Presented at
Black Hat USA 2014,
Aug. 7, 2014, 9 a.m.
(60 minutes)
Gartner estimates that the number of attacks against mobile devices is going to double in the near future, and yet for the most part these devices remain a blackbox in many ways. Lack of proper tools to evaluate the privacy posture of the installed apps, no rootkit and baseband attacks detection software and hardly any control over the underlying internals are all important missing aspects of these devices both for consumers and enterprises. Furthermore Android got the lion share of the market and its security model is closer to the PC-world compared to the one used by iOS. The goal of the roundtable is to discuss and address these issues, is the Android approach to security better than iOS in the long run? How can we deal with attacks below the application level (baseband, kernel, etc etc)? What are the implications of more and more apps for finance and IoT monitoring on the threat models for mobile? Can we realistically build a trustworthy mobile platform?
Presenters:
-
Peiter Zatko / Mudge
as Peiter Zatko
Apparently he's running security related programs at Google now, but people remember him as a pioneer in buffer overflows, leader/front man for the hacker group L0pht, and the hacker who ran Cyber Fast Track inside DARPA. He was awarded the highest medal able to be given to a civilian by the Office of the Secretary of Defense, and is referenced in Trivial Pursuit.
-
Vincenzo Iozzo
Vincenzo Iozzo is an Entrepreneur in Residence at Rakoku Holdings where he focuses on Information Security. In addition to his work at Rakoku Holdings, Vincenzo is a Partner at the Italian business incubator iStarter SpA. Prior to that, Vincenzo was the Chief of Staff and Principal Security Engineer at Trail of Bits. Prior to Trail of Bits, Vincenzo founded Tiqad, an information security consulting firm, worked as a penetration tester for Secure Network srl and was a reverse engineer for Zynamics GmbH. His specialized research in Mac OS X security, smartphone exploitation, and exploit payloads has been presented at information security conferences around the world including Black Hat, CanSecWest and Microsoft BlueHat. In 2008, he was selected to participate in the Google Summer of Code and developed a testing infrastructure for TrustedBSD, the Mandatory Access Control system that became the foundation for sandboxing technologies included in Mac OS X. Vincenzo serves as a committee member on the Black Hat Review Board and is a co-author of the "iOS Hacker's Handbook" (Wiley, 2012). He is perhaps best known for his participation in Pwn2Own, where he co-wrote the exploits for BlackBerryOS and iOS that won the contest in 2010 and 2011 and where he co-wrote exploits for Firefox, Internet Explorer, and Safari that placed second in 2012.
Links:
Similar Presentations: