SlideShare une entreprise Scribd logo

Blackhat USA Mobile Security Panel 2011

Tyler Shields
Tyler Shields

The document introduces several security researchers across different layers of mobile security including infrastructure, hardware/firmware, operating system, and applications. It provides brief biographies for each researcher highlighting their background, employers, notable presentations and research areas. The document concludes by announcing a debate between the researchers on the riskiest mobile security layer.

Technologie
1  sur  10
Moderator Tyler Shields • Security Researcher • Veracode Inc. • Formerly penetration tester with Symantec and @Stake • Presented at HOPE, Shmoocon, Source, and other industry conferences • Best known for creation of mobile spyware suite for Blackberry devices
Mobile Security Stack Application Security Operating System Security Hardware / Firmware Security Infrastructure Security
Infrastructure Layer Nick DePetrillo • Security Researcher • Crucial Security Inc, Harris Corp • Formerly Security Consultant with Industrial Defender and engineer with Aruba Networks • Best known for recent research on issues in the global telephone network Don Bailey • Security Consultant • iSec Partners • Has presented on topics including stealthy rootkits, 0-day exploit technology, DECT, GSM and embedded security • Best known for recent work on vulnerabilities in embedded architectures and issues with the global telephone network
Hardware / Firmware Layer Ralf-Phillipp Weinmann • PostDoc - Laboratory of Algorithms, Cryptology and Security, University of Luxembourg • Ph.D. from the Technical University of Darmstadt • Best known for Baseband Apocalypse presentation BHDC/CCC • Over-the-air exploitations of memory corruption in GSM/3GPP stacks
Operating System Layer Charlie Miller • Principal Research Consultant • Accuvant Labs • Wrote the first public exploit for both iPhone and Android platforms • Won CanSecWest Pwn2Own for four consecutive years • Author of two infosecurity books • PhD from University of Notre Dame Dino Dai Zovi • Independent Researcher • Regular speaker at industry, academic, and hacker security conferences world wide • Significant research includes rootkit technologies, wireless security, exploit development, and mobile! • Has spoken at BlueHat, CanSecWest, USENIX, Blackhat, and Defcon • Author of “Mac Hackers Handbook” and “The Art of Software Security Testing”
Application Layer Chris Wysopal • CTO and Co-Founder • Veracode, Inc. • Original vulnerability researcher with L0pht Heavy Industries • Testified on Capitol Hill on security topics • Published first advisory in 1996 • Author of “The Art of Software Security Testing” Anthony Lineberry • Security Researcher • Lookout Mobile Security • Previously employed by McAfee, NeuralIO, and has spoke at Defcon and BH USA and Europe • Specializes in reverse engineering, vulnerability research, and advanced exploit development • Assisted with first ever iPhone jailbreak
The Game Rules of Engagement • Twitter - #bhmobile • Questions solicited • Leading up to the event • From each combatant prior to the event • Live from the audience May the riskiest security layer win!
Are You Ready to Rumble
And The Winner IS….

Recommandé

George Delaportas - VEDICOR (Hacking CV)
George Delaportas - VEDICOR (Hacking CV)George Delaportas - VEDICOR (Hacking CV)
George Delaportas - VEDICOR (Hacking CV)
PROBOTEK
 
Resume
ResumeResume
Resume
Timothy Poss
 
Hacking
HackingHacking
Hacking
Haider Akbar
 
Hacking
HackingHacking
Hacking
powerpointking1
 
Hacking (1)
Hacking (1)Hacking (1)
Hacking (1)
rishirvk1995
 
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldJakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Codiax
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentation
drewz lin
 
ISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_Intindolo
John Intindolo
 

Recommandé

George Delaportas - VEDICOR (Hacking CV)
George Delaportas - VEDICOR (Hacking CV)George Delaportas - VEDICOR (Hacking CV)
George Delaportas - VEDICOR (Hacking CV)
PROBOTEK
 
Resume
ResumeResume
Resume
Timothy Poss
 
Hacking
HackingHacking
Hacking
Haider Akbar
 
Hacking
HackingHacking
Hacking
powerpointking1
 
Hacking (1)
Hacking (1)Hacking (1)
Hacking (1)
rishirvk1995
 
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldJakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Codiax
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentation
drewz lin
 
ISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_Intindolo
John Intindolo
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics
Justin Black
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalists
Jillian York
 
IoT security
IoT securityIoT security
IoT security
Abhishek Dwivedi
 
Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010
Agora Group
 
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security DefenceAlex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Pro Mrkt
 
