Dec 2014
1 Mon
2 Tue
3 Wed
4 Thu
5 Fri 08:30 AM – 05:15 PM IST
6 Sat 08:30 AM – 05:15 PM IST
7 Sun
Subho Halder
@sunnyrockzzs
Android App (Vulner)ability
Submitted Oct 22, 2014
Section:
Security – full talks
Technical level:
Intermediate
Most recently, a lot of established companies like Snapchat, Starbucks, Target, Home Depot, etc. have been through a PR disaster. Do you know why? Simply because some attacker out there found a flaw and could exploit it.
The fact is that nobody really thinks about mobile security or data privacy when buying a coffee at Starbucks or while playing Angry Birds. In the rare case that someone even thinks about security, consumers always believe that developers would have taken care of it. They think that the app is from a reputable company and obviously what could possibly go wrong.
This is why it is important for companies and developers to be more proactive rather than reactive when it comes to mobile application security. It is important to retain consumer trust if you want to stay in this game for long.
While there are numerous things to look for under security, I will be talking to developers who can address these issues when building apps.
Outline
Gartner said on Sunday that in 2015, the majority of mobile applications - whether in the Android, iOS or Windows Phone ecosystems - will not have basic business-acceptable security protocols in place. Part of the issue with mobile app security is that employees download apps that access enterprise assets or perform business functions, but the security of the apps is not adequate to protect against attacks or meet the security requirements set out by company policy.
While there are numerous reasons behind mobile applications failing to achieve even the basic level of security, the research shows that 75 percent of mobile security breaches through 2017 will be caused by mobile application misconfigurations, “rather than the outcome of deeply technical attacks on mobile devices.”
This is why it is important for companies and developers to be more proactive rather than reactive when it comes to mobile application security. It is important to retain consumer trust if you want to stay in this game for long.
Speaker bio
Subho Halder (@sunnyrockzzs) is the CoFounder of Appknox by XYSec Labs, where he focusses on Android security research, product development and iOS App pentesting. He also enjoys giving talks and trainings on Android and iOS Exploitation in international conferences. His main expertise include Android Malware Analysis and Reversing, writing automated security tools and Android App Pentesting.
Links
- http://www.clubhack.tv/2012/stand-close-to-me-youre-pwned-owning-smartphones-using-nfc-aditya-gupta-subho-halder/
- http://www.slideshare.net/subho0071/android-security-penetration-testing
Slides
Comments
Hosted by
droidconIN is an annual conference on Android, part of the worldwide series of events.
more
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}