Corporate Espionage via Mobile Compromise: A Technical Deep Dive

No ratings

Presented at TROOPERS 2013 by

David Weinstein

Corporate scale cyber espionage is a threat to keeping a leg up on the competition. Mobile phones are increasingly targeted by attackers and can be a powerful tool to gain entry to a company and exfiltrate intellectual property. We will examine how the ability of the mobile device to operate on either side of corporate boundaries exposes the company to risk. This talk will be particularly technical in describing the implementation of a reprogrammable USB device built upon the Linux gadget framework on Android used to penetrate traditional corporate defenses. We will also demonstrate an Android RAT specifically designed to aware of its surroundings, capable of recording sensitive audio, video, bluetooth, and wireless connections, while silently waiting to be plugged into a corporate laptop/desktop. Then the fun begins! Selected Publications: SeRPEnT: Secure Remote Peripheral Encryption Tunnel, MITRE technical report A Security Hygienic Smart Charger for Mobile Devices, IEEE Mobile Security Technologies (MoST 2012), San Francisco, CA BEYOND THIN CLIENTS: LIMITING CYBERSECURITY VULNERABILITIES