A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Georgia Weidman – Throw It in the River? Towards Real Live Actual Smartphone Security Derbycon 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)

Georgia Weidman – Throw It in the River? Towards Real Live Actual Smartphone Security
Derbycon 2011

Smartphones are hot, like a server from 1995, public ip address (phone number) and sending all it’s data over telnet (unencrypted). Add in apps with your passwords and credit card and, you’ve got a way for a bunch of kids to get famous. This presentation is all about plausible mitigations that smartphone and app providers could adopt to mitigate attacks we’ve seen at conferences and in the wild. Can I completly fix smartphone security in 50 minutes or less? No, but in this talk I address specific risks that have been exploited either in the wild or in previous papers and talks, and discuss ways they can be mitigated given what the smartphones already have going for them. For example did you know most of the data you send over the cell provider network is encoded not encrypted? Yet the base smartphone OS has openssl installed. So here’s some code that provides end to end encrpytion for your text messages without even breaking the telecom SMS specficiations. As for the smartphone that acts like a credit card so you buy your Starbucks, if you want it to be secure, I still say throw it in the river.

Back to Derbycon 2011 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast