Security Expert (RU)
Yury Chemerkin started as a reverser and security developer and continued to gain experience on malware and mobile security. Last years he has been researching Mobile and Cloud solutions (and IAM solutions in general) for exploitation from different viewpoints (incl. forensics) based on misunderstood security principles and developing as a distributed spyware infrastructure. Now he is a multi-skilled security expert on security & compliance and mainly focused on privacy and leakage showdown. Key activity fields are EMM and Mobile Computing, IAM, Cloud Computing, Forensics & Compliance.
Untrusted Mobile Applications. State of Art of Security App-Apocalypse
Security and Privacy of Mobile Applications have been under fire last years since 2015. Native & 3rd-party apps like Gmail or Instagram had various problems on data protection. You could credentials or sensitive information in plaintext, in logs, everywhere. There were many recent disclosures about it in 2014 and dive into transport security, stored data, log leakages, encryption fails. On another side, the mobile market has been growing very fast. Mobile apps go everywhere, it carried everywhere. Software development pay a little attention to the security that it’s need. Some methodologies prevent vulnerabilities and known security fails due to compilation process. Most of secure coding guides are implemented wrong even it’s written by Apple or Google. Both factors (insecurity & growing market) lead us to App-Apocalypse. Do we really have a solution? Having a good understanding of security mechanism of the mobile environment (incl. application) can help keeping us our devices more protected. Only findings in apps made by security-trained experts are a way to decrease the level of untrustiness.
However, security life-circle looks like “we’ve it done once, let’s stop here”. But we can’t really stop anywhere. New apps are releasing, new updates are coming. We really have to talk about community based knowledge database on data insecurity. It’s first step. If you familiar with NVD or CVE databases, you should know it doesn’t contain anything about data protection of mobile apps. We found a few records on it. It absolutely doesn’t mean the databases are very bad, these databases solve another problems by design since they has appeared. Second step is a way to keep users informed about insecurity use cases.In fact, it’s about mobile secure awareness. If you go with your device to the public place, you should know what application fails to protect you data and what data may be leaked out your devices. There are many cases when you prefer to wipe you app data before doing something but you don’t know what application you have to apply ‘wiping’ to. Moreover, corporate mobile users have another way to control their by implementing EMM solutions. Does is solve the problem? No, it doesn’t, because to control it, they have to know what data exactly is out of protection. However, they have an opportunity to protect it by sandbox’ing app data in-rest and vpn’ing data in-transfer on application level. It’s a quick way to bypass the real problem and it works at the moment. What non-corporate users should to do and is there any solution for them. No solutions, even AV (antiviruses) solutions can’t help because it’s goal on preventing malware spreading. What This presentation is going to present new results on mobile apps insecurity and a way to solve the current problem for general public.
Are you the next cyber security superstar?
Ready for this year's presentations?
By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.
Sponsors & Partners
They help us make this conference possible.
Orange Romania is the leader of the local telecom market and part of the Orange Group, one of the largest global telecommunications operators, connecting hundreds of millions of customers worldwide. With over 11 million customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions to its customers, both individual users and companies, from basic services up to complete voice services, fixed and mobile data, TV services or smart home services, but also mobile financial services. Orange is also a leader in innovation investing yearly over 200 million euros in network infrastructure and R&D initiatives in Romania. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance. In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.
Orange Services was created in 2013 and is a 100% owned subsidiary of Orange Group. As a technology services company, our DNA is in IT, but our teams also work in other domains including mobile networks and a number of commercial and business functions. Orange Services is one of the largest technology hubs in the Orange Group, working internationally for both Orange corporate functions and country operations. Through a unique combination of cutting edge know-how and expertise, our teams provide a broad range of services: development and supervision of IT services in domains such as Big Data, Cloud, M2M, IoT, TV, Connected Objects; design and development of IT infrastructure and desktop solutions; testing & planning for mobile networks; implementation of supply chain solutions and also improvement of commercial & business performance including BI, CRM, Analytics, Digital learning and Customer Care. Visit us on LinkedIn.