This week many security researchers will converge on Las Vegas for the annual Black Hat USA, Security B-Sides Las Vegas, and DefCon security conferences. As in previous years, we’ll present and discuss many new security techniques and methods used by computer criminals, attackers, and defenders. A good portion of the new research will be related to mobile phones and devices.
[...]
Android Malware and ExploitsGoogle introduced an interesting security service, Bouncer, for its app market (Google Play). The company left out details on implementation or what exactly will prevent bad apps from entering the market. While this sounds like a good step to make it more difficult for attackers, this move also makes it much more difficult for security researchers to defend against those same bad guys. Security through obscurity doesn’t work and is only a delaying tactic.
[...]
iOS Threats and SecurityApple’s iOS has been getting progressively more secure with each new update, closing holes and adding preventive measures. We’ll hear about improvements in platform security from the manger of Apple’s Platform Security Team.
[...]
Mobile Hardware ExploitationOther talks will involve OS specifics. Researchers Stephen Ridley and Stephen Lawler bring their experience on attacking ARM processor-based devices. They will cover the research process that enabled them to create their two-day ARM exploitation training. They will attack Linux-based devices and build a test lab of devices.
Sometimes attackers don’t want to restrict themselves to one OS. The Smartphone Pen Test Framework (SPF) makes Android and Apple iOS devices into targets of a penetration test. Previously when we wrote “pen test” and “smartphone” in the same sentence, it meant that someone was exploiting a PC from a phone. Now it’s the other way around. The framework’s creator Georgia Weidman, an innovator in offensive security research on smartphones, will demonstrate the DARPA Cyber Fast Track-funded project throughout the week. The SPF tests for jailbroken or rooted phones and other security vulnerabilities.
The Smartphone Pen Test Framework can connect to an agent on the phone to execute further attacks.
No comments:
Post a Comment