Overview
Explore emerging mobile security threats in this 48-minute conference talk from AppSecUSA 2014. Delve into real-world attacks on mobile devices, covering physical, network, and application-level vulnerabilities. Learn about iOS malicious profiles, HTTP Request Hijacking, and other covert techniques employed by hackers. Gain insights from industry experts Yair Amit and Adi Sharabani as they present examples, statistics, and demonstrations of mobile security risks. Topics covered include the iOS security model, configuration profiles, certificate pinning, and Google's focus on malware. Understand the holistic outlook on mobile security and discover implementation and design-based vulnerabilities affecting mobile devices worldwide.
Syllabus
Intro
A Holistic Outlook on Mobile Security
The Physical Layer
Real World Incident Statistics
Network Based Attacks
Implementation-Based Vulnerabilities
Gotofail - The Code
Design-Based Vulnerabilities (Generic)
IOS Security Model
Configuration Profiles
Demo: Participation Instructions
Malicious Profiles
Design-Based Vulnerabilities (Mobile)
App Level Security & Privacy
App Level Vulnerabilities
Certificate Pinning
HRH - Attack Flow
Google's Focus on Malware
The Maliciously Vulnerable App
Summary
Taught by
OWASP Foundation