SlideShare a Scribd company logo

(Pdf) yury chemerkin _confidence_2013

STO STRATEGY
STO STRATEGY
Technology
1 of 23
Download to read offline
VULNERABILITY ELIMINATION BY FORCE OF NEW MOBILE OS SECURITY RESEARCHER / PhD. YURY CHEMERKIN CONFidence‘2013
[ Yury Chemerkin ] www.linkedin.com/in/yurychemerkin http://sto-strategy.com  Experienced in :  Reverse Engineering & AV  Software Programming & Documentation  Mobile Security and MDM  Cyber Security & Cloud Security  Compliance & Transparency  and Security Writing  Hakin9 Magazine, PenTest Magazine, eForensics Magazine,  Groteck Business Media  Participation at conferences  InfoSecurityRussia, NullCon, AthCon, PHDays  CYBERCRIME FORUM, Cyber Intelligence Europe/Intelligence-Sec  ICITST, CyberTimes, ITA, I-Society yury.chemerkin@gmail.com
BLACKBERRY SECURITY ENVIRONMENT BLACKBERRY EVALUATESEVERY REQUEST THAT AN APPLICATION MAKES TO ACCESS A CAPABILITY BLACKBERRY ENTERPRISE SERVICE HELPS MANAGE AND PROTECT BLACKBERRY, IOS, AND ANDROID DEVICES. UNIFIED COMMUNICATION AND COLLABORATION SOFTWARE DESIGNED TO HELP PROTECT DATA THAT IS IN TRANSIT AT ALL POINTS AS WELL IS IN MEMORY AND STORAGE ENHANCED BY A CONTROL OF THE BEHAVIOR OF THE DEVICE PROTECTION OF APPLICATION DATA USING SANDBOXING MANAGEMENT OF PERMISSIONS TO ACCESS CAPABILITIES BB EVALUATES EVERY REQUEST THAT APP MAKES – BUT LEAD AWAY FROM ANY DETAILS AND APIs
KNOWN ISSUES MALWARE BOUNDSBECOME UNCLEAR…  BLACKBERRY HANDLES SEVERAL TECHNOLOGIES  NATIVE  BLACKBERRY 10, BLACKBERY PLAYBOOK  OLD BLACKBERRY DEVICES  THIRD PARTY  ADOBE AIR FOR NEW BB DEVICES  ANDROID APPLICATIONS & DEVICES  IOS DEVICES  ALL CONTROLLED OBJECTS ARE LIMITED BY    SANDBOX PERMISSIONS SECURITY FEATURES ON DEVICEs & MDMs COMPLIANCE BRINGS USELESS RECOMMENDATIONS  USER-MODE MALWARE    SPYWARE ROOTKITS EXPLOTS & ATTACKS  REVERSING NETWORK LAYER  PARTIALLY RECOVERING DATA VS. SANBOX  MDM vs. COMPLIANCE    A FEW RECOMMENDATIONS SET IS LESSER THAN SET OF MDM FEATURES YOUNG STANDARDS  FIRST REVISIONS  DRAFT REVISIONS
BLACKBERRY CAPABILITES - ANDROID CONTROLLEDFOUR GROUPSONLY by BlackBerry  CAMERA AND VIDEO  HIDE THE DEFAULT CAMERA APPLICATION  PASSWORD  DEFINE PASSWORD PROPERTIES  REQUIRE LETTERS (incl. case)  REQUIRE NUMBERS  REQUIRE SPECIAL CHARACTERS  DELETE DATA AND APPLICATIONS FROM THE DEVICE AFTER  INCORRECT PASSWORD ATTEMPTS  DEVICE PASSWORD  ENABLE AUTO-LOCK CONTROLLED 74 OUT 200 APIs ONLY by Android     LIMIT PASSWORD AGE LIMIT PASSWORD HISTORY RESTRICT PASSWORD LENGTH MINIMUM LENGTH FOR THE DEVICE PASSWORD THAT IS ALLOWED  ENCRYPTION  APPLY ENCRYPTION RULES  ENCRYPT INTERNAL DEVICE STORAGE  TOUCHDOWN SUPPORT  MICROSOFT EXCHANGE SYNCHRONIZATION  EMAIL PROFILES  ACTIVESYNC
BLACKBERRY CAPABILITES - iOS CONTROLLED16 GROUPS ONLY by BlackBerry   BROWSER   that‘s QUITE SIMLIAR to APPLE MDM SOLUTIONS DEFAULT APP, AUTOFILL, COOKIES, JAVASCRIPT, POPUPS MESSAGING (DEFAULT APP)   BACKUP / DOCUMENT PICTURE / SHARING ONLINE STORE  CAMERA, VIDEO, VIDEO CONF  CERTIFICATES (UNTRUSTED CERTs)  MESSAGING (DEFAULT APP)  CLOUD SERVICES  PASSWORD (THE SAME WITH ANDROID, NEW BLACKBERRY DEVICES)  PHONE AND MESSAGING (VOICE DIALING)  CONNECTIVITY      OUTPUT, SCREEN CAPTURE, DEFAULT APP BACKUP / DOCUMENT / PICTURE / SHARING ONLINE STORES , PURCHASES, PASSWORD DEFAULT STORE / BOOK / MUSIC APP  PROFILE & CERTs (INTERACTIVE INSTALLATION) NETWORK, WIRELESS, ROAMING DATA, VOICE WHEN ROAMING  SOCIAL (DEFAULT APP) CONTENT (incl. EXPLICIT) RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS    CONTENT      DIAGNOSTICS AND USAGE (SUBMISSION LOGS) STORAGE AND BACKUP   SOCIAL APPS / GAMING / ADDING FRIENDS / MULTI-PLAYER DEFAULT SOCIAL-GAMING / SOCIAL-VIDEO APPS DEVICE BACKUP AND ENCRYPTION VOICE ASSISTANT (DEFAULT APP)
