Jon and Zach (known as TEAM JOCH) will deconstruct Google's Android mobile platform and its security model, from the base OS, to the Android middleware, up to some case studies using third- party applications. As Android emerges as a leading OS in the mobile market, there's much to be learned from both the victories and failures of Google's design decisions and their impact on Android's security model. TEAM JOCH will show off some fun attacks used to subvert the base Android system as well as third-party applications in use on Android handsets around the world.
Jon Oberheide is the CTO of DUO Security, an Ann Arbor-based startup. He previously attended the University of Michigan for a BS, MS, and PhD in Computer Science and has held positions at Merit Networks and Arbor Networks.
Zach is a Senior Consultant with the Intrepidus Group, specializing in network and web application penetration testing. Prior to joining Intrepidus Group's professional services team, Zach served as Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Both Jon and Zach have presented at numerous security conferences (eg. BlackHat, CanSecWest, SOURCE Boston, SecTor, etc).