YoVDO

Can You Trust Me Now? An Exploration Into the Mobile Threat Landscape

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Data Protection Courses Mobile Security Courses Trusted Execution Environment Courses Hardware Vulnerabilities Courses

Course Description

Overview

Explore the complex mobile threat landscape in this Black Hat conference talk. Dive into the assumptions and design paradigms of each player in the mobile space, examining their requirements and inherited problems. Gain a comprehensive understanding of mobile vulnerabilities and their implications, allowing for better assessment of current and future security risks. Investigate the entirety of the mobile ecosystem, from hardware components to operating systems and networks. Focus on core components across mobile vendors and operating systems, highlighting bugs, logic issues, and root problems affecting all mobile devices. Discuss limitations of mobile trusted computing and strategies to protect data and devices. Examine smartphone hardware platforms from trusted computing and hardware integrity perspectives, exploring how skilled attackers can compromise trust at the hardware level. Learn about System on Chip, Trusted Execution Environments, physical and remote attack surfaces, TrustZone, modems, basebands, boot loaders, and secure boot processes. Consider cross-device impacts and implications for BYOD (Bring Your Own Device) and Mobile Device Management (MDM) policies.

Syllabus

Intro
Today's Focus
System on Chip
Common Talking Points: Specification
Who Writes The Software?
OS Market Share
Android Fragmentation and Abandonware
Android: Plagued by Version Fragmentation
Apple: Version Fragmentation
Market Share of the Leaders
Foundations of Mobile Trust
System on a Chip
Trusted Execution Environments
Physical Attack Surface
Remote Attack Surface
TrustZone and TEE
TrustZone TEE
Modem and Baseband
Boot Loader / Secure Boot
Cross Device Impacts
Aside about BYOD & MOM


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube