The increasing use of mobile devices for sensitive transactions creates new vulnerabilities and modes of collecting and exploiting personal information. From mobile phone banking to email and social media interaction, opportunities for phishing, ransomware, cryptocurrency mining and other attacks are endless. Understanding mechanisms for compromising Android and iOS systems is crucial to detecting and preventing security breaches. Check out the Briefings & Training below for an immersive view of mobile device security flaws and how to defend against them:
Fried Apples: Jailbreak DIY provides steps for building a jailbreak chain including the basic architecture, processes and vulnerabilities. iPhone jailbreaks can be particularly susceptible to manipulation and malware attacks. This Briefing provides the details to the initial arbitrary code execution, sandbox bypassing, kernel address leaking, and persistent code signing bypass to build your own jailbreak. Establish your utility and explore new mitigation tactics and security enhancements added in iOS 10 through this Briefing.
iOS 10 security enhancements include a new notification when users connect to open Wi-Fi networks. Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox describes exactly how iOS devices can be remotely compromised over Wi-Fi without user interaction or complicity. iOS Wi-Fi attacks bypass all built in mitigations and sandboxes. Researchers present the routes to arbitrary code execution outside of the iOS sandbox and discuss a security monitoring framework for safeguarding operating systems.
Android devices are equally vulnerable to maneuvering. Anti-Plugin: Don't Let Your App Play as an Android Plugin details the Android Plugin Technology which allows users to launch multiple instances of an app but simultaneously allows stored data to be stolen by malicious host and plugin apps. Researchers of this Briefing chronicle the attack method to highlight advanced mitigation tactics and opportunities for reducing exploitability of this feature.
The Android Plugin exemplifies how easily mobile applications can provide inroads to mobile devices and sensitive data. Mobile Application Bootcamp - Journeyman Level teaches the skills to write mobile malware and deploy it on the app stores. Students gain hands-on experience in the end-to-end process of testing for weaknesses, yielding vulnerabilities and conducting modern attacks. The combination of these courses prepares you for mobile device security, with the ability to test and expose threats across iOS and Android platforms.
Arm yourself with the latest techniques and InfoSec discoveries. Check out our Trainings and our Briefings and Register today for Black Hat Asia at Marina Bay Sands in Singapore, March 28-31.