Owning Your Phone at Every Layer - A Mobile Security Panel

Black Hat USA 2011

Presented by: Don A. Bailey, Dino Dai Zovi, Nick DePetrillo, Anthony Lineberry, Charlie Miller, Tyler Shields, Ralf-Philipp Weinmann, Chris Wysopal
Date: Thursday August 04, 2011
Time: 13:45 - 15:00
Location: Milano I - IV
Track: The Mobile Track

According to IDC, 100 million smartphones were shipped in the fourth quarter of 2010, compared to just 92 million computers. With smartphone growth rates continuing to rise, mobile security is a topic fresh on everyone's mind. Security research in the area of mobile devices has also picked up over the last few years with a diversified attack portfolio targeting every level of the mobile security stack. But which of these attack models is the most dangerous to the enterprise? Which carries the most risk? When will the monetization of mobile attacks REALLY occur? What can an organization do to saves themselves?! These and other interesting mobile security questions will be posed to a panel of top mobile security experts in the world. See what happens when they are asked to defend their turf and attack models as the best.

Don A. Bailey

Don A. Bailey is a Security Consultant with iSEC Partners, Inc. Don has discovered many unknown security vulnerabilities in well used software, analyzed new and proprietary protocols for design and implementation flaws, and helped design and integrate security solutions for up and coming internet software. While Don's primary expertise is in developing exploit technologies, he is also well versed at reverse engineering, fuzzing, enterprise and embedded programming, source code auditing, rootkit detection and design, and network penetration testing. In addition, Don has helped develop and enhance risk management programs for several Fortune 500 companies and has been invited to speak about risk management from a CISO perspective at government organized conferences. For the past six years, Don has presented research at several international security conferences discussing topics such as stealth root-kit design, zero-day exploit technology, DECT, GSM, and embedded security. Most recently, Don spoke at Blackhat Barcelona 2011 and SyScan Singapore 2011 regarding vulnerabilities in embedded architectures and issues in the global telephone network.

Dino Dai Zovi

Dino Dai Zovi is an information security professional, researcher, and author. Mr. Dai Zovi has been working in information security for over 9 years with experience in red teaming, penetration testing, and software security assessments at Sandia National Laboratories, @stake, Bloomberg, and Matasano Security. As an independent researcher, he is a regular speaker at industry, academic, and hacker security conferences including presentations of his research on hardware virtualization assisted rootkits using Intel VT-x, the KARMA wireless client security assessment toolkit, and offensive security techniques and tools at BlackHat USA, Microsoft BlueHat, CanSecWest, the USENIX Workshop on Offensive Technology, and DEFCON. He is a co-author of the books, The Mac Hacker's Handbook (Wiley 2009) and The Art of Software Security Testing (Addison-Wesley, 2006). He is perhaps best known in the security and Mac communities for discovering the vulnerability and writing the exploit to win the first PWN2OWN contest at CanSecWest 2007. Dino has been named one of the 15 Most Influential People in Security by eWEEK and one of the Top Ten Sexy Geeks (NSFW) by Violet Blue.

Anthony Lineberry

Anthony Lineberry is a security researcher from Oakland who has been active in the security community for many years, specializing in reverse engineering code, researching vulnerabilities, and advanced exploitation development. He has written an open source kernel from scratch, helped with the first iPhone jailbreak, and feels uncomfortable speaking in the 3rd person. Professionally his experience includes working as a security researcher for McAfee, NeuralIQ, and currently with Lookout. He has spoken previously at SCaLE, DefCon, and BlackHat EU/US.

Charlie Miller

Charlie Miller is Principal Research Consultant at Accuvant Labs. He was the first with a public remote exploit for both the iPhone and the G1 Android phone. He won the CanSecWest Pwn2Own competition for the last four years. He has authored two information security books and holds a PhD from the University of Notre Dame.

Tyler Shields

Tyler Shields is a Senior Researcher with the Veracode Research Lab whose responsibilities include understanding and examining interesting and relevant security and attack methods for integration into the Veracode product offerings. In the past, Tyler has worked as a consultant for both @Stake and Symantec, delivering security assessments to fortune 500 companies, major financial institutions, institutions of higher education, and the highest levels of the U.S. government. Tyler has presented at major security conferences internationally including H.O.P.E , Shmoocon, BRUCon, and SOURCE Boston and released numerous security advisories. He also frequently contributes to major media outlets on security relevant topics.

Chris Wysopal

Chris Wysopal, Veracode's CTO and Co-Founder, is responsible for the company's software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He published his first advisory in 1996 on parameter tampering in Lotus Domino and has been trying to help people not repeat this type of mistake for 15 years. He is also the author of "The Art of Software Security Testing" published by Addison-Wesley.

Ralf-Philipp Weinmann

Ralf-Philipp Weinmann is a cryptologist at day, and a reverse-engineer at night. He has studied and obtained his Ph.D. at the Technical University of Darmstadt and is currently researching as a post-doc at the LACS laboratory of the University of Luxembourg.

Nick DePetrillo

Nick DePetrillo is a senior security researcher at Crucial Security Inc., a wholly owned subsidiary of Harris Corporation with a focus on hardware reverse engineering, cryptography, mobile security and other areas of interest. Most recently, Nick was a senior security consultant with Industrial Defender performing physical and electronic security assessments for various clients in the energy industry. Nick also researched Smart Grid/AMI hardware and software security issues while at Industrial Defender. Nick was a research and development engineer for Aruba Networks, concentrating on wireless security threats and prototyping new products. Nick has presented new security threats and mitigation techniques at both national and international conferences.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats