This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR (http://www.iir.co.za/detail.php?e=2389).
Charl was the keynote speaker and presented his insight on the impact of the adoption of mobile devices throughout Africa and the subsequent rise of security related risks. During his talk, he addressed the following:
- Understanding the need for mobile security to be taken seriously in Africa
- Analysing the broader implications for the user and the company
- The types of attacks occurring against mobile devices
- What does the future of mobile security look like and what are the potential threats to users?
- Understanding the particular threats posed by smartphones and other portable devices, e.g. tablets
The presentation can be accessed via link below:
I spoke on iPhone and Android security, demonstrating the ease with which mobile security can be breached and presented some live demos. Below is the agenda of my talk:
- Why everyone rants about SmartPhone security
- Understanding iPhone Application layout
- Decrypting iPhone apps & what can we achieve
- Android Architecture
- Android Permission Model & Sandbox
- Analyzing Android Apps – Deep sea diving
- Practical Attacks on Android
- Demos
- Introducing Manifestor.py
I also released a Python script, Manifestor.py, which can be used by Penetration testers and Android geeks to find permission-based flaws in Android applications. The script is in early stage of development and will be enhanced in near future. A working copy of this script can be downloaded from link below:
http://www.sensepost.com/labs/tools/poc/manifestor
The original presentation can be downloaded from link below: