Mobile App Corporate Espionage

Presented at BSidesSF 2016, Feb. 29, 2016, 4:30 p.m. (25 minutes)

Corporate espionage is at an all-time high, and in terms of data risk threats, is second only to financially motivated data breaches according to the Verizon data breach investigations report. Whether your team is designing in-house mobile apps or leveraging 3rd parties for mobile apps, the apps may contain risky behaviors. These behaviors can stem from malicious 3rd party SDKs or code injected by the developer that can allow sensitive corporate secrets and documents to be leaked through out-of-band communications. This session will explore real-word examples of corporate espionage techniques that leverage hidden behaviors in seemingly innocuous mobile apps.

Presenters:

• Michael Raggo - Director, Security Research - MobileIron, Inc.
  Michael T. Raggo, Director of Security Research, MobileIron, Inc. has over 20 years of security research experience. His current focus is threats and countermeasures for the mobile enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding" for Syngress. A former security trainer, Michael has briefed the FBI and Pentagon, is a participating member of the PCI Mobile Task Force, and is a frequent presenter at security conferences, including Black Hat, DEF CON, DoD Cyber Crime, OWASP, and SANS.

Links:

• https://bsidessf2016.sched.com/event/661B/mobile-app-corporate-espionage

Similar Presentations:

• DeepSec 2020 „The Masquerade“ / Practical Mobile App Attacks By Example
• Black Hat USA 2010 / App Attack: Surviving the Mobile Application Explosion
• DEF CON 18 (2010) / App Attack: Surviving the Mobile Application Explosion