Hacking Mobile Devices

Track Room Location: Heritage Hall, room 134


Please note that this track is CLOSED. You can add yourself to the "wait list" and will be registered for your alternate choice. If room opens up in "Hacking Mobile Devices," you will be notified.

Description

Mobile devices such as smartphones and tablets are now used for making purchases, emails, social networking, and many other risky activities. These devices run specialized operating systems have many security problems. This class will cover how mobile operating systems and apps work, how to find and exploit vulnerabilities in them, and how to defend them. Topics will include phone call, voicemail, and SMS intrusion, jailbreaking, rooting, NFC attacks, malware, browser exploitation, and application vulnerabilities. Hands-on projects will include as many of these activities as are practical and legal.

Upon successful completion of this course, the student will be able to:
A. Describe the risks of using mobile devices for common activities such as making phone calls, emailing, and shopping
B. Explain cellular network functions, attacks, and countermeasures for voice calls, voicemail, and SMS
C.Perform and analyze jailbreaks for iOS devices
D. Analyze the Android security model and rooting
E. Recognize types of mobile malware and anti-malware options
F. Identify Web browser services and attacks on mobile platforms and recommend countermeasures
G. Configure and defeat locking, remote location and wiping services
H. Explain common mobile app risks and make intelligent decisions when installing and using them
I. Evaluate the functions and risks of mobile payment services, such as Google Wallet

Prerequisites

Security knowledge at the Security+ level, and familiarity operating mobile devices such as smartphones and tablets.

Instructor

sbowne.jpg
Sam Bowne - City College of San Francisco

Sam has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, HOPE, BayThreat, LayerOne, and Toorcon, and taught classes and many other schools and teaching conferences. He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign.

Industry Certification Exams & Prizes:
Infosec: CISSP, Certified Ethical Hacker, Security+, Defcon 21 CTP Co-Winner (Black Badge)
Microsoft: MCP, MCDST, MCTS: Vista
Networking: Network+, Certified Fiber Optic Technician, HE IPv6 Sage, CCENT, IPv6 Forum Silver & Gold, Juniper JN0-101, Wireshark WCNA

Three Objectives

1. Understand the risks of using Android and iOS devices in detail
2. Explain best practices for securing mobile apps
3. Perform security audits of mobile apps

Agenda

Monday, The mobile risk ecosystem; hacking the cellularnetwork
Tuesday, iOS, Android part 1
Wednesday, Android part 2, mobile malware, mobile services and mobile web
Thursday, Mobile device management, mobile development security, mobile payments
Friday, TBD

Resources

Instructor Links

https://samsclass.info/128/128_SWC_15.shtml

Please note that content is subject to change or modification based on the unique needs of the track participants in attendance.