BLACKBERRY CAPABILITES – BLACKBERRY (QNX) CONTROLLED7 GROUPS ONLY by BlackBerry  that‘s NOT ENOUGH TO MANAGE ALL APIs     GENERAL   MOBILE HOTSPOT AND TETHERING PLANS APP, APPWORLD  PASSWORD (THE SAME WITH ANDROID, iOS)  BES MANAGEMENT (SMARTPHONES, TABLETS)  SOFTWARE      OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE BBM VIDEO ACCESS TO WORK NETWORK VIDEO CHAT APP USES ORGANIZATION’S WI-FI/VPN NETWORK SECURITY       CERTIFICATES & CIPHERS & S/MIME HASH & ENCRYPTION ALGS AND KEY PARAMS TASK/MEMO/CALENDAR/CONTACT/DAYS SYNC WI-FI PROFILES    WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE VOICE CONTROL & DICTATION IN WORK & USER APPS BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE PC ACCESS TO WORK & PERSONAL SPACE (USB, BT) PERSONAL SPACE DATA ENCRYPTION EMAIL PROFILES     NETWORK ACCESS CONTROL FOR WORK APPS PERSONAL APPS ACCESS TO WORK CONTACTS SHARE WORK DATA DURING BBM VIDEO SCREEN SHARING WORK DOMAINS, WORK NETWORK USAGE FOR PERSONAL APPS ACCESS POINT, DEFAULT GATEWAY, DHCP, IPV6, SSID, IP ADDRESS PROXY PASSWORD/PORT/SERVER/SUBNET MASK VPN PROFILES    PROXY, SCEP, AUTH PROFILE PARAMS TOKENS, IKE, IPSEC OTHER PARAMS PROXY PORTS, USERNAME, OTHER PARAMS
BLACKBERRY CAPABILITES – BLACKBERRY (OLD) INCREDIBLE AMOUNT OF GROUPS, UNITS AND PERMISSIONS ARE CONTROLELD BY MDM AND DEVICE     THERE 55 GROUPS CONTROLLED IN ALL EACH GROUP CONTAINS FROM 10 TO 30 UNITS ARE CONTROLLED TOO EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs INSTEAD OF A WAY ‘DISABLE/ENABLED & HIDE/UNHIDE’ EACH EVENT IS  CONTROLLED BY CERTAIN PERMISSION  ALLOWED TO CONTROL BY SIMILAR PERMISSIONS TO BE MORE FLEXIBLE  DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME MORE THAN OTHER DOCUMENTS  EACH UNIT CAN’T CONTROL ACTIVITY UNDER ITSELF  ‘CREATE, READ, WRITE/SAVE, SEND, DELETE’ ACTIONS IN REGARDS TO MESSAGES LEAD TO SPOOFING BY REQUESTING A ‘MESSAGE’ PERMISSION ONLY  SOME PERMISSIONS AREN’T REQUIRED (TO DELETE ANY OTHER APP)  SOME PERMISSIONS ARE RELATED TO APP, WHICH 3RD PARTY PLUGIN WAS EMBEDDED IN, INSTEAD OF THAT PLUGIN
BlackBerry MDM 100 120 1100 90 80 100 80,00 70 60 800 55 50 600 38,46 10,26 31,82 40 16 16 30 49 20 5 20 7 4 4 200 80 10 0 7 400 BlackBerry Old iOS BlackBerry QNX Android Quantity of Groups 55 16 7 4 Average perm per group 20 5 7 4 Efficiency 80,00 38,46 31,82 10,26 Totall permissions 1100 80 49 16 Quantity of Groups Average perm per group Efficiency Totall permissions 0
ISSUES : USELESS SOLUTIONS - I USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE  OLD BB: MERGING PERMISSIONS INTO GROUPS  ‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ SEPARATED (PREVIOUS BB)  ‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ MERGED INTO ONE UNIT (LATEST BB)  QNX-BB: SCREEN CAPTURE  IS ALLOWED VIA HARDWARE BUTTONS ONLY  NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES  LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGGERS  OLD BB: NO SANBOX HAS NEVER BEEN ANNOUNCED  ALL DATA ACCESSIBLE EXCEPT APP & SYSTEM DATA DUE TO GENERAL PERMISSION  QNX-BB: OFFICIALLY ANNOUNCED SANDBOX  MALWARE IS A PERSONAL APPLICATION SUBTYPE IN TERMS OF BLACKBERRY’s SECURITY  SANDBOX PROTECTS ONLY APP DATA, WHILE USER DATA STORED IN SHARED FOLDERS
ISSUES : USELESS SOLUTIONS - II USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE  OLD BB: SECURE & INSECURE IM CHATS IN THE SAME TIME  HAS ENCRYPTED COMMUNICATION SESSIONS  STORE CHAT COVERSATION IN PLAIN TEXT WITHOUT ENCRYPTION (EVEN BBM)  INACCESSIBLE FROM THE DEVICE BECAUSE OF UNKNOWN FILE TYPE (.CSV)  UPGRADE FEATURE AFFECT EVERYTHING   UPDATE APP THAT CALLS THIS API – USE GENERAL API REMOVE APP THAT CALLS THIS APPS – USE GENERAL API  REMOVE ANY OTHER APP UNDER THE SAME API WITHOUT NOTIFICATION  HANDLE WITH PC TOOLS ON OLD BB DEVICES WITHOUT DEBUG / DEVELOPMENT MODE  OLD BB: CLIPBOARD (HAS NEVER EXISTED ANYWHERE AND MIGHT HAVE EVER)   REVEAL THE DATA IN REAL TIME BY ONE API CALL NATIVE WALLETS PROTECTS BY RETURNING NJULL  WHILE THE ON TOP || JUST MINIMIZE OR CLOSE IT TO GET FULL ACCESS  EVERY USER CASE MUST MINIMIZE APP TO PASTE A PASSWORD
ISSUES : USELESS SOLUTIONS – III THE GUI EXPLOITATION (OLD BB) –NATIVE APPs  INITIALLY BASED ON AUTHORIZED API COVERED   ALL PHYSICAL & NAVIGATION BUTTONS  TYPING TEXTUAL DATA, AFFECT ALL APPs SECONDARY BASED ON ADDING THE MENU ITEMS   INTO THE GLOBAL / “SEND VIA” MENU  AFFECT ALL NATIVE APPLICATIONS NATIVE APPs ARE DEVELOPED BY BLACKBERRY   WALLETS, SOCIAL, SETTINGS, IMs,… GUI EXPLOITATION      REDRAWING THE SCREENS GRABBING THE TEXT FROM ANY FIELDs (INCL. PASSWORD FIELD) ADDING, REMOVING THE FIELD DATA ORIGINAL DATA IS INACCESSIBLE BUT NOT AFFECTED ADDING GUI OBJECTS BUT NOT SHUFFLING 3RD PARTY SECURE SOLITUINS RUIN THE SECURITY  KASPERSKY MOBILE SECURITY PROVIDES    FIREWALL, WIPE, BLOCK, INFO FEATURES NO PROTECTION FROM REMOVING.CODs & UNDER SIMULATOR  EXAMING THE TRAFFIC, BEHAVIOUR  JUST SHOULD CHECK API “IS SIMULATOR” ONLY SMS MANAGEMENT VIA “QUITE” SECRET SMS  PASSWORD IS 4–16 DIGITS,AND MODIFIED IN REAL-TIME  SMS IS A HALF A HASH VALUE OF GOST R 34.11-94  IMPLEMENTATION USES TEST CRYPTO VALUES AND NO SALT  TABLES (VALUEHASH) ARE EASY BUILT  OUTCOMING SMS CAN BE SPOOFED WITHOUT ANY NOTIFICATION, BECAUSE KMS DELETE THE SENT MESSAGES  OUTCOMING SMS BLOCK/WIPE THE SAME/ANOTHERDEVICE
CONCLUSION - I PRIVILEGEDGENERAL PERMISSIONS OWN APPs, NATIVE & 3RD PARTY APPs FEATURES  DENIAL OF SERVICE  GENERAL PERMISSIONS  REPLACING/REMOVING EXEC FILES  DOS’ing EVENTs, NOISING FIELDS  GUI INTERCEPT  INFORMATION DISCLOSURE  INSTEAD OF SPECIFIC SUB-PERMISSIONS  A FEW NOTIFICATION/EVENT LOGs FOR USER  BUILT PER APPLICATION INSTEAD OF APP SCREENs  CONCRETE PERMISSIONS  CLIPBOARD, SCREEN CAPTURE  GUI INTERCEPT  DUMPING .COD FILES, SHARED FILES  MITM (INTERCEPTION / SPOOFING)    MESSAGES GUI INTERCEPT, THIRD PARTY APPs FAKE WINDOW/CLICKJACKING   BUT COMBINED INTO GENERAL PERMISSION A SCREENSHOT PERMISSION IS PART OF THE CAMERA  GENERAL PERMISSIONS    INSTEAD OF SPECIFIC SUB-PERMISSIONS A FEW NOTIFICATION/EVENT LOGs FOR USER BUILT PER APPLICATION INSTEAD OF APP SCREENs
CONCLUSION - II THE VENDOR SECURITY VISION              HAS NOTHING WITH REALITY AGGRAVATEDBY SIMPLICITY SIMPLIFICATION AND REDUCING SECURITY CONTROLS MANY GENERAL PERMISSIONS AND COMBINED INTO EACH OTHER NO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY ANY SECURITY VULNERABILITY ARE ONLY FIXED BY ENTIRELY NEW AND DIFFERENT OS / KERNEL A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS THE SANDBOX PROTECT ONLY APPLICATION DATA USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANCE OF AVAILABILITY MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY THE NATIVE SPOOFING AND INTERCEPTION FEATURES BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUCH THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PERMISSION LIST
Q&A

