NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY!

NowSecure Connect — THE mobile AppSec + AppDev community online event — returns with new content and the latest training. Join the world’s brightest innovators, practitioners, community leaders, and industry influencers LIVE online for in-depth training, discussions, strategy sessions, CTF and more. Gain access to keynotes, exclusive breakouts, expert panels, on-demand sessions, plus an interactive peer-to-peer community. #NSConnect22 is your source for cutting-edge mobile AppDev, mobile AppSec and mobile DevSecOps insight. Register your crew today!

NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY! NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY! Show More
magnifying glass icon

Troopers 13 Presentation-Corporate Espionage via Mobile Compromise

The following was written by David Weinstein, Mobile Security Researcher with viaForensics. Troopers was held this year March 11-15th in the beautiful city of Heidelberg, Germany. It was an amazing and intimate event (sold out at 200 attendees) with deeply technical talks focused on education and the goal of “making the world a safer place.”

This year I presented on a mobile security topic titled Corporate Espionage via Mobile Compromise: A Technical Deep Dive. This research demonstrates an exemplar attack against mobile devices, specifically Android, and shows how mobile can be a powerful tool in an attacker’s arsenal. The rich APIs, sensors, and features available to applications on these platforms can rapidly be turned against organizationes, whether they put their head in the sand with mobile security, or chosen to adopt a BYOD strategy that does not take into account the potential risk.

As researchers in this field we know what an attack can look like. Without knowledge of what is possible, it is very difficult to propose solutions that have real impact. Therefore, we must also take into account that attackers will not use more sophisticated techniques than are necessary to win. Like the flow of water or electrical current, the path of least resistance is always taken.

This was a common theme throughout Troopers: don’t fall prey to the media hype, but arm yourself with knowledge. If you’d like to chat more on the topic, connect with me on Twitter – @insitusec.