With Android tablets and phones taking over the market share of the mobile landscape; companies are starting to develop enterprise applications for this. I work for a Home Health company, basically think of visiting nurses. We have a 75% mobile workforce and we migrated our primary platform to Android. Having the need to verify our vendor's claims, I decided to assess the app to make sure my company's information was safe. The application is designed for the mobile staff to sync their work back to the "cloud." What I found was truly alarming. I will walk through my process and discuss my findings and vendor notification process that occurred as a result of my research.

Thomas Richards is an IT professional located in Rochester, NY. He currently is responsible for network and system administration for a medium sized Healthcare company. He has always had an interest in the security field and currently holds the OSCP, OSWP, GPEN, and Security+ certifications. In his spare time he conducts vulnerability research and is an active participant in his local 2600 group.

Big thanks to Damian Profancik for recording these.

Back to Derbycon 2012 video list