Black Hat: Mobile Flaws Get Attention
As security professionals converge in Las Vegas for Black Hat USA 2010, July 24-29, conference founder Jeff Moss says interest in mobile vulnerabilities is growing.
At the Black Hat USA 2010 conference, July 24 - 29 in Las Vegas, mobile security won't just be over the air, it'll be in the air. Nowadays, said conference founder Jeff Moss, "it's all mobile all the time. It's like when they introduced Windows 7 or Windows XP -- it's all new. Everybody is trying to figure it out."
Rootkits used to get a lot of attention, but this year there was only one rootkit presentation submitted, Moss says. Of course, a range of security issues will be explored, such as timing attacks and smart grid vulnerabilities. But mobile security problems are seeing a surge of interest.
More Security Insights
- The Business Value of Hybrid Cloud -Based Compromise Intelligence Monitoring and Threat Mitigation
- Organizations Remain Unprepared for DDoS Attacks
Moss says that app stores and the apps themselves are getting more scrutiny from security researchers. People are looking at what it takes to get malicious apps into app stores undetected.
Kevin Mahaffey and John Hering of Lookout Mobile Security will be delving into the security of mobile apps next Wednesday, July 28, in a presentation titled "App Attack: Surviving the Mobile Application Explosion."
Moss recommends a talk that explores the default permissions that apps have on mobile devices. "They allow you to do things you shouldn't do," he explained.
That presentation, "These Aren't the Permissions You're Looking For," also takes place on Wednesday afternoon.
Moss also suggests paying attention to a presentation being given on Wednesday morning that deals with GSM base-station and mobile phone base-band attacks. "These GSM base-band radios are in all the phones and it turns out that the firmware dealing with the radio stuff is not really designed for malicious attack," he said.
There's one mobile phone maker that has stronger radio security than its competitors, but Moss is leaving that revelation for the presenter of the GSM talk.
Perhaps the most highly anticipated talk deals with vulnerabilities in automatic teller machines. The presentation, titled "Jackpotting Automated Teller Machines Redux," is the result of work by Barnaby Jack, director of research at IOActive Labs.