A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data Exfiltration - Gopal Jayaraman BSides San Francisco 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data Exfiltration
Gopal Jayaraman

BSides San Francisco 2015

With the rise of encrypted traffic, more and more companies are deploying SSL inspection platforms to decrypt SSL. Unfortunately, these companies quickly discover that they cannot decrypt all traffic, particularly communications to mobile apps that use certificate pinning. What is certificate pinning? It's a method of preventing Man in the Middle (MitM) attacks by validating server certificates against known, approved certificates or hashes that are bundled with the application. Many mobile applications today, including Twitter, Facebook, and Square, use certificate pinning to detect forged SSL certificates and prevent unauthorized snooping. While this improves user privacy, it also exposes a gaping hole in corporate defenses. Why? Because malicious insiders can use mobile apps like Facebook to share confidential data. Malware can communicate and distribute stolen data and credentials through mobile applications. Researchers have even discovered bots that receive command and control center directives from illicit Twitter accounts. As a result, organizations should inspect traffic from mobile applications. During this presentation, we will propose a way to allow employees to access their favorite mobile applications, while still ensuring that all traffic is inspected for data loss and attacks. With mobile app virtualization, organizations can host mobile apps on centralized servers and monitor file uploads and user activity. The end user experience is nearly identical to native application access. Attend this session to learn how attackers and insiders can use certificate pinning to bypass security controls. Understand trends in cryptography and the implications for IT security.

Gopal Jayaraman is the CEO and co-founder of Sierraware. He established Sierraware with the goal to supply rock-solid and full-featured virtualization and security software to equipment manufacturers all over the world. Prior to Sierraware, Gopal was a Senior Software Architect at Cavium Networks. Gopal previously served as the CTO of Menlo Logic, an SSL VPN company that was acquired by Cavium in 2005. He has held leading engineering roles at communications software and system vendors including Metera Networks and Wind River. A veteran of IP routing and networking, he began his career at FutureSoft specializing in UNIX kernel development and traffic engineering. Gopal is also an active participant in the IETF community. Gopal received an MSEE degree from Madras Institute of Technology in Madras, India.

Back to BSides San Francisco 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast