Yury Chemerkin

Security Expert (RU)

BIOGRAPHY

Yury Chemerkin started as a reverser and security developer and continued to gain experience on malware and mobile security. Last years he has been researching Mobile and Cloud solutions (and IAM solutions in general) for exploitation from different viewpoints (incl. forensics) based on misunderstood security principles and developing as a distributed spyware infrastructure. Now he is a multi-skilled security expert on security & compliance and mainly focused on privacy and leakage showdown. Key activity fields are EMM and Mobile Computing, IAM, Cloud Computing, Forensics & Compliance.

Untrusted Mobile Applications. State of Art of Security App-Apocalypse

Security and Privacy of Mobile Applications have been under fire last years since 2015. Native & 3rd-party apps like Gmail or Instagram had various problems on data protection. You could credentials or sensitive information in plaintext, in logs, everywhere. There were many recent disclosures about it in 2014 and dive into transport security, stored data, log leakages, encryption fails. On another side, the mobile market has been growing very fast. Mobile apps go everywhere, it carried everywhere. Software development pay a little attention to the security that it’s need. Some methodologies prevent vulnerabilities and known security fails due to compilation process. Most of secure coding guides are implemented wrong even it’s written by Apple or Google. Both factors (insecurity & growing market) lead us to App-Apocalypse. Do we really have a solution? Having a good understanding of security mechanism of the mobile environment (incl. application) can help keeping us our devices more protected. Only findings in apps made by security-trained experts are a way to decrease the level of untrustiness.

However, security life-circle looks like “we’ve it done once, let’s stop here”. But we can’t really stop anywhere. New apps are releasing, new updates are coming. We really have to talk about community based knowledge database on data insecurity. It’s first step. If you familiar with NVD or CVE databases, you should know it doesn’t contain anything about data protection of mobile apps. We found a few records on it. It absolutely doesn’t mean the databases are very bad, these databases solve another problems by design since they has appeared. Second step is a way to keep users informed about insecurity use cases.In fact, it’s about mobile secure awareness. If you go with your device to the public place, you should know what application fails to protect you data and what data may be leaked out your devices. There are many cases when you prefer to wipe you app data before doing something but you don’t know what application you have to apply ‘wiping’ to. Moreover, corporate mobile users have another way to control their by implementing EMM solutions. Does is solve the problem? No, it doesn’t, because to control it, they have to know what data exactly is out of protection. However, they have an opportunity to protect it by sandbox’ing app data in-rest and vpn’ing data in-transfer on application level. It’s a quick way to bypass the real problem and it works at the moment. What non-corporate users should to do and is there any solution for them. No solutions, even AV (antiviruses) solutions can’t help because it’s goal on preventing malware spreading. What This presentation is going to present new results on mobile apps insecurity and a way to solve the current problem for general public.

Are you the next cyber security superstar?

If you are passionate about an information security topic or you have strong technical skills developing researches on your own, you should definitely Apply at Call for Papers. By submitting you will have the chance to showcase your work to +2000 attendees.

Other speakers joining this year

Cristian Patachia

Development & Innovation Manager Orange Romania

Andrey Lovyannikov

Co-Founder AVULN Security Industries & Embedded Systems Reverse Engineering Expert (RU)

Gustavo Grieco

Phd. student CIFASIS (AR)

Ready for this year's presentations?

By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.

0
SPEAKERS
0
COUNTRIES
0
ATTENDEES
0
HACKING
COMPETITIONS
0
COMPANIES

Sponsors & Partners

They help us make this conference possible.

POWERED BY

As an infrastructure operator, technology integrator and IT&C services provider, Orange Business Services supports businesses and public entities in their digital transformation. Collect, transport, protect, store and process and analyze: they orchestrate every phase of the data journey, for your business to create even more value.

WWW.ORANGE.RO

PLATINUM PARTNERS

Ixia provides testing, visibility, security solutions, network testing tools and virtual network security solutions to strengthen applications across physical and virtual networks.

WWW.IXIACOM.COM

Secureworks provides threat intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

WWW.SECUREWORKS.COM

GOLD PARTNERS
SILVER PARTNERS
GAMING PARTNERS
VIP & SPEAKER LOUNGE PARTNER
BRONZE PARTNERS
COMMUNITY & MEDIA PARTNERS