-
Appstore security: 5 lines of defence against malware
-
The booming smartphone industry has a special way of delivering software to end-users: appstores. Popular appstores have hundreds of thousands of apps for anything from online banking to mosquito repellent, and the most popular stores (Apple Appstore, Google Android market) claim billions of app downloads. But appstores have not escaped the attention of cyber attackers. Over the course of 2011 numerous malicious apps were found, across a variety of smartphone models. Using malicious apps, attackers can easily tap into the vast amount of private data processed on smartphones such as confidential business emails, location data, phone calls, SMS messages and so on. Starting from a threat model for appstores, this paper identifies five lines of defence that must be in place to address malware in appstores: app review, reputation, kill-switches, device security and jails.
Located in
Publications
-
Smartphone Secure Development Guidelines
-
This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure apps. It may however also be of interest to project managers of smartphone development projects.
Located in
Publications
-
Resilience of the Internet Interconnection Ecosystem
-
This study looks at the resilience of the Internet interconnection ecosystem. The Internet is a network of networks, and the interconnection ecosystem is the collection of layered systems that holds it together. The interconnection ecosystem is the core of the Internet, providing the basic function of reaching anywhere from everywhere.
Located in
Publications
-
Cyber Security and Resilience of Intelligent Public Transport. Good practices and recommendations
-
This study proposes a pragmatic approach that will highlight the critical assets of Intelligent Public Transport systems. It gives an overview of the existing security measures (good practices) that could be deployed to protect these critical assets and ensure security of the IPT system, based on a survey and interviews of experts from the sector, municipalities, operators, manufacturers and policy makers.
Located in
Publications
-
Architecture model of the transport sector in Smart Cities
-
The main objective of this study is to model the architecture of the transport sector in SCs and to describe good cyber security practices of IPT operators. The good practices are put into a relationship with different city maturity levels. This allows representatives of operators and municipalities to quickly assess whether or not they lag behind other cities with the same maturity level in terms of cyber security and, if so, to take appropriate actions. The study is primarily focused on the provision of practical, hands-on guidance.
Located in
Publications
-
Security and Resilience of Smart Home Environments
-
This study aims at securing Smart Home Environments from cyber threats by highlighting good practices that apply to every step of a product lifecycle: its development, its integration in Smart Home Environments, and its usage and maintenance until end-of-life. The study also highlights the applicability of the security measures to different types of devices.
The good practices apply to manufacturers, vendors, solution providers for hardware and software, and developers. It can be used to assess their current security level, and evaluate the implementation of new security measures. European citizens, standardisation bodies, researchers and policy makers could also find an interest in this study.
Located in
Publications
-
Flying 2.0 - Enabling automated air travel by identifying and addressing the challenges of IoT & RFID technology
-
Located in
Publications
-
Cyber-bullying and online grooming: helping to protect against the risks
-
Children are the most valuable part of every society, regardless of culture, religion and national origin. Given the rapidly increasing digitalisation of their lives, it seemed important to assess risks related to internet usage and, in particular, the risk of become a victim of online grooming and cyber bullying activities.
Today’s kids are living in an environment that is radically different from that of their parents; virtual environments are increasingly prevalent in private and education environments. This development is detrimental to their physical activities, social skills and the behavioural model that prevailed in previous generations.
ENISA has formed a Working Group consisting of international experts in various disciplines related to the area of children’s online protection. Interdisciplinary knowledge and relevant experience in the area were the criteria of their engagement. During the selection phase of the scenario to be assessed, the expert group has identified cyber bullying and online grooming as an area that requires further elaboration. With this assessment we aim to demonstrate how attacks based on misuse of data (i.e. data mining and profiling) can affect minors.
Although the issue of children’s exposure to internet risks has been addressed in great depth by many organisations (also during the generation of this report), we have performed this risk assessment in order to point out emerging risks and issue non-technical recommendations for their mitigation. Thus, we believe that the findings of this assessment will help in triggering further activities at various levels of society, while contributing to the necessary awareness of the online protection of minors.
Located in
Publications
-
Europol-ENISA IoT Security Conference
-
The Europol-ENISA IoT Security Conference focuses on the IoT ecosystem by enabling a multi-stakeholder discussion on cybersecurity.
Located in
Events
-
EQR Q3 2007, vol. 3, no. 3
-
Trusted Computing
Located in
Publications
/
ENISA Quarterly Review - Archive
/
Past Issues