inBlackBerryphone,thephoneusesaprivate
keytoencryptdata
Ausercanencryptfilesonthedeviceandonamediacardusinganencryptionkeygenerated
bythedevice
Turnonencryption
ToencryptdataonyourBlackBerrydevice,firstseta
passwordforyourdevice.
1. OntheHomescreenorinafolder,clickOptions
2. ClickSecurity Encryption
3. SelecttheEncryptcheckboxtoencryptdataonyourdevicein
theDeviceMemorysection
4. SelecttheMediaCardcheckboxtoencryptthemediacard
filesanddooneofthefollowing:
a. ChangetheModefieldtoDeviceKey
b. ChangetheModefieldtoDevicePassword
c. ChangetheModefieldtoDevicePassword&DeviceKey
5. SelecttheIncludeMediaFilescheckboxtoencryptmedia
filessuchaspictures,songs,andvideos
6. Pressthekey Save

40

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Windows Phone 7 Mobile: Use of


PIN to Lock SIM Card
YoucanuseaPINfortheSIM(SubscriberIdentityModule)cardinyourphonetoprevent
peoplefrommakingunauthorizedphonecalls
AfterturningonSIMsecurity,youwillbepromptedtoenteryourSIMPIN eachtimeyoustart
yourphone

StepstoturnONSIMsecurity
OnStart,click/tapPhone
TurnonSIMSecurity

clickMore

clickCallSettings

ItpromptsyoutoEnterSIMPIN enterthePIN foryourSIMcard


bydoingoneofthefollowing:
IfyouaresettingthePINforthefirsttime,trytyping1234 tapEnter
IfyouhavealreadysetaPINfortheSIMcard,typeyourPIN andtap
Enter

41

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Windows Phone 7 Mobile: Changing the


Password of the Phone
1

OnStart flicklefttotheApplist tapSettings

InSettings,tapLock&wallpaper

Tosetupapasswordforthefirsttime turnONPassword entera


password intheNewpasswordtextbox reenter itintheConfirm
passwordtextbox

Ifthephonealreadyhasapasswordandyouwanttochangeit,tapChange
password enterthephone'scurrentpassword intheCurrentpassword
textboxbeforeenteringyournewpassword

TapDone tosaveyourchanges

42

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Windows Phone 7 Mobile: Changing the


Password of the Phone

43

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
Introduction
toMobile
Security

Mobile
Security
Threats

Mobile
Security
Procedures

Mobile
Security
Tools

Securing
BlackBerry
andWindows
Phone7
Mobiles

Securing
iPhone
andiPad

44

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Security Tools: PhoneBAK


Anti-theft
PhoneBAK protectsaPDAphone
fromtheftandriskofunauthorized
accesstosensitiveinformationand,
ifstolen,tracksdownthethiefvia
his/hermobilephonenumber
PhoneBAK checksonany
SubscriberIdentityModule(SIM)
cardinsertedintothePDAphone
andifunauthorized,itsendsSMS
textalerts tonotifythetheftand
wipesoutallvideo,photos,and
documents!

http://www.bak2u.com

45

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Security Tools


WaveSecure

Resco BackupforPocketPC

https://www.wavesecure.com

http://www.resco.net

SpriteTerminator

SecuBox

http://www.spritesoftware.com

http://www.aikosolutions.com

Airscanner MobileEncrypter

eWallet

http://www.airscanner.com

http://www.iliumsoft.com

MobileSecurity

KasperskyMobileSecurity

http://www.fsecure.com

http://usa.kaspersky.com

46

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Summary
MobilephonesarebecomingthenewPCstocheckemailandbrowsetheInternet
Mobilemalwarecomesthroughemail,IMs,Bluetooth,memorycards,andWiFi
Bluetoothisanopenstandardwirelesstechnologyforexchangingdataovershort
rangeradiofrequenciesfromfixedtomobiledevicesbycreatingWirelessPersonal
AreaNetworks(WPANs)
Allapplicationsshouldbeupdatedregularlywiththepatchesreleasedbythevendor
Useantivirussoftwaretoprevent,detect,andremovemalwareincludingviruses,
worms,andTrojanhorses
Bluetoothdevicesshouldbeconfiguredbydefaultas,andremain,undiscoverable
exceptasneededforpairing

47

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Bluetooth Security Checklist


ChangethedefaultsettingsoftheBluetoothdevice
ChoosePINcodesthataresufficientlyrandomandlong
Bluetoothdevicesshouldbeconfiguredbydefaultas,andremain,
undiscoverable exceptasneededforpairing
EnsurethatBluetoothdevicesareturnedoff whentheyarenotinuse
EnsurethatportabledeviceswithBluetoothinterfacesareconfigured
withapassword topreventunauthorizedaccessiflostorstolen
InstallantivirussoftwareonBluetoothenabledhoststhatare
frequentlytargetedbymalware
InstallBluetoothsoftwarepatchesandupgradesregularly

48

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Bluetooth Security Checklist


Usersshouldnotaccepttransmissionsofanykindfromunknownorsuspicious
devices
UsersshouldperformpairingofBluetoothdevicesasinfrequentlyaspossible
UnnecessaryBluetoothservices,usercontrols,andapplicationsshouldbe
removedfromthehostdevice
Devicesshouldsupportonlyasingleheadsetconnectionbetweenoneheadset
andonehandhelddevice
IfaBluetoothdeviceislostorstolen,unpair themissingdevicefromallother
Bluetoothdeviceswithwhichitwaspreviouslypaired
Theusershouldauthorizeallinitialincomingconnectionrequests

EnsurethatBluetoothdevicesareturnedoffwhentheyarenotinuse

49

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mobile Phone Security Checklist


CreateapasswordtoaccessthedeviceandchangethedefaultBluetooth
password
Keepmobilephoneoperatingsystemandotherapplicationsuptodate

Useantivirusandantispywaresoftwareformobiledevices

Encryptsensitivedata onthedeviceandregularlybackupmobiledatatoaPC

Whenenteringacrowdedzone,makesuretheBluetoothisswitchedoff

Neverfollowlinksfromunsolicitedemailortextmessages
NevertransmitsensitiveinformationwhenconnectedtotheInternetatpublic
places(shoppingmalls,cafes,etc.)
WipeallthedatabeforedisposingofwirelessdevicesandProperlyreadthedevice
usermanualstoensureappropriateprotection

50

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.