What is effective encryption? How effective is it, really? These are two questions that were the focus of the webinar “Mobile Encryption: The Good, the Bad and the Broken.”
Abstract: Effective encryption is paramount to securing sensitive data on mobile devices given their large attack surface. But how effective is mobile encryption? This session will review five different types of mobile encryption (SSL, disk, keystores, app and containers), demonstrate strengths and weakness in each and provide steps that can be taken to improve mobile encryption.
Andrew Hoog, viaForensics’ CEO, discusses the current state of mobile encryption, including common vulnerabilities and subsequent risks inherent in mobile encryption. He also discusses best practices in alleviating these vulnerabilities to assist you and your developers in creating the most secure mobile applications possible.
Slides and discussions of particular note:
- 2:52 – Five types of mobile encryption
- 5:28 – The good: math works!
- 6:40 – The bad and the broken
- 10:00 – SSL implementation best practices
- 15:00 – SSL proxying
- 17:31 – Android full disk encryption overview
- 20:57 – Android encryption cracked – how we did it
- 22:51 – iOS encryption
- 27:08 – Device encryption solutions
- 32:42 – Encryption keys recovered from RAM
- 37:47 – Question and answer session
- 49:45 – App and container encryption
- 50:40 – Common mobile application encryption fails