Presentation Title Blackbox Android: Breaking “Enterprise Class” Applications and Secure Containers
The Android platform is growing in popularity and is quickly being adopted in the enterprise environment. Corporations and governments now have to secure potentially sensitive information on mobile phones. In order to facilitate this, security solutions have been developed, such as “secure containers” which claim to help enterprises secure mobile devices. There is an increasing need to be able to assess the security claims of such “enterprise class” Android software vendors. Yet there is very little publicly released information on how to do this and how the claims hold up to real world threats.
This talk will cover our research into the potential threats to Android devices, how to understand what should be protected, when it should be protected, and how secure containers fit into the mix. With the help of this information and these techniques, the audience will be able to follow the steps we took to assess enterprise class secure containers and determine if secure containers are right for their needs.
About Marc Blanchou
Marc Blanchou is a Security Consultant at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Marc specializes in native client/server applications and mobile application security. Marc previously worked at Bloomberg L.P. and Stevens Institute of Technology where he greatly improved his skills in low level legacy code. For his master’s thesis, Marc developed an open-source flash file system in C which resulted in several commits to the Linux kernel. Marc will be presenting at OWASP appsec USA.
About Mathew Solnik
Mathew Solnik is a security researcher/consultant at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Mathew specializes in web application/web services security, network security/red-team testing, and secure architecture/design. Prior to joining iSEC, Mathew was a R&D/Special Projects Engineer at IronKey Inc. His focus was on next generation products targeted at the financial sector, secure product design, threat modeling, and all sorts of internal pen-testing.