Page 13 - index
P. 13
Later, Vegas! Recapping Black Hat, Defcon and BSidesLV
Mobile Apps, App Wrapping, and Mobile Device Vulnerabilities Top of Mind at Security
Conferences
By Mike Raggo, Security Evangelist, MobileIron
It is exciting to see the brightest minds in security and hacking descend on Las Vegas each
summer for Black Hat and Defcon. In recent years, these shows have spawned offshoot
conferences like BSidesLV that aim to leverage all that security muscle in one place. I was
fortunate to be invited to participate at all three shows for the second year in a row and I
wanted to share some of the biggest security takeaways.
To sum up information security learnings in a word, it would be “complex.” With the
unprecedented transformation we’ve seen in digital information gathering and the growing
number of threat vectors, it’s no longer enough to just focus on the big picture. Protecting
data today requires a strategic plan that addresses both proactive and reactive
countermeasures to ensure we’re following best practices. We need to worry about the little
things.
Black Hat reportedly had more than 8,000 attendees this year. The show typically grows in
attendance year over year, as security researchers disclose their latest security vulnerability
research to the world. Unbeknownst to some, Black Hat stemmed from the original security
hacker conference known as Defcon, which now immediately follows Black Hat and just
celebrated its 22nd year. Last but certainly not least is BSidesLV. The show has local
conferences all over the U.S., but arguably their largest show is during the week of Black Hat
Las Vegas.
Every year, security researchers seek to set the bar higher, and this year lived up to that
reputation. In terms of mobile security, there were a number of notable presentations across
the three conferences, so let's start out with the first conference of the week - BSidesLV
2014.
BSidesLV uncovered myths about mobile app security
BYOD and Mobile Devices more broadly have introduced a fundamental shift in the
enterprise in terms of how people conduct business, increase efficiencies, and improve the
customer and employee experiences. Mobile devices are inherently different from legacy
PCs and laptops in that they represent a move from open operating systems to mobile
operating systems that leverage application sandboxing, provide enhanced security
management features, and empower the end-user.
But with this comes a new set of risks some of which stem from malicious or risky apps. The
media has hyped the risk of malicious apps, but an annual report conducted by Appthority
indicated that less than 0.4% of apps contained malicious behaviors, whereas roughly 81%
of the mobile apps we use everyday contain a risky behavior that could arguably lead to data
loss or exposure of PII information such as location, address, email address, phone number,
and more.
13 Cyber Warnings E-Magazine – August 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
