Learn about certificate pinning, its complexities, and implementation in mobile security. Explore the broken certificate trust model, government surveillance concerns, and user bypasses of security controls. Discover virtual mobile infrastructure (VMI) and mobile app virtualization architecture for protecting data outside managed networks. Examine techniques for capturing encrypted data, implementing trusted SSL proxies, and leveraging hardware-protected clients with TrustZone. Gain insights into mobile business applications, security monitoring, and strategies to prevent data exfiltration in this comprehensive conference talk from BSides San Francisco 2015.
Stick a Pin in Certificate Pinning - How to Inspect Mobile Traffic and Stop Data Exfiltration
via YouTube
Overview
Syllabus
Stick a Pin in Certificate Pinning
The Certificate Trust Model Is Broken
Worries over Government Snooping
Lock icon on browser is deceiving
Users Can Bypass Security Controls
Linux Foundation "Let's Encrypt" Free CA for everyone • Revoking service - Domain Validation
How Certificate Pinning Works
Complexities of Certificate Pinning
Avoid IT Desperation
How to Implement Cert Pinning
Mobile Business Applications
Virtual Mobile Infrastructure (VMI)
Mobile App Virtualization Architecture
Remote Mobile App Virtualization
Capturing Encrypted Data
VMI with Trusted SSL Proxy
Security and User Monitoring
Protecting data outside managed network
TrustZone: Hardware-Protected Clients
