The Smartphone Penetration Testing Framework

Presented at HOPE Number Nine (2012), July 13, 2012, 10 a.m. (60 minutes).

As smartphones enter the workplace, sharing the network and accessing sensitive data, it is crucial to be able to assess the security posture of these devices in much the same way we perform penetration tests on workstations and servers. However, smartphones have unique attack vectors that are not currently covered by available industry tools. The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. This talk will look at the functionality of the framework including information gathering, exploitation, social engineering, and post exploitation through both a traditional IP network and through the mobile modem, showing how this framework can be leveraged by security teams and penetration testers to gain an understanding of the security posture of the smartphones in an organization. You will also learn how to use the framework through a command line console, a graphical user interface, and a smartphone-based app. Demonstrations of the framework assessing multiple smartphone platforms will be shown.


Presenters:

  • Georgia Weidman
    Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at conferences around the world. Georgia has delivered highly technical security training for conferences, schools, and corporate clients. She recently founded Bulb Security LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.

Links:

Similar Presentations: