YoVDO

Faux Disk Encryption - Realities of Secure Storage on Mobile Devices

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Mobile Device Security Courses Android Security Courses Data Storage Security Courses

Course Description

Overview

Explore the complexities of secure data storage on mobile devices in this 57-minute Black Hat conference talk. Delve into the challenges faced by mobile app developers in securing locally cached data, including authentication tokens, on iOS and Android platforms. Examine common misconceptions about full-disk encryption and learn why it falls short in most attack scenarios. Discover sophisticated secure storage techniques available for both iOS and Android, understanding their technical operations and effectiveness in meeting practical security and usability requirements. Analyze potential vulnerabilities even when following current best practices and discuss potential solutions for the security and mobile device community. Gain insights into securely storing data for various use cases and uncovering secure storage flaws in real-world applications. By the end, understand the significant challenges of data storage on always-on, portable devices and how to implement robust security measures.

Syllabus

Intro
Outline 1. Introduction
iOS Encryption Hierarchy
Evolution of Android Security
How Android Encryption Works nccgroup
Android Credential Storage System Credential Store allows for storage of
Importance of Boot Security
Flash Recovery
Backdoor the Kernel nccgroup
Test Exploit 1. Compile backdoored kernal 2. Create boot image 3. Flash boot image via recovery 4. Reboot and test
Best Practices for Developers nccgroup General


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube