NowSecure Launches GovAppDB™ and Threat Assessment Service to Support New Federal Mandates for Mobile Security and Privacy

The solution suite enables agencies to quickly access security threat reports, vulnerability information and SBOMs for commercial mobile app supply chain to support federal tracking and reporting mandates from EO, CISA OMB and DoD

NowSecure Launches GovAppDB™ and Threat Assessment Service to Support New Federal Mandates for Mobile Security and Privacy NowSecure Launches GovAppDB™ and Threat Assessment Service to Support New Federal Mandates for Mobile Security and Privacy Show More
magnifying glass icon

Troopers 13 Presentation-Corporate Espionage via Mobile Compromise

The following was written by David Weinstein, Mobile Security Researcher with viaForensics. Troopers was held this year March 11-15th in the beautiful city of Heidelberg, Germany. It was an amazing and intimate event (sold out at 200 attendees) with deeply technical talks focused on education and the goal of “making the world a safer place.”

This year I presented on a mobile security topic titled Corporate Espionage via Mobile Compromise: A Technical Deep Dive. This research demonstrates an exemplar attack against mobile devices, specifically Android, and shows how mobile can be a powerful tool in an attacker’s arsenal. The rich APIs, sensors, and features available to applications on these platforms can rapidly be turned against organizationes, whether they put their head in the sand with mobile security, or chosen to adopt a BYOD strategy that does not take into account the potential risk.

As researchers in this field we know what an attack can look like. Without knowledge of what is possible, it is very difficult to propose solutions that have real impact. Therefore, we must also take into account that attackers will not use more sophisticated techniques than are necessary to win. Like the flow of water or electrical current, the path of least resistance is always taken.

This was a common theme throughout Troopers: don’t fall prey to the media hype, but arm yourself with knowledge. If you’d like to chat more on the topic, connect with me on Twitter – @insitusec.