Mobile Security and Exploits
Abstract
As smart phones become popular, and everyone seems to have one these days that they can't live without, the security impact of the daily decisions we make while downloading applications, jailbreaking/rooting our devices, playing games and giving them promiscuous permissions to our systems are not really given much thought by the average user. This talk will focus on how mobile devices and their threat model is different from the classic computers; what "old" concepts still apply to our mobile devices, and what the average consumer should be aware of from a security perspective on their everyday interactions with their mobile devices. We also take a quick illustrative detour into looking at how your decisions made in a mobile games can have security consequences. Lastly, we will discuss some server-side breaches from 2013 and their impact.
Bio: Nabil Hannan, Managing Principal, Cigital Inc. Nabil has over 10 years of experience in product management, software development and information security. Having worked as a Product Manager at Research In Motion/BlackBerry, Nabil has managed several initiatives and projects through the full Software Development Lifecycle. Nabil has been with Cigital since 2007, and during his tenure, he has identified, scoped and delivered on software security projects (Architectural Risk Analysis, Penetration Testing, Secure Code Review, Malicious Code Detection, Vulnerability Remediation, Mobile Security Assessments, etc.) and products (SecureAssist, Enterprise Security Portal, Remediation Helpdesk, Operational Assessment Database, etc.) for many of our clients, in particular in the financial services sector. Nabil is based out of Boston, MA and leads CigitalĀ¹s North East practice, focusing on helping clients solve their software security needs and build/improve effective software security initiatives.