- ensuring personal data protection while securing cyber...
TRANSCRIPT
![Page 1: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/1.jpg)
Centre for Security Cooperation
Sarajevo, 29-30 October 2014.
American University in Bosnia and Herzegovina
-- Ensuring personal data protection while securing Ensuring personal data protection while securing
cyber space cyber space --
-- Challenges and perspectives for the South East Challenges and perspectives for the South East
European Countries European Countries --
Ministry of Defence
Bosnia and Herzegovina
Ministry of Foreign Affairs
Bosnia and Herzegovina
Ministry of Security
Bosnia and Herzegovina
Military Academy "General Mihailo
Apostolski"-Skopje
29 Oct 2014 1 Cyber Warfare using Mobile Devices as
Weapon - Sasa Mrdovic
![Page 2: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/2.jpg)
Cyber Warfare using
Mobile Device as a
Weapon
29 Oct 2014 Cyber Warfare using Mobile Devices as
Weapon - Sasa Mrdovic 2
![Page 3: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/3.jpg)
Agenda
•BYOD
•Mobile device – security issues
•Perimeter defense
•Mobile devices – weapon for deperimeterization
•Attack scenario – practical example
•Conclusion and open issues
29 Oct 2014 3 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic
![Page 4: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/4.jpg)
BYOD
•Bring Your Own Device
•Popular
•Convenient
• Inevitable
•Dangerous (possibly)
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 4
![Page 5: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/5.jpg)
Mobile device – security issues
•Many • Data on device, surveillance, access to
connected accounts, privacy, …
•Presentation focus • Mobile device as a stepping stone to
protected network
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 5
![Page 6: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/6.jpg)
Medieval castle
• Nothing comes in/out • Except through the gates
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 6
![Page 7: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/7.jpg)
Network perimeter
• Nothing comes in/out • Except through the firewalls
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 7
![Page 8: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/8.jpg)
Mobile devices can “climb the walls”
• They come in/out as they (users) please • Completely avoiding the firewalls (“deperimeterization”)
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 8
![Page 9: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/9.jpg)
Attack scenario
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 9
Secret
document -
available
only within
internal
network
![Page 10: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/10.jpg)
Attack scenario (2)
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 10
Secret
document -
available
only within
internal
network
EvilApp.apk
or other attack on mobile
device app. or OS
![Page 11: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/11.jpg)
Attack scenario (3)
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 11
Secret
document -
available
only within
internal
network
EvilApp.apk
:80
• EvilApp connects back to attacker on HTTP port (80) • Permitted by firewall (“web surfing”)
![Page 12: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/12.jpg)
Attack scenario (4)
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 12
Secret
document -
available
only within
internal
network
:80
• Through this connection attacker has full control of mobile device
![Page 13: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/13.jpg)
Attack scenario (5)
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 13
Secret
document -
available
only within
internal
network
:80
• including using it as a tunnel to internal network
Secret
document -
available
only within
internal
network
Web browser
![Page 14: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/14.jpg)
Attack scenario (6)
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 14
Secret
document -
available
only within
internal
network
• or using it to attack other PC on internal network • taking it completely over (no need for mob. dev.)
![Page 15: - Ensuring personal data protection while securing cyber ...people.etf.unsa.ba/~smrdovic/publications/Racviac_2015_Mrdovic.pdf · cyber space - - Challenges and perspectives for the](https://reader034.vdocument.in/reader034/viewer/2022051909/5ffd181a0d561c1524148946/html5/thumbnails/15.jpg)
Conclusion
•Mobile devices are useful
• They are here to stay
• They could be used as a weapon • Against user and his organization
•Can we protect ourselves • Sure • But it takes some effort
29 Oct 2014 Cyber Warfare using Mobile Devices as Weapon - Sasa Mrdovic 15