Troopers 13 Presentation-Corporate Espionage via Mobile Compromise

The following was written by David Weinstein, Mobile Security Researcher with viaForensics. Troopers was held this year March 11-15th in the beautiful city of Heidelberg, Germany. It was an amazing and intimate event (sold out at 200 attendees) with deeply technical talks focused on education and the goal of “making the world a safer place.”

This year I presented on a mobile security topic titled Corporate Espionage via Mobile Compromise: A Technical Deep Dive. This research demonstrates an exemplar attack against mobile devices, specifically Android, and shows how mobile can be a powerful tool in an attacker’s arsenal. The rich APIs, sensors, and features available to applications on these platforms can rapidly be turned against organizationes, whether they put their head in the sand with mobile security, or chosen to adopt a BYOD strategy that does not take into account the potential risk.

As researchers in this field we know what an attack can look like. Without knowledge of what is possible, it is very difficult to propose solutions that have real impact. Therefore, we must also take into account that attackers will not use more sophisticated techniques than are necessary to win. Like the flow of water or electrical current, the path of least resistance is always taken.

This was a common theme throughout Troopers: don’t fall prey to the media hype, but arm yourself with knowledge. If you’d like to chat more on the topic, connect with me on Twitter – @insitusec.