Recommended

(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013STO STRATEGY
 
BehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareBehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareNeil Costigan
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
NWSLTR_Volume7_Issue1
NWSLTR_Volume7_Issue1NWSLTR_Volume7_Issue1
NWSLTR_Volume7_Issue1Charles Klondike
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
 
Arkami product overview
Arkami product overviewArkami product overview
Arkami product overviewMark Thacker
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 

Recommended

(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013STO STRATEGY
 
BehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareBehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareNeil Costigan
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
NWSLTR_Volume7_Issue1
NWSLTR_Volume7_Issue1NWSLTR_Volume7_Issue1
NWSLTR_Volume7_Issue1Charles Klondike
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
 
Arkami product overview
Arkami product overviewArkami product overview
Arkami product overviewMark Thacker
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
Gambling
GamblingGambling
GamblingHai Nguyen
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
afam_portfolio
afam_portfolioafam_portfolio
afam_portfolioOkonkwo Afam
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPriyanka Aash
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoTPaul Madsen
 
raonsecure_en_min
raonsecure_en_minraonsecure_en_min
raonsecure_en_minMatthew Shin
 
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerFaux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerShakacon
 
Presentation1
Presentation1Presentation1
Presentation1Siri Devarapalli
 
SecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise BrochureSecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise BrochureBlackBerry
 
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul MadsenCIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul MadsenCloudIDSummit
 
Digital jewellery ppt
Digital jewellery pptDigital jewellery ppt
Digital jewellery pptRithu Pudiyaveedu
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Digital Jewellery compiled by Anshika Nigam
Digital Jewellery compiled by Anshika NigamDigital Jewellery compiled by Anshika Nigam
Digital Jewellery compiled by Anshika NigamAnshika Nigam
 
Internet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsInternet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsJanusz Chudzynski
 
How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperBlackBerry
 
Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 James Wu
 
Digital jewellery
Digital jewelleryDigital jewellery
Digital jewelleryGayathri Gayi
 
TECHNOLOGY: ADVANTAGES AND DISADVANTAGES
TECHNOLOGY: ADVANTAGES AND DISADVANTAGESTECHNOLOGY: ADVANTAGES AND DISADVANTAGES
TECHNOLOGY: ADVANTAGES AND DISADVANTAGESEloisamay
 
Presentation1
Presentation1Presentation1
Presentation1virdiana lawliet
 
ImagineWall from Soloten
ImagineWall from SolotenImagineWall from Soloten
ImagineWall from SolotenSoloten
 
Korean joseki-dictionary
Korean joseki-dictionaryKorean joseki-dictionary
Korean joseki-dictionaryvietgohn
 
EmakumeEkin en Be the Change
EmakumeEkin en Be the ChangeEmakumeEkin en Be the Change
EmakumeEkin en Be the ChangeEmakumeEkin
 

More Related Content

What's hot

Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPriyanka Aash
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoTPaul Madsen
 
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerFaux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerShakacon
 
SecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise BrochureSecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise BrochureBlackBerry
 
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul MadsenCIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul MadsenCloudIDSummit
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Digital Jewellery compiled by Anshika Nigam
Digital Jewellery compiled by Anshika NigamDigital Jewellery compiled by Anshika Nigam
Digital Jewellery compiled by Anshika NigamAnshika Nigam
 
Internet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsInternet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsJanusz Chudzynski
 
How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperBlackBerry
 
Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 James Wu
 
TECHNOLOGY: ADVANTAGES AND DISADVANTAGES
TECHNOLOGY: ADVANTAGES AND DISADVANTAGESTECHNOLOGY: ADVANTAGES AND DISADVANTAGES
TECHNOLOGY: ADVANTAGES AND DISADVANTAGESEloisamay
 

What's hot (18)

Gambling
GamblingGambling
Gambling
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]
 
afam_portfolio
afam_portfolioafam_portfolio
afam_portfolio
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
 
raonsecure_en_min
raonsecure_en_minraonsecure_en_min
raonsecure_en_min
 
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerFaux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
 
Presentation1
Presentation1Presentation1
Presentation1
 
SecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise BrochureSecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise Brochure
 
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul MadsenCIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
 
Digital jewellery ppt
Digital jewellery pptDigital jewellery ppt
Digital jewellery ppt
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Digital Jewellery compiled by Anshika Nigam
Digital Jewellery compiled by Anshika NigamDigital Jewellery compiled by Anshika Nigam
Digital Jewellery compiled by Anshika Nigam
 
Internet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsInternet of things, and rise of ibeacons
Internet of things, and rise of ibeacons
 
How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White Paper
 
Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014
 
Digital jewellery
Digital jewelleryDigital jewellery
Digital jewellery
 
TECHNOLOGY: ADVANTAGES AND DISADVANTAGES
TECHNOLOGY: ADVANTAGES AND DISADVANTAGESTECHNOLOGY: ADVANTAGES AND DISADVANTAGES
TECHNOLOGY: ADVANTAGES AND DISADVANTAGES
 

Viewers also liked

ImagineWall from Soloten
ImagineWall from SolotenImagineWall from Soloten
ImagineWall from SolotenSoloten
 
Korean joseki-dictionary
Korean joseki-dictionaryKorean joseki-dictionary
Korean joseki-dictionaryvietgohn
 
EmakumeEkin en Be the Change
EmakumeEkin en Be the ChangeEmakumeEkin en Be the Change
EmakumeEkin en Be the ChangeEmakumeEkin
 
SoloLoyalty Programmes
SoloLoyalty ProgrammesSoloLoyalty Programmes
SoloLoyalty ProgrammesSoloten
 
NU Research Report #1
NU Research Report #1NU Research Report #1
NU Research Report #1Drew West
 
Solo EPM
Solo EPMSolo EPM
Solo EPMSoloten
 
Power pointhehd806 grp3
Power pointhehd806 grp3Power pointhehd806 grp3
Power pointhehd806 grp3SaMaria Hughes
 
Solo MedRep
Solo MedRepSolo MedRep
Solo MedRepSoloten
 
Gianluca & jake changes to planning
Gianluca & jake changes to planningGianluca & jake changes to planning
Gianluca & jake changes to planninggmisso33
 
Network +شهادة
Network +شهادةNetwork +شهادة
Network +شهادةsaif33
 

Viewers also liked (13)

Presentation1
Presentation1Presentation1
Presentation1
 
ImagineWall from Soloten
ImagineWall from SolotenImagineWall from Soloten
ImagineWall from Soloten
 
Korean joseki-dictionary
Korean joseki-dictionaryKorean joseki-dictionary
Korean joseki-dictionary
 
EmakumeEkin en Be the Change
EmakumeEkin en Be the ChangeEmakumeEkin en Be the Change
EmakumeEkin en Be the Change
 
SoloLoyalty Programmes
SoloLoyalty ProgrammesSoloLoyalty Programmes
SoloLoyalty Programmes
 
NU Research Report #1
NU Research Report #1NU Research Report #1
NU Research Report #1
 
Solo EPM
Solo EPMSolo EPM
Solo EPM
 
Power pointhehd806 grp3
Power pointhehd806 grp3Power pointhehd806 grp3
Power pointhehd806 grp3
 
Slide nahu (2)
Slide nahu (2)Slide nahu (2)
Slide nahu (2)
 
Solo MedRep
Solo MedRepSolo MedRep
Solo MedRep
 
2 tazas de café
2 tazas de café2 tazas de café
2 tazas de café
 
Gianluca & jake changes to planning
Gianluca & jake changes to planningGianluca & jake changes to planning
Gianluca & jake changes to planning
 
Network +شهادة
Network +شهادةNetwork +شهادة
Network +شهادة
 

Similar to (Pdf) yury chemerkin _confidence_2013

(Pdf) yury chemerkin _icitst_2012
(Pdf) yury chemerkin _icitst_2012(Pdf) yury chemerkin _icitst_2012
(Pdf) yury chemerkin _icitst_2012STO STRATEGY
 
(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013STO STRATEGY
 
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013STO STRATEGY
 
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013STO STRATEGY
 
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013STO STRATEGY
 
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013STO STRATEGY
 
Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012STO STRATEGY
 
6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jaildefconmoscow
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
 
Kl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgKl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgL. Duke Golden
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Satheesh Kumar V
 
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentSecurity as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentȘtefan Popa
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great againEric Larcheveque
 
Micro Technologies India ltd
Micro Technologies India ltdMicro Technologies India ltd
Micro Technologies India ltdNehul Gupta
 

Similar to (Pdf) yury chemerkin _confidence_2013 (20)

(Pdf) yury chemerkin _icitst_2012
(Pdf) yury chemerkin _icitst_2012(Pdf) yury chemerkin _icitst_2012
(Pdf) yury chemerkin _icitst_2012
 
(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013
 
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
 
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013
 
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013
 
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013
 
Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012
 
6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
 
Kl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgKl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktg
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017
 
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentSecurity as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application development
 
Trojan horseofbyod2
Trojan horseofbyod2Trojan horseofbyod2
Trojan horseofbyod2
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great again
 
Micro Technologies India ltd
Micro Technologies India ltdMicro Technologies India ltd
Micro Technologies India ltd
 
black berry
black berryblack berry
black berry
 
Insecure mag-19
Insecure mag-19Insecure mag-19
Insecure mag-19
 

More from STO STRATEGY

(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013STO STRATEGY
 
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedingsSTO STRATEGY
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013STO STRATEGY
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013STO STRATEGY
 
(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013STO STRATEGY
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013STO STRATEGY
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedingsSTO STRATEGY
 
(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011STO STRATEGY
 
Pen test career. how to begin
Pen test career. how to beginPen test career. how to begin
Pen test career. how to beginSTO STRATEGY
 
State of art of mobile forensics
State of art of mobile forensicsState of art of mobile forensics
State of art of mobile forensicsSTO STRATEGY
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security ChallengesSTO STRATEGY
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challengesSTO STRATEGY
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiSTO STRATEGY
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.STO STRATEGY
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesSTO STRATEGY
 
Social network privacy
Social network privacySocial network privacy
Social network privacySTO STRATEGY
 
Interview with yury chemerkin
Interview with yury chemerkinInterview with yury chemerkin
Interview with yury chemerkinSTO STRATEGY
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortressSTO STRATEGY
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
A security system that changed the world
A security system that changed the worldA security system that changed the world
A security system that changed the worldSTO STRATEGY
 

More from STO STRATEGY (20)

(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
 
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013
 
(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings
 
(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011
 
Pen test career. how to begin
Pen test career. how to beginPen test career. how to begin
Pen test career. how to begin
 
State of art of mobile forensics
State of art of mobile forensicsState of art of mobile forensics
State of art of mobile forensics
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security Challenges
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challenges
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniques
 
Social network privacy
Social network privacySocial network privacy
Social network privacy
 
