Mobile Fail: Cracking Open "Secure" Android Containers

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration).

We've known for some time that physical access to a device means game over. In response, we've begun to rely more and more on "secure" container applications to keep our private and company data secret. Whether you use LastPass to secure your passwords, or GOOD for Enterprise to make sure your company emails are safe and sound, this presentation will demonstrate that more often than not, the container isn't as secure as you think.  In this presentation I will discuss specific design flaws in the security of "secure" Applications that promise to keep your data / password and even company email safe and sound should the device fall into the wrong hands.


Presenters:

  • Chris John Riley - Raiffeisen Informatik
    Chris John Riley is a senior penetration tester and part-time security researcher working for Raiffeisen Informatik Security Competence Center . With over 15 years experience in various aspects of Information Technology, Chris now focuses full time on Information Security. Chris is one of the founders of the PTES (Penetration Testing Execution Standard), regular conference attendee and avid blogger (blog.c22.cc), as well as being a regular contributor to the open-source Metasploit project and generally getting in trouble in some way or another. When not working to break one technology or another, Chris enjoys long walks in the woods, candle light dinners and talking far too much on the Eurotrash Security podcast. 

Links:

Similar Presentations: