NowSecure Connect — THE mobile AppSec + AppDev community online event — returns with new content and the latest training. Join the world’s brightest innovators, practitioners, community leaders, and industry influencers LIVE online for in-depth training, discussions, strategy sessions, CTF and more. Gain access to keynotes, exclusive breakouts, expert panels, on-demand sessions, plus an interactive peer-to-peer community. #NSConnect22 is your source for cutting-edge mobile AppDev, mobile AppSec and mobile DevSecOps insight. Register your crew today!

magnifying glass icon

Recon 2012 – GPUs for Mobile Malware, Mitigation and More – June 6, 2012

The following presentation was delivered by Jared Carlson at REcon 2012 on June 6, 2012.

GPUs for Mobile Malware, Mitigation and More

Thinking outside-the-CPU

This talk will discuss how to leverage processors outside of the CPU for both defensive and offensive techniques. In particular I’ll discuss GPU capabilities for Mobile in iOS and Android. Source code will be distributed and we’ll walk through a variety of techniques available right now and for the future.

This presentation revolves around thinking outside of the CPU for cyber techniques – both offensive and defensive. In particular with mobile devices we’re seeing very tight integration between CPUs and GPUs. We will discuss how to use these chips right now, how they could be used in the future and what is likely to develop. We’ll cover how and why signature verifications on a mobile GPU might be beneficial, how to perform dynamic disassembly, perform encryption as well as decryption and tracking memory. While each of these algorithms is interesting, the central point is to understand the architecture and how it’s evolving. Many of the security implications of non-CPU development have not been realized for cyber tasking. We’ll discuss some interesting points of the architecture for Android and iOS, alternating between the attacker and defender mindsets. This means we’ll be comparing both hardware and software design choices, as well as outside influences.

You should walk away with a strong understanding of how to expand your attack or defensive surface on a mobile device and most importantly, with a sense of what to listen for in upcoming mobile hardware and software developments by the various vendors. If you want a little outside-the-CPU thinking and learn where mobile is being pushed, you’ll enjoy this presentation.

For more information on content contained within the presentation, please visit Jared’s github page: GPU Malware