Secure Your Pocket: Black Hat Europe 2012 Delves into iOS and Android Exploits
The latest briefing sessions revealed by Black Hat Europe 2012's organizers present a heavy focus on mobile and next generation computing. Attendees will be briefed on an intelligence-driven approach to mobile defense and on a new tool that allows researchers to examine and interact with the attack surfaces of Android applications, among other topics.
These and the event's several dozen other briefings will take place between March 14th - March 16th at the Grand Krasnapolsky Hotel in Amsterdam, the Netherlands. If you're interested in attending Black Hat
Europe 2012, be sure to register by February 29th to enjoy a lower registration cost than will be offered to late and onsite registrations.
//Recurity Labs GmbH Founder Felix 'FX' Lindner leads off with "Apple vs. Google Client Platforms," in which he'll compare the security approaches taken by Apple and Google in their iPad and Chromebook platforms. From security architecture to integrity protection details he'll provide the big picture with occasional close-up shots, and show what powers the vendors grant to attackers through fails in logic, binary, and HTML.
//Dan Guido, NYU:Poly's hacker in residence, will present "The Mobile Exploit Intelligence Project," which attempts to harness empirical information on mobile attack capabilities and methods to create an intelligence-driven approach to mobile defense.
Guido's analysis identifies the means by which exploits are developed and distributed, separates useful defenses from ineffective ones, and provides analytical tools to objectively evaluate the vulnerability of mobile operating systems. He'll wrap by using the empirical attack data to make projections on the near- and long-term directions of mobile malware.
//Last but not least, Tyrone Erasmus, an information security consultant at MWR InfoSecurity, will debut his new Android exploit-hunting tool, Mercury, in "The Heavy Metal That Poisoned the Droid."
The much-publicized Android Marketplace malwares rely on the fact that users seldom review app permissions, as well as an alarming number of info disclosure and privilege escalation vulnerabilities. Erasmus's full-featured Mercury tool will allow researchers to dynamically examine and exploit the attack surface of applications, to better understand how exploits occur. Mercury is under heavy development, and Erasmus hopes to have it ready to release by the time of this Black Hat Europe 2012 session.
The sessions outlined above are just a fraction of the myriad and varied briefings, trainings, and special events planned for Black Hat Europe 2012, and we're revealing more programming additions every week.