Yury Chemerkin
Security Expert (RU)
BIOGRAPHY
Yury Chemerkin started as a reverser and security developer and continued to gain experience on malware and mobile security. Last years he has been researching Mobile and Cloud solutions (and IAM solutions in general) for exploitation from different viewpoints (incl. forensics) based on misunderstood security principles and developing as a distributed spyware infrastructure. Now he is a multi-skilled security expert on security & compliance and mainly focused on privacy and leakage showdown. Key activity fields are EMM and Mobile Computing, IAM, Cloud Computing, Forensics & Compliance.
Untrusted Mobile Applications. State of Art of Security App-Apocalypse
Security and Privacy of Mobile Applications have been under fire last years since 2015. Native & 3rd-party apps like Gmail or Instagram had various problems on data protection. You could credentials or sensitive information in plaintext, in logs, everywhere. There were many recent disclosures about it in 2014 and dive into transport security, stored data, log leakages, encryption fails. On another side, the mobile market has been growing very fast. Mobile apps go everywhere, it carried everywhere. Software development pay a little attention to the security that it’s need. Some methodologies prevent vulnerabilities and known security fails due to compilation process. Most of secure coding guides are implemented wrong even it’s written by Apple or Google. Both factors (insecurity & growing market) lead us to App-Apocalypse. Do we really have a solution? Having a good understanding of security mechanism of the mobile environment (incl. application) can help keeping us our devices more protected. Only findings in apps made by security-trained experts are a way to decrease the level of untrustiness.
However, security life-circle looks like “we’ve it done once, let’s stop here”. But we can’t really stop anywhere. New apps are releasing, new updates are coming. We really have to talk about community based knowledge database on data insecurity. It’s first step. If you familiar with NVD or CVE databases, you should know it doesn’t contain anything about data protection of mobile apps. We found a few records on it. It absolutely doesn’t mean the databases are very bad, these databases solve another problems by design since they has appeared. Second step is a way to keep users informed about insecurity use cases.In fact, it’s about mobile secure awareness. If you go with your device to the public place, you should know what application fails to protect you data and what data may be leaked out your devices. There are many cases when you prefer to wipe you app data before doing something but you don’t know what application you have to apply ‘wiping’ to. Moreover, corporate mobile users have another way to control their by implementing EMM solutions. Does is solve the problem? No, it doesn’t, because to control it, they have to know what data exactly is out of protection. However, they have an opportunity to protect it by sandbox’ing app data in-rest and vpn’ing data in-transfer on application level. It’s a quick way to bypass the real problem and it works at the moment. What non-corporate users should to do and is there any solution for them. No solutions, even AV (antiviruses) solutions can’t help because it’s goal on preventing malware spreading. What This presentation is going to present new results on mobile apps insecurity and a way to solve the current problem for general public.
Are you the next cyber security superstar?
If you are passionate about an information security topic or you have strong technical skills developing researches on your own, you should definitely Apply at Call for Papers. By submitting you will have the chance to showcase your work to +2000 attendees.
Other speakers joining this year
David Sancho
Senior Malware Researcher Trend Micro (ES)
Paul Coggin
Senior Principal Cyber Security Analyst Dynetics Inc (USA)
Ready for this year's presentations?
By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.
COMPETITIONS
Sponsors & Partners
They help us make this conference possible.
POWERED BY
Orange Romania is part of the Orange Group, one of the largest global telecommunications operators that connects hundreds of millions of customers worldwide. With over 11 million local customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions for both individual and corporate customers, from basic connectivity services to complete mobile, fixed internet, TV packages, and complex IT&C solutions through Orange Business.
Orange Romania is the number 1 operator in terms of network performance, and also holds nine consecutive Top Employer certifications, which confirm that Orange Romania, in addition to the remarkable products and services it offers, pays special attention to its employees and working environment. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance.
In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.