Introducing the Smartphone Penetration Testing Framework

Explore the world of smartphone security in this 56-minute conference talk from BruCON Security Conference. Delve into the Smartphone Penetration Testing Framework, a DARPA Cyber Fast Track project, designed to assess the security of mobile devices in corporate environments. Learn about unique attack vectors specific to smartphones and how this open-source toolkit addresses various aspects of security assessment. Discover the framework's capabilities in information gathering, exploitation, social engineering, and post-exploitation through both traditional IP networks and mobile modems. Gain insights into using the framework via command line console, graphical user interface, and smartphone app. Witness demonstrations of the framework assessing multiple smartphone platforms and understand its potential for security teams and penetration testers. Explore threats such as malicious apps, software bugs, social engineering, and jailbreaking. Examine remote, client-side, social engineering, and local vulnerability examples, as well as post-exploitation techniques and mitigating strategies. Get a glimpse into the future of this project and its implications for smartphone security in the workplace.