Yury Chemerkin has ten years of experience in information security. He is multi-skilled security expert on security & compliance and mainly focused on privacy and leakage showdown. Key activity fields are EMM and Mobile Computing, IAM, Cloud Computing, Forensics & Compliance. He published many papers on mobile and cloud security, regularly appears at conferences such as CyberCrimeForum, HackerHalted, DefCamp, NullCon, OWASP, CONFidence, Hacktivity, Hackfest, DeepSec Intelligence, HackMiami, NotaCon, BalcCon, Intelligence Sec, etc.
Riskware Betrayer. Who is the biggest one?
Security is core of our application. Starting from secure local storage …, to interaction via only trusted and secure connection…. “. Who doesn’t know this popular statement? I bet you familiar with one more popular headline “Researchers find data leaks in…”. Data leakage is around us and occurs when developers do not care about security. It usually leads mobile app data to be available for third party. It happens when developers choose the strategy known as ‘speed-to-market’, because this way they can reach their customers with services and software before their rivals. In other words, they sacrifice your security and privacy over customer experience and market growthing.
While many researchers are engaging in application penetration testing, static and dynamic reviewing the application code, developers play in game who are best on insecurity and in-privacy field. It helps intruders keep themselves focused on looking for profit, so they do not care about quality of their findings & breaking. It can be explainable, you [as intruder] need get more profit, and want make receiving your profit easier and if application cannot protect data, why should become worrying much about it and looking for vulnerabilities or anything. Intruders can spend from $30 to $3000 to buy special software and steal your data. Once again, the price is starting from $30. Now, imagine how much data you have on your mobile smartphone. Are you going to sell it for $30 including VAT? Your opinion does not matter, software developers help to sell it cheaper because ‘speed-to-market’ idea in their mind.
During the presentation, I am going to show a lot of application data security & privacy issues identified real world of most popular applications (mobile & desktop). This research includes all kind of information can be stolen via traffic (non-protected & protected traffic), applications logs, databases, files, shared resources, code design bugs and more! This talk will help security professionals and non-technical customers to stay informed about insecurity use cases to educate customers with useful security & privacy behavior mindset. In addition, solutions for different types of customers and developers will be presented during the talk.