Interview with yury chemerkin
Interview with yury chemerkinInterview with yury chemerkin
Interview with yury chemerkin
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortress
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
A security system that changed the world
A security system that changed the worldA security system that changed the world
A security system that changed the world
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

(Pdf) yury chemerkin _confidence_2013

  • 1. VULNERABILITY ELIMINATION BY FORCE OF NEW MOBILE OS SECURITY RESEARCHER / PhD. YURY CHEMERKIN CONFidence‘2013
  • 2. [ Yury Chemerkin ] www.linkedin.com/in/yurychemerkin http://sto-strategy.com  Experienced in :  Reverse Engineering & AV  Software Programming & Documentation  Mobile Security and MDM  Cyber Security & Cloud Security  Compliance & Transparency  and Security Writing  Hakin9 Magazine, PenTest Magazine, eForensics Magazine,  Groteck Business Media  Participation at conferences  InfoSecurityRussia, NullCon, AthCon, PHDays  CYBERCRIME FORUM, Cyber Intelligence Europe/Intelligence-Sec  ICITST, CyberTimes, ITA, I-Society yury.chemerkin@gmail.com
  • 3. BLACKBERRY SECURITY ENVIRONMENT BLACKBERRY EVALUATESEVERY REQUEST THAT AN APPLICATION MAKES TO ACCESS A CAPABILITY BLACKBERRY ENTERPRISE SERVICE HELPS MANAGE AND PROTECT BLACKBERRY, IOS, AND ANDROID DEVICES. UNIFIED COMMUNICATION AND COLLABORATION SOFTWARE DESIGNED TO HELP PROTECT DATA THAT IS IN TRANSIT AT ALL POINTS AS WELL IS IN MEMORY AND STORAGE ENHANCED BY A CONTROL OF THE BEHAVIOR OF THE DEVICE PROTECTION OF APPLICATION DATA USING SANDBOXING MANAGEMENT OF PERMISSIONS TO ACCESS CAPABILITIES BB EVALUATES EVERY REQUEST THAT APP MAKES – BUT LEAD AWAY FROM ANY DETAILS AND APIs
  • 4. KNOWN ISSUES MALWARE BOUNDSBECOME UNCLEAR…  BLACKBERRY HANDLES SEVERAL TECHNOLOGIES  NATIVE  BLACKBERRY 10, BLACKBERY PLAYBOOK  OLD BLACKBERRY DEVICES  THIRD PARTY  ADOBE AIR FOR NEW BB DEVICES  ANDROID APPLICATIONS & DEVICES  IOS DEVICES  ALL CONTROLLED OBJECTS ARE LIMITED BY    SANDBOX PERMISSIONS SECURITY FEATURES ON DEVICEs & MDMs COMPLIANCE BRINGS USELESS RECOMMENDATIONS  USER-MODE MALWARE    SPYWARE ROOTKITS EXPLOTS & ATTACKS  REVERSING NETWORK LAYER  PARTIALLY RECOVERING DATA VS. SANBOX  MDM vs. COMPLIANCE    A FEW RECOMMENDATIONS SET IS LESSER THAN SET OF MDM FEATURES YOUNG STANDARDS  FIRST REVISIONS  DRAFT REVISIONS
  • 5.
  • 6. BLACKBERRY CAPABILITES - ANDROID CONTROLLEDFOUR GROUPSONLY by BlackBerry  CAMERA AND VIDEO  HIDE THE DEFAULT CAMERA APPLICATION  PASSWORD  DEFINE PASSWORD PROPERTIES  REQUIRE LETTERS (incl. case)  REQUIRE NUMBERS  REQUIRE SPECIAL CHARACTERS  DELETE DATA AND APPLICATIONS FROM THE DEVICE AFTER  INCORRECT PASSWORD ATTEMPTS  DEVICE PASSWORD  ENABLE AUTO-LOCK CONTROLLED 74 OUT 200 APIs ONLY by Android     LIMIT PASSWORD AGE LIMIT PASSWORD HISTORY RESTRICT PASSWORD LENGTH MINIMUM LENGTH FOR THE DEVICE PASSWORD THAT IS ALLOWED  ENCRYPTION  APPLY ENCRYPTION RULES  ENCRYPT INTERNAL DEVICE STORAGE  TOUCHDOWN SUPPORT  MICROSOFT EXCHANGE SYNCHRONIZATION  EMAIL PROFILES  ACTIVESYNC
  • 7.
  • 8. BLACKBERRY CAPABILITES - iOS CONTROLLED16 GROUPS ONLY by BlackBerry   BROWSER   that‘s QUITE SIMLIAR to APPLE MDM SOLUTIONS DEFAULT APP, AUTOFILL, COOKIES, JAVASCRIPT, POPUPS MESSAGING (DEFAULT APP)   BACKUP / DOCUMENT PICTURE / SHARING ONLINE STORE  CAMERA, VIDEO, VIDEO CONF  CERTIFICATES (UNTRUSTED CERTs)  MESSAGING (DEFAULT APP)  CLOUD SERVICES  PASSWORD (THE SAME WITH ANDROID, NEW BLACKBERRY DEVICES)  PHONE AND MESSAGING (VOICE DIALING)  CONNECTIVITY      OUTPUT, SCREEN CAPTURE, DEFAULT APP BACKUP / DOCUMENT / PICTURE / SHARING ONLINE STORES , PURCHASES, PASSWORD DEFAULT STORE / BOOK / MUSIC APP  PROFILE & CERTs (INTERACTIVE INSTALLATION) NETWORK, WIRELESS, ROAMING DATA, VOICE WHEN ROAMING  SOCIAL (DEFAULT APP) CONTENT (incl. EXPLICIT) RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS    CONTENT      DIAGNOSTICS AND USAGE (SUBMISSION LOGS) STORAGE AND BACKUP   SOCIAL APPS / GAMING / ADDING FRIENDS / MULTI-PLAYER DEFAULT SOCIAL-GAMING / SOCIAL-VIDEO APPS DEVICE BACKUP AND ENCRYPTION VOICE ASSISTANT (DEFAULT APP)
  • 9.
  • 10. BLACKBERRY CAPABILITES – BLACKBERRY (QNX) CONTROLLED7 GROUPS ONLY by BlackBerry  that‘s NOT ENOUGH TO MANAGE ALL APIs     GENERAL   MOBILE HOTSPOT AND TETHERING PLANS APP, APPWORLD  PASSWORD (THE SAME WITH ANDROID, iOS)  BES MANAGEMENT (SMARTPHONES, TABLETS)  SOFTWARE      OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE BBM VIDEO ACCESS TO WORK NETWORK VIDEO CHAT APP USES ORGANIZATION’S WI-FI/VPN NETWORK SECURITY       CERTIFICATES & CIPHERS & S/MIME HASH & ENCRYPTION ALGS AND KEY PARAMS TASK/MEMO/CALENDAR/CONTACT/DAYS SYNC WI-FI PROFILES    WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE VOICE CONTROL & DICTATION IN WORK & USER APPS BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE PC ACCESS TO WORK & PERSONAL SPACE (USB, BT) PERSONAL SPACE DATA ENCRYPTION EMAIL PROFILES     NETWORK ACCESS CONTROL FOR WORK APPS PERSONAL APPS ACCESS TO WORK CONTACTS SHARE WORK DATA DURING BBM VIDEO SCREEN SHARING WORK DOMAINS, WORK NETWORK USAGE FOR PERSONAL APPS ACCESS POINT, DEFAULT GATEWAY, DHCP, IPV6, SSID, IP ADDRESS PROXY PASSWORD/PORT/SERVER/SUBNET MASK VPN PROFILES    PROXY, SCEP, AUTH PROFILE PARAMS TOKENS, IKE, IPSEC OTHER PARAMS PROXY PORTS, USERNAME, OTHER PARAMS
  • 11.
  • 12. BLACKBERRY CAPABILITES – BLACKBERRY (OLD) INCREDIBLE AMOUNT OF GROUPS, UNITS AND PERMISSIONS ARE CONTROLELD BY MDM AND DEVICE     THERE 55 GROUPS CONTROLLED IN ALL EACH GROUP CONTAINS FROM 10 TO 30 UNITS ARE CONTROLLED TOO EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs INSTEAD OF A WAY ‘DISABLE/ENABLED & HIDE/UNHIDE’ EACH EVENT IS  CONTROLLED BY CERTAIN PERMISSION  ALLOWED TO CONTROL BY SIMILAR PERMISSIONS TO BE MORE FLEXIBLE  DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME MORE THAN OTHER DOCUMENTS  EACH UNIT CAN’T CONTROL ACTIVITY UNDER ITSELF  ‘CREATE, READ, WRITE/SAVE, SEND, DELETE’ ACTIONS IN REGARDS TO MESSAGES LEAD TO SPOOFING BY REQUESTING A ‘MESSAGE’ PERMISSION ONLY  SOME PERMISSIONS AREN’T REQUIRED (TO DELETE ANY OTHER APP)  SOME PERMISSIONS ARE RELATED TO APP, WHICH 3RD PARTY PLUGIN WAS EMBEDDED IN, INSTEAD OF THAT PLUGIN
  • 13. BlackBerry MDM 100 120 1100 90 80 100 80,00 70 60 800 55 50 600 38,46 10,26 31,82 40 16 16 30 49 20 5 20 7 4 4 200 80 10 0 7 400 BlackBerry Old iOS BlackBerry QNX Android Quantity of Groups 55 16 7 4 Average perm per group 20 5 7 4 Efficiency 80,00 38,46 31,82 10,26 Totall permissions 1100 80 49 16 Quantity of Groups Average perm per group Efficiency Totall permissions 0
  • 14. ISSUES : USELESS SOLUTIONS - I USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE  OLD BB: MERGING PERMISSIONS INTO GROUPS  ‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ SEPARATED (PREVIOUS BB)  ‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ MERGED INTO ONE UNIT (LATEST BB)  QNX-BB: SCREEN CAPTURE  IS ALLOWED VIA HARDWARE BUTTONS ONLY  NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES  LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGGERS  OLD BB: NO SANBOX HAS NEVER BEEN ANNOUNCED  ALL DATA ACCESSIBLE EXCEPT APP & SYSTEM DATA DUE TO GENERAL PERMISSION  QNX-BB: OFFICIALLY ANNOUNCED SANDBOX  MALWARE IS A PERSONAL APPLICATION SUBTYPE IN TERMS OF BLACKBERRY’s SECURITY  SANDBOX PROTECTS ONLY APP DATA, WHILE USER DATA STORED IN SHARED FOLDERS
