Article by Ken Westin
Mobile was a hot topic this year at Black Hat with a strong focus on client-side vulnerabilities and defenses.
Apple made their first ever appearance at Black Hat with platform security manager Dallas De Atley walking attendees through the layered approach Apple has taken with iOS and the iPhone. Apple’s focus on security is impressive.
I was particularly interested in the hardware level encryption via the A5 processor on the iPhone and how it integrates with iOS to encrypt and protect data.
Security has been one of the key deficiencies critics mention when discussing Apple and the enterprise, given that the platform was less mature than RIM’s who have been entrenched in the enterprise.
De Ately’s presentation shows that Apple is serious about security and the enterprise and that that the iPhone and iOS are ready for business.
The one area that seemed to be ignored was the infrastructure that supports the increasingly cloud dependent mobile devices. Possibly due to many not seeing server infrastructure as anything new and covered already, or in other sessions dealing specifically with server exploits and defenses.
However, as the popularity of mobile devices increase the size of the server infrastructure to support services such as the iCloud, push services and the like increases exponentially.
How much data do we really store on our devices vs. the Cloud? The bulk of our sensitive data is not only on our devices but spread across servers around the world, across multiple companies, platforms and with differing levels of security.
Over the past year the press has been full of stories regarding “mobile hacking” where voicemails were accessed, or nude photos of celebrities compromised.
However, these “hacks” were not the hacking of the device itself, but due to vulnerabilities in the supporting infrastructure, such as weak security measures to access voicemail, weak email passwords and servers being compromised where usernames and passwords are stolen wholesale. Many times these breaches occur without the provider being aware of it until they too see it in the press.
As more devices are sold that rely on this infrastructure it becomes an increasingly valuable target for malicious attackers. Why attack a single device when you can compromise an entire infrastructure and potentially gain access to a much larger trove of data, number of devices and users? It’s simple black hat logic.
Cross-posted from Tripwire's State of Security