This workshop will introduce mobile device security and its risks for your organisation. After discussion of the general threats, vulnerabilities and risks of mobile device integration, the iOS device specific features and vulnerabilities will be presented along with several attack scenarios and forensic methodologies. For secure enterprise integration useful mitigating controls will be shown with practical examples on how to implement them. We will demonstrate mobile device management solutions along with additional controls like MobileMe, FindMyIphone and so forth. Also not only technical controls will be discussed but also e.g. how to cover mobile devices within your organisations IT security policy. Last but not least we will comment on current papers and publications.
This willl be a practical workshop where you can test the various things in small hands-on sessions. We will provide you with some iPhones and iPads. Your own devices are welcome, too ;-)
Rene Graf leads the “Mobile Security” team at ERNW and has performed a number of BYOD projects including pentests of container solutions and forensic analyses of devices used by CxOs.
Michael Thumann is Chief Security Officer and head of the ERNW application security team. He has published security advisories regarding topics like ‘Cracking IKE Preshared Keys’ and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas – a Cisco Password Cracker’, ‘ikeprobe – IKE PSK Vulnerability Scanner’ or ‘dnsdigger – a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first (and only) German Pen-Test Book that has become a recommended reading at german universities.
In addition to his daily pentesting tasks he is a regular conference-speaker (e.g. Blackhat, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level and reverse almost everything to understand the inner working.