Andrew kozma - security 101 - atlseccon2011
Andrew kozma - security 101 - atlseccon2011Andrew kozma - security 101 - atlseccon2011
Andrew kozma - security 101 - atlseccon2011
Atlantic Security Conference
 
Adam w. mosher - geo tagging - atlseccon2011
Adam w. mosher - geo tagging - atlseccon2011Adam w. mosher - geo tagging - atlseccon2011
Adam w. mosher - geo tagging - atlseccon2011
Atlantic Security Conference
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
Ammar WK
 
IoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - LyleIoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - Lyle
webinos project
 
Loc jack presentation
Loc jack presentationLoc jack presentation
Loc jack presentation
QuestTechnologyIntl
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Binder
nitayart
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
Gianluca Varisco
 
Things Security
Things SecurityThings Security
Things Security
Dony Riyanto
 
CTO Cybersecurity Forum 2013 Atefor Tsefor Conrad
CTO Cybersecurity Forum 2013 Atefor Tsefor ConradCTO Cybersecurity Forum 2013 Atefor Tsefor Conrad
CTO Cybersecurity Forum 2013 Atefor Tsefor Conrad
Commonwealth Telecommunications Organisation
 
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
EASTWEST Public Relations
 
Ethical hacking demo
Ethical hacking demoEthical hacking demo
Ethical hacking demo
Tendai Marengereke
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
Sam Bowne
 
Mbs t18 a
Mbs t18 aMbs t18 a
Mbs t18 a
SelectedPresentations
 
Im260 computer hacking powerpoint
Im260 computer hacking powerpointIm260 computer hacking powerpoint
Im260 computer hacking powerpoint
carlyxxjo55
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
Matthew Rosenquist
 
Understanding and Competing against Blackhat Local SEO tactics
Understanding and Competing against Blackhat Local SEO tacticsUnderstanding and Competing against Blackhat Local SEO tactics
Understanding and Competing against Blackhat Local SEO tactics
Mike Ramsey
 
Your Mind: Legal Status, Rights, and Securing Yourself
Your Mind: Legal Status, Rights, and Securing YourselfYour Mind: Legal Status, Rights, and Securing Yourself
Your Mind: Legal Status, Rights, and Securing Yourself
Tifanija
 

Contenu connexe

Tendances

Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalists
Jillian York
 
Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010
Agora Group
 
IoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - LyleIoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - Lyle
webinos project
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Binder
nitayart
 
CTO Cybersecurity Forum 2013 Atefor Tsefor Conrad
CTO Cybersecurity Forum 2013 Atefor Tsefor ConradCTO Cybersecurity Forum 2013 Atefor Tsefor Conrad
CTO Cybersecurity Forum 2013 Atefor Tsefor Conrad
Commonwealth Telecommunications Organisation
 
Im260 computer hacking powerpoint
Im260 computer hacking powerpointIm260 computer hacking powerpoint
Im260 computer hacking powerpoint
carlyxxjo55
 

Tendances (20)

Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalists
 
IoT security
IoT securityIoT security
IoT security
 
Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010
 
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security DefenceAlex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
 
Andrew kozma - security 101 - atlseccon2011
Andrew kozma - security 101 - atlseccon2011Andrew kozma - security 101 - atlseccon2011
Andrew kozma - security 101 - atlseccon2011
 
Adam w. mosher - geo tagging - atlseccon2011
Adam w. mosher - geo tagging - atlseccon2011Adam w. mosher - geo tagging - atlseccon2011
Adam w. mosher - geo tagging - atlseccon2011
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 
IoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - LyleIoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - Lyle
 
Loc jack presentation
Loc jack presentationLoc jack presentation
Loc jack presentation
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Binder
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
 
Things Security
Things SecurityThings Security
Things Security
 
CTO Cybersecurity Forum 2013 Atefor Tsefor Conrad
CTO Cybersecurity Forum 2013 Atefor Tsefor ConradCTO Cybersecurity Forum 2013 Atefor Tsefor Conrad
CTO Cybersecurity Forum 2013 Atefor Tsefor Conrad
 
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
 
Ethical hacking demo
Ethical hacking demoEthical hacking demo
Ethical hacking demo
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
 
Mbs t18 a
Mbs t18 aMbs t18 a
Mbs t18 a
 
Im260 computer hacking powerpoint
Im260 computer hacking powerpointIm260 computer hacking powerpoint
Im260 computer hacking powerpoint
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
 

