Before we dive into specific mobile vulnerabilities and talk as if the end times are upon us, let us pop the stack and talk about how the mobile environment works as a whole. We will explore the assumptions and design paradigms of each player in the overall mobile space, along with the requirements and inheritance problems they face. The value of this approach is that it allows us to understand and couch the impacts and implications of all mobile vulnerabilities, be it bugs existing today or theoretical future vulnerabilities. The approach also allows us to catalogue all the design assumptions made and search for any generalized logical flaws that could serve as a lynchpin to undermine the entirety of mobile security and trust.
This talk focuses on the entirety of the mobile ecosystem, from the hardware components to the operating systems to the networks they connect to. We will explore the core components across mobile vendors and operating systems, focusing on bugs, logic, and root problems that potentially effect all mobile devices. We will discuss the limitations of mobile trusted computing and what can be done to protect both your data and the devices your data reside on. From the specific perspectives of trusted computing and hardware integrity, there are a handful of smartphone hardware platforms on the market. OEMs are constrained to release devices based on selecting and trusting one of these platforms. If a skilled attacker can break trust at the hardware level, the entire device becomes compromised at a very basic (and largely undetectable) level. This talk is about how to break that trust.
Josh Thomas began his career 14 years ago in network administration andsoftware development. Prior to moving his focus primarily to security, Joshwrote Artificial Intelligence and cryptographic solutions for the Departmentof Defense. Josh has extensive hands on knowledge of mobile devices andcellular infrastructure. He is also dedicated to hardware reverse engineeringand embedded device exploitation. Josh most recently was a Senior ResearchScientist with Accuvant's Applied Research team, and has worked as a SeniorResearch Developer at The MITRE Corporation. At MITRE, Josh performed analysesof the Android, Apple, Symbian and BlackBerry security models as well as othernon-mobile embedded platforms and worked closely with the vendors and projectsponsors. Josh also developed an open-source mesh networking solution forSmart phone communications that bypasses the need for physical infrastructure,performed advanced spectrum analysis for cleared communications, and designeda secure satellite communications system required to handle the most sensitivecommunications possible while also being resilient against the highest levelsof waveform interference. Prior to his tenure at The MITRE Corporation, Joshdeveloped Artificial Intelligence and embedded cryptographic solutions forGeneral Dynamics and other organizations. Josh projects including the designand development of robust routing architecture for UAV/UGV autonomousvehicles, battlefield troop movement predictive scenario generation, andcreation of mathematical models the controlled de-orbit and reentry of the MirSpace Station.