Mobile Vulnerability Assessment: There's an App for That!

No ratings

Presented at UNITED Security Summit 2012 by

Jon Oberheide

"Conservative carriers frequently leave privilege escalation vulnerabilities unpatched for months and years on today's consumer mobile platforms, a far cry from the near-instant silent updates delivered to desktop platforms. These large windows of vulnerability allow even unsophisticated attackers to reuse off-the-shelf privilege escalation exploits and target users with their malicious mobile apps. This presentation explores how such privilege escalation vulnerabilities can be enumerated with a standard market-delivered application, allowing enterprises and even end users to assess the risk of their mobile devices. Results of a public release of a vulnerability assessment app for the Android platform will be presented."