En vedette

Understanding and Competing against Blackhat Local SEO tactics
Understanding and Competing against Blackhat Local SEO tacticsUnderstanding and Competing against Blackhat Local SEO tactics
Understanding and Competing against Blackhat Local SEO tactics
Mike Ramsey
 
BlackHat USA 2009 - Your Mind: Legal Status, Rights and Protecting Yourself
BlackHat USA 2009 - Your Mind: Legal Status, Rights and Protecting YourselfBlackHat USA 2009 - Your Mind: Legal Status, Rights and Protecting Yourself
BlackHat USA 2009 - Your Mind: Legal Status, Rights and Protecting Yourself
James Arlen
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Stephan Chenette
 
SearchCon 2016 | Black Hat Tools for White Hat SEO with Jim Kreinbrink, Cade ...
SearchCon 2016 | Black Hat Tools for White Hat SEO with Jim Kreinbrink, Cade ...SearchCon 2016 | Black Hat Tools for White Hat SEO with Jim Kreinbrink, Cade ...
SearchCon 2016 | Black Hat Tools for White Hat SEO with Jim Kreinbrink, Cade ...
SearchCon
 
Bh us-03-ornaghi-valleri
Bh us-03-ornaghi-valleriBh us-03-ornaghi-valleri
Bh us-03-ornaghi-valleri
Hai Nguyen
 
Introduction to Blackhat SEO
Introduction to Blackhat SEOIntroduction to Blackhat SEO
Introduction to Blackhat SEO
Max Ogienko
 
OpenID Security
OpenID SecurityOpenID Security
OpenID Security
eugenet
 

En vedette (20)

Understanding and Competing against Blackhat Local SEO tactics
Understanding and Competing against Blackhat Local SEO tacticsUnderstanding and Competing against Blackhat Local SEO tactics
Understanding and Competing against Blackhat Local SEO tactics
 
Your Mind: Legal Status, Rights, and Securing Yourself
Your Mind: Legal Status, Rights, and Securing YourselfYour Mind: Legal Status, Rights, and Securing Yourself
Your Mind: Legal Status, Rights, and Securing Yourself
 
BlackHat USA 2009 - Your Mind: Legal Status, Rights and Protecting Yourself
BlackHat USA 2009 - Your Mind: Legal Status, Rights and Protecting YourselfBlackHat USA 2009 - Your Mind: Legal Status, Rights and Protecting Yourself
BlackHat USA 2009 - Your Mind: Legal Status, Rights and Protecting Yourself
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
 
SearchCon 2016 | Black Hat Tools for White Hat SEO with Jim Kreinbrink, Cade ...
SearchCon 2016 | Black Hat Tools for White Hat SEO with Jim Kreinbrink, Cade ...SearchCon 2016 | Black Hat Tools for White Hat SEO with Jim Kreinbrink, Cade ...
SearchCon 2016 | Black Hat Tools for White Hat SEO with Jim Kreinbrink, Cade ...
 
Phil Pearce - Blackhat analytics
Phil Pearce - Blackhat analyticsPhil Pearce - Blackhat analytics
Phil Pearce - Blackhat analytics
 
Khoo
KhooKhoo
Khoo
 
Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22
 
Bh us-03-ornaghi-valleri
Bh us-03-ornaghi-valleriBh us-03-ornaghi-valleri
Bh us-03-ornaghi-valleri
 
BlackHat 2014 - xsssniper
BlackHat 2014 - xsssniperBlackHat 2014 - xsssniper
BlackHat 2014 - xsssniper
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
Introduction to Blackhat SEO
Introduction to Blackhat SEOIntroduction to Blackhat SEO
Introduction to Blackhat SEO
 
Blackhat Analytics - DarkScore test to printout
Blackhat Analytics - DarkScore test to printoutBlackhat Analytics - DarkScore test to printout
Blackhat Analytics - DarkScore test to printout
 
Blackhat Analytics 2 @ Superweek
Blackhat Analytics 2 @ SuperweekBlackhat Analytics 2 @ Superweek
Blackhat Analytics 2 @ Superweek
 
Faraday Blackhat 2011 Arsenal
Faraday Blackhat 2011 ArsenalFaraday Blackhat 2011 Arsenal
Faraday Blackhat 2011 Arsenal
 
prestiva_blackhat
prestiva_blackhatprestiva_blackhat
prestiva_blackhat
 
OpenID Security
OpenID SecurityOpenID Security
OpenID Security
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in images
 
