Tag Archives: jailbreaking

SANS Mobile Device Security Summit Recap

2
Filed under Mobile Security
Tagged as , , , , , , , , ,

Just a quick post about the SANS Mobile Device Security Summit that I participated in.  Kudos to Kevin Johnson and Tony DeLaGrange from Secure Ideas for helping organize and lead the event.  They did a great job!  If you’ve been to SANS events in the past I assure you that this was much different.  First, there was a great line up which included Rafal Los (HP), Jack Mannino (nVisium Security), Chris Cuevas (Secure Ideas), John Sawyer (InGuardians), Josh Feinblum (The Advisory Board Company) and Daniel Miessler (HP ShadowLabs) to name a few.  Having a lineup of great speakers really made the summit flow as well as it did.

What I liked most about this event was that there were plenty of “real world” talks on how enterprises are deploying and managing mobile deployments.  Real in the “trenches” types of talks.  Here are some of the themes that I heard throughout all the talks:

  • Jailbreaking/Rooting is BAD
  • The OWASP Mobile Top 10 is going to be just as important as the traditional web application OWASP Top 10
  • Mobile Threats are an evolving, moving target.  Security teams have to be quick to adapt to new mobile technology
  • MDM (Mobile Device Management Solutions) are a requirement
  • Apple iOS devices are preferred over Android in the enterprise (seriously, that was the consensus).  No one seems to care about BlackBerry or Windows Mobile devices.  I think only one speaker mentioned Windows Mobile…

Speaking to the last point I find this pretty interesting.  Especially given the fact that Android seems to be beating Apple in regards to market share of devices and app store apps.  I also enjoyed hearing about some of the challenges and pitfalls real IT and security departments are facing.  Many of the speakers talked about some best practices they’ve developed and problems they’ve had.  One of the highlights for me was a talk by Det. Cindy Murphy from the Madison WI Police Department Computer Forensics Unit.  She shared some of her experiences with mobile device forensics and how this evidence holds up in court.  I highly recommend you check out this summit next year, it’s one not to miss!

I should have my slides from the latest version of my talk that I gave at the summit (Attacking & Defending Apple iOS Devices in the Enterprise) in the next day or so.

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Attacking and Defending Apple iOS Devices Presentation

0
Filed under Apple, Mobile Security, Penetration Testing
Tagged as , , , , , ,

Last week I spoke at the Central Ohio ISSA Conference about Attacking and Defending Apple IOS Devices.  This talk was based on information gathered from several of the mobile pentests that I conducted at SecureState.  I’ll be working on more research that will be going into an white paper that I will hopefully be releasing in the next few months.  You can find my slides on SlideShare below and watch the video graciously recorded by Iron Geek.

UPDATE (5/27): I found a very nice script by Patrick Toomey which can dump the contents of the keychain on Jailbroken iOS devices.  More details about how the script runs can be found in this blog post.  Note that the type of information you get back depends if the passcode is enabled or not.  You will get more keychain entries back if the passcode is not enabled.  I had mentioned in my presentation that I hadn’t found a script to do this yet…well here it is. :-)


Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS