A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Physical Drive-By Downloads Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)

Physical Drive-By Downloads
Derbycon 2012

Mobile security is still a fairly young practice, but it’s not unexplored. Over the past few years, there has been plenty of research on mobile threats, such as exploits, malicious applications, and more recently, drive-by downloads. However, there is at least one aspect of security that is lacking documentation, and that is the physical security of the device. One of Android’s great selling points, customization, is also one of its weakest in terms of security. While recent versions of Android support drive encryption, and even remote wipe, these defenses still can’t protect you from a physical attack that you didn’t even realize happened — especially if that phones other defenses have already been weakened by its owner.

And that’s exactly what this talk intend to do: teach you how to successfully conduct a “physical drive-by download” on a device; and in some cases, one that may only be accessible for a single minute.

Kyle “kos” Osborn

Kyle ‘Kos’ Osborn specializes in network penetration, web application security, and mobile research. He plays a bad guy at the Western Regional Collegiate Cyber Defense Competition, and has developed a CTF, with his team, for the United States Cyber Challenge “Cyber Camps”, where a number of campers competed in. Osborn has previously discussed browser and mobile security at other conferences such as BlackHat USA, DefCon, Toorcon, ThotCon, and TakeDownCon.

Back to Derbycon 2012 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast