A Practical Attack Against MDM Solutions

Presented at Black Hat USA 2013, July 31, 2013, 3:30 p.m. (60 minutes)

Spyphones are surveillance tools surreptitiously planted on a users handheld device. While malicious mobile applications mainly phone fraud applications distributed through common application channels - target the typical consumer, spyphones are nation states tool of attacks. Why? Once installed, the software stealthy gathers information such as text messages (SMS), geo-location information, emails and even surround-recordings.

How are these mobile cyber-espionage attacks carried out? In this engaging session, we present a novel proof-of-concept attack technique which bypass traditional mobile malware detection measures- and even circumvent common Mobile Device Management (MDM) features, such as encryption.


Presenters:

  • Michael Shaulov - Lacoon Mobile Security
    Michael Shaulov is CEO and co-founder of Lacoon Mobile Security. Michael has ten years of experience researching and working in the mobile security space, keeping a tight tab on the shift from feature-phones to smartphones. Prior to founding Lacoon, Michael worked at the security division of NICE systems where he led a team of mobile security researchers. Michael holds a BSc in Computer Sciences and Physics from Ben-Gurion University, Israel.
  • Daniel Brodie - Lacoon Security
    Daniel Brodie is a senior researcher at Lacoon Security where he heads dynamic analysis and instrumentation of mobile malware and spyphones. Daniel brings to this position close to a decade of experience in application and operating system security. Prior to working at Lacoon, Daniel consulted for various companies, from small startups to Fortune 500's, with a strong focus on vulnerability discovery and exploitation in a multitude of environments.

Links:

Similar Presentations: