HackDig : Dig high-quality web security articles for hackers

Black Hat Asia 2017: Securing Mobile Devices

2017-03-08 17:35
Opportunities for phishing, ransomware, cryptocurrency mining and other attacks are endless. Understanding mechanisms for compromising Android and iOS systems is crucial to detecting and preventing security breaches.

The increasing use of mobile devices for sensitive transactions creates new vulnerabilities and modes of collecting and exploiting personal information. From mobile phone banking to email and social media interaction, opportunities for phishing, ransomware, cryptocurrency mining and other attacks are endless. Understanding mechanisms for compromising Android and iOS systems is crucial to detecting and preventing security breaches. Check out the Briefings & Training below for an immersive view of mobile device security flaws and how to defend against them:

Fried Apples: Jailbreak DIY provides steps for building a jailbreak chain including the basic architecture, processes and vulnerabilities. iPhone jailbreaks can be particularly susceptible to manipulation and malware attacks. This Briefing provides the details to the initial arbitrary code execution, sandbox bypassing, kernel address leaking, and persistent code signing bypass to build your own jailbreak. Establish your utility and explore new mitigation tactics and security enhancements added in iOS 10 through this Briefing.

iOS 10 security enhancements include a new notification when users connect to open Wi-Fi networks. Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox describes exactly how iOS devices can be remotely compromised over Wi-Fi without user interaction or complicity. iOS Wi-Fi attacks bypass all built in mitigations and sandboxes. Researchers present the routes to arbitrary code execution outside of the iOS sandbox and discuss a security monitoring framework for safeguarding operating systems.

Android devices are equally vulnerable to maneuvering. Anti-Plugin: Don't Let Your App Play as an Android Plugin details the Android Plugin Technology which allows users to launch multiple instances of an app but simultaneously allows stored data to be stolen by malicious host and plugin apps. Researchers of this Briefing chronicle the attack method to highlight advanced mitigation tactics and opportunities for reducing exploitability of this feature.

Arm yourself with the latest techniques and InfoSec discoveries. Check out our Trainings and our Briefings and Register today for Black Hat Asia at Marina Bay Sands in Singapore, March 28-31.


Source: cm_?2438231/di-d/d/secived-elibom-gniruces--7102-aisa-tah-kcalb/tah-kcalb/moc.gnidaerkrad.www

Read:3690 | Comments:0 | Tags:No Tag

“Black Hat Asia 2017: Securing Mobile Devices”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools