Security Model Of Endpoint Devices

Presented at DeepSec 2020 „The Masquerade“, Unknown date/time (Unknown duration)

Have you ever asked these questions? You are using the latest mobile and using your laptop with the latest and patched OS, running antivirus: Do you need to worry about security? Isn't there still something broken in the entire security and permission model? Why can the desktop application, that is not an internet browser, access and communicate by using any IP address? Why can the application access your whole filesystem and collect the files from there? Why can an android app with internet permission communicate using any arbitrary IP, even a private one? Why can the app communicate by using different domains? Isn't the app market ecosystem creating a friendly environment for botnets? This talk will shed some light on these issues and propose some mitigation strategy.

Presenters:

• Martin Kacer - Mobileum
  Martin Kacer is a Security Researcher, dedicated to telecom security. He made key contributions to GSMA security guidelines documents related to interconnect signalling security for 2G, 3G, 4G and 5G networks. Regarding open source work, Martin is author of open source Signalling firewall and was speaker at the BlackHat USA conference. Additionally he contributed to the wireshark project and published a few tools.

Links:

• https://deepsec.net/archive/2020.deepsec.net/speaker.html#PSLOT476

Similar Presentations:

• THOTCON 0x3 (2012) / Bypassing the Android Permission Model
• ToorCon San Diego 16 (2014) / Privacy Concerns in Android Applications
• May Contain Hackers (MCH2022) / No Permissions Needed!