Building Trojan Hardware at Home
Building Trojan Hardware at HomeBuilding Trojan Hardware at Home
Building Trojan Hardware at Home
 
Heybe Pentest Automation Toolkit - BlackHat USA 2015
Heybe Pentest Automation Toolkit - BlackHat USA 2015Heybe Pentest Automation Toolkit - BlackHat USA 2015
Heybe Pentest Automation Toolkit - BlackHat USA 2015
 

Similaire à Blackhat USA Mobile Security Panel 2011

Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 

Similaire à Blackhat USA Mobile Security Panel 2011 (20)

Advanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usAdvanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to us
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
ShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdf
 
Bar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 Hacking
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
Snyk investor deck late 2015 short
Snyk investor deck late 2015 shortSnyk investor deck late 2015 short
Snyk investor deck late 2015 short
 
Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
 
Ethical hacking : Beginner to advanced
Ethical hacking : Beginner to advancedEthical hacking : Beginner to advanced
Ethical hacking : Beginner to advanced
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
 
1_Introduction.pdf
1_Introduction.pdf1_Introduction.pdf
1_Introduction.pdf
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

Plus de Tyler Shields

United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
Tyler Shields
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
Tyler Shields
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Tyler Shields
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Tyler Shields
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Tyler Shields
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the Berries
Tyler Shields
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the Berries
Tyler Shields
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application Backdoors
Tyler Shields
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Tyler Shields
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers View
Tyler Shields
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
Tyler Shields
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
Tyler Shields
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More Problems
Tyler Shields
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
Tyler Shields
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
Tyler Shields
 

Plus de Tyler Shields (20)

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile Device
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social Media
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part Deux
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the Berries
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the Berries
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application Backdoors
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers View
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More Problems
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
 

Dernier

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Blackhat USA Mobile Security Panel 2011

  • 1.
  • 2. Moderator Tyler Shields • Security Researcher • Veracode Inc. • Formerly penetration tester with Symantec and @Stake • Presented at HOPE, Shmoocon, Source, and other industry conferences • Best known for creation of mobile spyware suite for Blackberry devices
  • 3. Mobile Security Stack Application Security Operating System Security Hardware / Firmware Security Infrastructure Security
  • 4. Infrastructure Layer Nick DePetrillo • Security Researcher • Crucial Security Inc, Harris Corp • Formerly Security Consultant with Industrial Defender and engineer with Aruba Networks • Best known for recent research on issues in the global telephone network Don Bailey • Security Consultant • iSec Partners • Has presented on topics including stealthy rootkits, 0-day exploit technology, DECT, GSM and embedded security • Best known for recent work on vulnerabilities in embedded architectures and issues with the global telephone network
  • 5. Hardware / Firmware Layer Ralf-Phillipp Weinmann • PostDoc - Laboratory of Algorithms, Cryptology and Security, University of Luxembourg • Ph.D. from the Technical University of Darmstadt • Best known for Baseband Apocalypse presentation BHDC/CCC • Over-the-air exploitations of memory corruption in GSM/3GPP stacks
  • 6. Operating System Layer Charlie Miller • Principal Research Consultant • Accuvant Labs • Wrote the first public exploit for both iPhone and Android platforms • Won CanSecWest Pwn2Own for four consecutive years • Author of two infosecurity books • PhD from University of Notre Dame Dino Dai Zovi • Independent Researcher • Regular speaker at industry, academic, and hacker security conferences world wide • Significant research includes rootkit technologies, wireless security, exploit development, and mobile! • Has spoken at BlueHat, CanSecWest, USENIX, Blackhat, and Defcon • Author of “Mac Hackers Handbook” and “The Art of Software Security Testing”
  • 7. Application Layer Chris Wysopal • CTO and Co-Founder • Veracode, Inc. • Original vulnerability researcher with L0pht Heavy Industries • Testified on Capitol Hill on security topics • Published first advisory in 1996 • Author of “The Art of Software Security Testing” Anthony Lineberry • Security Researcher • Lookout Mobile Security • Previously employed by McAfee, NeuralIO, and has spoke at Defcon and BH USA and Europe • Specializes in reverse engineering, vulnerability research, and advanced exploit development • Assisted with first ever iPhone jailbreak
  • 8. The Game Rules of Engagement • Twitter - #bhmobile • Questions solicited • Leading up to the event • From each combatant prior to the event • Live from the audience May the riskiest security layer win!
  • 9. Are You Ready to Rumble
  • 10. And The Winner IS….