Corporate Espionage Via Mobile Compromise
It’s become abundantly clear that mobile devices can be highly insecure. But what about using mobile devices as attack vectors? Instead of immediately stealing data on a compromised mobile device, what if the attacker turned the phone into a malicious device, capable of causing chaos once behind a network’s perimeter? Better yet – what about presenting the mobile phone to the host as a keyboard instead of a mobile device, bypassing traditional corporate defenses against USB inputs? These are questions that were highlighted during viaForensics CEO Andrew Hoog’s presentation “Corporate Espionage Via Mobile Compromise” at RSA 2013 in San Francisco. Here’s the official RSA abstract:
Corporate scale cyber espionage is a threat to keeping a leg up on the competition. Mobile phones are increasingly targeted by attackers and can be a powerful tool to gain entry to your company and exfiltrate your intellectual property. We will examine how the ability of the mobile device to operate on either side of corporate boundaries exposes the company to risk.