Can You Trust Me Now? An Exploration Into the Mobile Threat Landscape

Explore the complex mobile threat landscape in this Black Hat conference talk. Dive into the assumptions and design paradigms of each player in the mobile space, examining their requirements and inherited problems. Gain a comprehensive understanding of mobile vulnerabilities and their implications, allowing for better assessment of current and future security risks. Investigate the entirety of the mobile ecosystem, from hardware components to operating systems and networks. Focus on core components across mobile vendors and operating systems, highlighting bugs, logic issues, and root problems affecting all mobile devices. Discuss limitations of mobile trusted computing and strategies to protect data and devices. Examine smartphone hardware platforms from trusted computing and hardware integrity perspectives, exploring how skilled attackers can compromise trust at the hardware level. Learn about System on Chip, Trusted Execution Environments, physical and remote attack surfaces, TrustZone, modems, basebands, boot loaders, and secure boot processes. Consider cross-device impacts and implications for BYOD (Bring Your Own Device) and Mobile Device Management (MDM) policies.

Intro
Today's Focus
System on Chip
Common Talking Points: Specification
Who Writes The Software?
OS Market Share
Android Fragmentation and Abandonware
Android: Plagued by Version Fragmentation
Apple: Version Fragmentation
Market Share of the Leaders
Foundations of Mobile Trust
System on a Chip
Trusted Execution Environments
Physical Attack Surface
Remote Attack Surface
TrustZone and TEE
TrustZone TEE
Modem and Baseband
Boot Loader / Secure Boot
Cross Device Impacts
Aside about BYOD & MOM