8
Hacking Exposed: Mobile Security Secrets & Solutions
Risk model
“vNext”
Training
Development lifecycle
Secure design
Code review & pen testing
Figure 1-2 The key to security is first understanding the risk model—from there, you can more rationally adapt downstream security processes.
Because the risk model is the most important thing, let’s take a high-level overview of the mobile risk environment. What are some of the things we can say about the mobile risk model in general? Even though we believe things have not fundamentally changed, some things are different on mobile. Clearly, the client-side threat model is much more aggressive, given the promiscuous exposure to communications (wide area and close-in), physical access, plus the usual software attack and exfiltration vectors like email, mobile web, and apps. And the impact of compromise is much more “personal”: location, camera/photos, instant messaging—there are plenty of embarrassed public figures who can attest to this. Can Weiner have been a more unfortunate surname? (Sorry, we couldn’t resist.) Phenomenal cosmic power … itty bitty living space. But once again, this does not mean that the task of securing mobile is fundamentally different. It just means you have to understand the changes to the risk model and be able to communicate them clearly to stakeholders, with practical mitigations in hand. Same ol’ job, different day for you old security pros out there. We’ve already taken a high-level overview of the mobile threat model, so let’s take a deeper look at some more specific differences. Figure 1-3 shows our idealized mobile application ecosystem. Of course, any “real” risk model is going to be customized for the given scenario. This is a generic model to highlight some of the things we’ve observed in our consulting and research. Let’s talk about some of these areas of risk in greater detail next.