Overview
Explore the complexities of secure data storage on mobile devices in this 57-minute Black Hat conference talk. Delve into the challenges faced by mobile app developers in securing locally cached data, including authentication tokens, on iOS and Android platforms. Examine common misconceptions about full-disk encryption and learn why it falls short in most attack scenarios. Discover sophisticated secure storage techniques available for both iOS and Android, understanding their technical operations and effectiveness in meeting practical security and usability requirements. Analyze potential vulnerabilities even when following current best practices and discuss potential solutions for the security and mobile device community. Gain insights into securely storing data for various use cases and uncovering secure storage flaws in real-world applications. By the end, understand the significant challenges of data storage on always-on, portable devices and how to implement robust security measures.
Syllabus
Intro
Outline 1. Introduction
iOS Encryption Hierarchy
Evolution of Android Security
How Android Encryption Works nccgroup
Android Credential Storage System Credential Store allows for storage of
Importance of Boot Security
Flash Recovery
Backdoor the Kernel nccgroup
Test Exploit 1. Compile backdoored kernal 2. Create boot image 3. Flash boot image via recovery 4. Reboot and test
Best Practices for Developers nccgroup General
Taught by
Black Hat