Explore the complexities of secure data storage on mobile devices in this 44-minute Black Hat conference talk. Delve into the challenges faced by mobile app developers in securing locally cached data, debunk common misconceptions about full-disk encryption, and examine sophisticated secure storage techniques for iOS and Android. Learn about the technical operations of various security mechanisms, their practical implications, and potential vulnerabilities even when following best practices. Gain insights into reconciling security needs with mobility, accessibility, and usability requirements, and discover how to uncover secure storage flaws in real-world applications. Understand the significance of mobile device security in an era where mobile users outnumber desktop users, and explore solutions to address current shortcomings in secure storage on portable devices.
Faux Disk Encryption - Realities of Secure Storage on Mobile Devices
Overview
Syllabus
Introduction
Outline
What makes mobile special
Why is that a problem
We need data on the device
We have to reconcile the two concepts
Theres no such thing as absolute security
Remote attackers
Coffee shop attacker
Casual thief
Targeted attacks
Casual thieves
Mobile data security
Mobile device encryption
iOS security features
How we implement encryption
Secure Enclave
iOS File Encryption
File System Key
Class Keys
iOS RS Keychain
Why We Need All These Different Classes
Data Needs To Be Accessible
Other Credentials
Touch ID
User Presence
Security Threats
Android Adoption
Why is this important
Device Encryption
Key Encryption Key
Lock Screen
Full Disk Encryption
Android Credential Storage
Boot Security
Odin Mode
Little Kernel
Laugh
Faux Disk Encryption
Making The Kernel
Testing The Bootloader
Drew Soapbox
App Container
Data On Device
Android
Outlook
Takeaways
References
Taught by
Black Hat
