Securing Mobile Devices

Question 1

Screen locks

Answer 1

• Restrict access to the device
• You’re going to leave it somewhere
• Fingerprint - Built-in fingerprint reader
• Face Unlock - Face recognition
• Swipe - Choose a pattern
• Passcode - Choose a PIN or add complexity
• Failed attempts
• iOS: Erase everything after 10 failed attempts
• Android: Lock the device and require a Google login

Question 2

Locator applications and remote wipe

Answer 2

• Built-in GPS
• And location “helpers”
• Find your phone on a map
• Control from afar
• Make a sound
• Display a message
• Wipe everything
• At least your data is safe

Question 3

Remote backup

Answer 3

• Difficult to backup something that’s always moving
• Backup to the cloud
• Constant backup - No manual process
• Backup without wires - Use the existing network
• Restore with one click
• Restores everything
• Authenticate and wait

Question 4

Anti-virus and Anti-malware

Answer 4

• Apple iOS
• Closed environment, tightly regulated
• Malware has to find a vulnerability
• Android
• More open, apps can be installed from anywhere
• Easier for malware to find its way in
• Windows Phone
• Closed environment
• Apps run in a “sandbox”
• You control what data an app can view

Question 5

Patching/OS updates

Answer 5

• All devices need updates - Even mobile devices
• Device patches - Security updates
• Operating system updates - New features, bug fixes
• Don’t get behind! - Avoid security problems

Question 6

Biometric authentication

Answer 6

• Multi-factor authentication
• More than one factor
• Passcode, password, swipe pattern
• Fingerprint, face, iris
• A phone is always with you
• And you’re a good source of data
• We’re just figuring this out
• Biometrics have a long way to go
• Use as many factors as necessary

Question 7

Authenticator apps

Answer 7

• Pseudo-random token generators
• A useful authentication factor
• Carry around physical token devices
• Where are my keys again?
• You’re carrying your phone around
• And it’s pretty powerful

Question 8

Trusted vs. untrusted sources

Answer 8

• Once malware is on a phone, it has a huge amount of access
• Don’t install APK files from an untrusted source

• iOS
• All apps are curated by
Apple

• Android
• Apps can be downloaded from
• Google Play or sideloaded
• This is where problems can occur

Question 9

Firewalls

Answer 9

• Mobile phones don’t include a firewall
• Most activity is outbound, not inbound
• Some mobile firewall apps are available
• Most for Android
• None seem to be widely used
• Enterprise environments can control mobile apps
• Firewalls can allow or disallow access

Question 10

Policies and procedures

Answer 10

• Manage company-owned and user-owned mobile devices
• BYOD - Bring Your Own Device
• Centralized management of the mobile devices
• Specialized functionality
• Set policies on apps, data, camera, etc.
• Control the remote device
• The entire device or a “partition”

• Manage access control
• Force screen locks and PINs on these single user
devices

Question 11

What is the name of a policy that allows employees to use private mobile devices for accessing company’s restricted data and applications?

Answer 11

BYOD

Question 12

In which of the mobile device deployment models employees can use corporate-owned devices both for work-related tasks and personal use?

Answer 12

COPE

Question 13

Allowing “Unknown Sources” in Android security settings enables:

Answer 13

Sideloading

Question 14

The practice of installing mobile apps from untrusted sources (i.e. websites and app stores other than the official marketplaces) is called:

Answer 14

Sideloading