  • 15. ISSUES : USELESS SOLUTIONS - II USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE  OLD BB: SECURE & INSECURE IM CHATS IN THE SAME TIME  HAS ENCRYPTED COMMUNICATION SESSIONS  STORE CHAT COVERSATION IN PLAIN TEXT WITHOUT ENCRYPTION (EVEN BBM)  INACCESSIBLE FROM THE DEVICE BECAUSE OF UNKNOWN FILE TYPE (.CSV)  UPGRADE FEATURE AFFECT EVERYTHING   UPDATE APP THAT CALLS THIS API – USE GENERAL API REMOVE APP THAT CALLS THIS APPS – USE GENERAL API  REMOVE ANY OTHER APP UNDER THE SAME API WITHOUT NOTIFICATION  HANDLE WITH PC TOOLS ON OLD BB DEVICES WITHOUT DEBUG / DEVELOPMENT MODE  OLD BB: CLIPBOARD (HAS NEVER EXISTED ANYWHERE AND MIGHT HAVE EVER)   REVEAL THE DATA IN REAL TIME BY ONE API CALL NATIVE WALLETS PROTECTS BY RETURNING NJULL  WHILE THE ON TOP || JUST MINIMIZE OR CLOSE IT TO GET FULL ACCESS  EVERY USER CASE MUST MINIMIZE APP TO PASTE A PASSWORD
  • 16.
  • 17. ISSUES : USELESS SOLUTIONS – III THE GUI EXPLOITATION (OLD BB) –NATIVE APPs  INITIALLY BASED ON AUTHORIZED API COVERED   ALL PHYSICAL & NAVIGATION BUTTONS  TYPING TEXTUAL DATA, AFFECT ALL APPs SECONDARY BASED ON ADDING THE MENU ITEMS   INTO THE GLOBAL / “SEND VIA” MENU  AFFECT ALL NATIVE APPLICATIONS NATIVE APPs ARE DEVELOPED BY BLACKBERRY   WALLETS, SOCIAL, SETTINGS, IMs,… GUI EXPLOITATION      REDRAWING THE SCREENS GRABBING THE TEXT FROM ANY FIELDs (INCL. PASSWORD FIELD) ADDING, REMOVING THE FIELD DATA ORIGINAL DATA IS INACCESSIBLE BUT NOT AFFECTED ADDING GUI OBJECTS BUT NOT SHUFFLING 3RD PARTY SECURE SOLITUINS RUIN THE SECURITY  KASPERSKY MOBILE SECURITY PROVIDES    FIREWALL, WIPE, BLOCK, INFO FEATURES NO PROTECTION FROM REMOVING.CODs & UNDER SIMULATOR  EXAMING THE TRAFFIC, BEHAVIOUR  JUST SHOULD CHECK API “IS SIMULATOR” ONLY SMS MANAGEMENT VIA “QUITE” SECRET SMS  PASSWORD IS 4–16 DIGITS,AND MODIFIED IN REAL-TIME  SMS IS A HALF A HASH VALUE OF GOST R 34.11-94  IMPLEMENTATION USES TEST CRYPTO VALUES AND NO SALT  TABLES (VALUEHASH) ARE EASY BUILT  OUTCOMING SMS CAN BE SPOOFED WITHOUT ANY NOTIFICATION, BECAUSE KMS DELETE THE SENT MESSAGES  OUTCOMING SMS BLOCK/WIPE THE SAME/ANOTHERDEVICE
  • 18.
  • 19.
  • 20.
  • 21. CONCLUSION - I PRIVILEGEDGENERAL PERMISSIONS OWN APPs, NATIVE & 3RD PARTY APPs FEATURES  DENIAL OF SERVICE  GENERAL PERMISSIONS  REPLACING/REMOVING EXEC FILES  DOS’ing EVENTs, NOISING FIELDS  GUI INTERCEPT  INFORMATION DISCLOSURE  INSTEAD OF SPECIFIC SUB-PERMISSIONS  A FEW NOTIFICATION/EVENT LOGs FOR USER  BUILT PER APPLICATION INSTEAD OF APP SCREENs  CONCRETE PERMISSIONS  CLIPBOARD, SCREEN CAPTURE  GUI INTERCEPT  DUMPING .COD FILES, SHARED FILES  MITM (INTERCEPTION / SPOOFING)    MESSAGES GUI INTERCEPT, THIRD PARTY APPs FAKE WINDOW/CLICKJACKING   BUT COMBINED INTO GENERAL PERMISSION A SCREENSHOT PERMISSION IS PART OF THE CAMERA  GENERAL PERMISSIONS    INSTEAD OF SPECIFIC SUB-PERMISSIONS A FEW NOTIFICATION/EVENT LOGs FOR USER BUILT PER APPLICATION INSTEAD OF APP SCREENs
  • 22. CONCLUSION - II THE VENDOR SECURITY VISION              HAS NOTHING WITH REALITY AGGRAVATEDBY SIMPLICITY SIMPLIFICATION AND REDUCING SECURITY CONTROLS MANY GENERAL PERMISSIONS AND COMBINED INTO EACH OTHER NO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY ANY SECURITY VULNERABILITY ARE ONLY FIXED BY ENTIRELY NEW AND DIFFERENT OS / KERNEL A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS THE SANDBOX PROTECT ONLY APPLICATION DATA USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANCE OF AVAILABILITY MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY THE NATIVE SPOOFING AND INTERCEPTION FEATURES BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUCH THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PERMISSION LIST
  • 23. Q&A