This document summarizes a presentation on smartphone security. The presentation covers smartphone security basics, common attack vectors, mitigation strategies, vulnerabilities in third-party apps, how to attack apps, and secure coding practices. Specific topics include what personal information is stored on smartphones, how 2G cellular networks have weak encryption of SMS messages that allows interception, and how the encryption on 2G networks can be broken.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
This article is all about what AI trends will emerge in the field of creative operations in 2024. All the marketers and brand builders should be aware of these trends for their further use and save themselves some time!
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands.
It’s important that you’re ready to implement new strategies in 2024.
Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024.
You’ll learn:
- The latest trends in AI and automation, and what this means for an evolving paid search ecosystem.
- New developments in privacy and data regulation.
- Emerging ad formats that are expected to make an impact next year.
Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.
5 Public speaking tips from TED - Visualized summarySpeakerHub
From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world.
With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively.
The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage.
Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience.
See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers
See the original article on Forbes here:
http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world.
Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance.
For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age.
Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.
A brief introduction to DataScience with explaining of the concepts, algorithms, machine learning, supervised and unsupervised learning, clustering, statistics, data preprocessing, real-world applications etc.
It's part of a Data Science Corner Campaign where I will be discussing the fundamentals of DataScience, AIML, Statistics etc.
Time Management & Productivity - Best PracticesVit Horky
Here's my presentation on by proven best practices how to manage your work time effectively and how to improve your productivity. It includes practical tips and how to use tools such as Slack, Google Apps, Hubspot, Google Calendar, Gmail and others.
The six step guide to practical project managementMindGenius
The six step guide to practical project management
If you think managing projects is too difficult, think again.
We’ve stripped back project management processes to the
basics – to make it quicker and easier, without sacrificing
the vital ingredients for success.
“If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.”
Dr Andrew Makar, Tactical Project Management
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Smartphone Insecurity
1. Smartphone Insecurity
Click to edit the outline text
•
Georgia
Click to Weidman
formatedit the outline text format
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
2. Agenda
Smartphone Security Basics
Common Attack Vectors and Examples
Mitigation Strategies
Common vulnerabilities in 3rd party apps
Attack strategies against apps
Secure coding practices for developing apps
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
3. What is a smartphone?
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
4. What is a smartphone?
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
5. What’s on your phone
Personal info
Work info
Location info
Click to edit the outline text
Account info formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
6. Do We Need Privacy? (SMS examples)
“Hi meet me for lunch”
“Meet me for lunch while my wife is out”
“Here is your bank account credentials”
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
7. Attacks on Privacy (Infrastructure)
Cell Network
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
8. Attacks on Privacy (Infrastructure)
? ? Cell Network
io n
p t
c ry
E n
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
9. Is GSM traffic encrypted?
SMSPDU:07914140540510F1040B915117344588F100
000121037140044A0AE8329BFD4697D9EC37
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
10. Is GSM traffic encrypted?
SMSPDU:07914140540510F1040B915117344588F100
000121037140044A0AE8329BFD4697D9EC37
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
11. Is GSM traffic encrypted?
Sending Number: 1-571-435-4881
Data: hellohello
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
12. 2G(EDGE)
Bad crypto:
Up to the base station
Algorithms breakable
Click to edit the outline text
No authentication of base format
stations
Click to edit the outline text format
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
13. Attacks on Privacy (Infrastructure)
Cell Network
Click to edit the outline text
formatedit the outline text format
Click to
Research by: Chris Pagent
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
14. Attacks on Privacy (Infrastructure)
Cell Network
Click to edit the outline text
formatedit the outline text format
Click to
Research by: Chris Pagent
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
15. Breaking 2G Crypto
Break session key to get on the network
A5/2 trivial to break
Karsten Nohl broke A5/1 in 2009 in minutes
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
16. Attacks on Privacy (Infrastructure)
Cell Network
Click to edit the outline text
formatedit the outline text format
Click to
Research by: Chris Pagent
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
17. Who cares about EDGE anyway?
Still deployed
By default phones will drop back to EDGE
Is anyone on EDGE right now?
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
18. Mitigation Strategies
Replace 2G
Option to turn off 2G on phones
Encrypt data on phones before sending
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
19. Attacks on Privacy (Platform)
=
Attackers know how to attack these platforms
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
20. Rooting/Jailbreaking
Exploiting kernel/platform flaws
Client side attacks
Gain system level privileges similarly to PC platforms
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
21. JailbreakMe 3.0
iPhone jailbreak
Client side flaw in PDF (Mobile Safari)
Kernel exploit
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
22. Rootstrap
Android app loads kernel exploits
Loads code dynamically
Runs native code
Click to edit the outline text
Packaged with interesting app formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
23. DroidDream
Android app in the market
Rooted phones via kernel exploits
Stole information
Click to edit the outline text
Ran up charges formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
24. Payload example: SMS botnet
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
25. Payload example: SMS botnet
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
26. Payload example: SMS botnet
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
27. Payload example: SMS botnet
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
29. How the Botnet Works
1. Bot Receives a Message
3. Bot Decodes User Data
5. Checks for Bot Key
Click to edit the outline text
7. Performs Functionality formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
30. How the Botnet Works
1. Bot Receives a Message
3. Bot Decodes User Data
5. Checks for Bot Key
Click to edit the outline text
7. Performs Functionality formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
31. How the Botnet Works
1. Bot Receives a Message
3. Bot Decodes User Data
5. Checks for Bot Key
Click to edit the outline text
7. Performs Functionality formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
32. How the Botnet Works
1. Bot Receives a Message
3. Bot Decodes User Data
5. Checks for Bot Key (Swallows Message)
Click to edit the outline text
7. Performs Functionality formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
33. How the Botnet Works
1. Bot Receives a Message
3. Bot Decodes User Data
5. Checks for Bot Key
Click to edit the outline text
7. Performs Functionality formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
34. Demo
Demo of Botnet Click to edit the outline text
Payload
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
35. Mitigations for Platform Attacks
Updating
Better sandboxing
Vigilance from users
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
36. App attacks on privacy
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
37. App Stores
iPhone
Expensive
Closed
Identity verified
Android
Cheap
Click to edit the outline text
formatedit the outline text format
Self Signed
Click to
Second Outline Level
Second Outline Level
Open
−
− Third Outline Level
Third Outline Level
Anonymous Fourth Outline
Fourth Outline
38. Android Permission Model
Specifically request permissions
Users must accept at install
Send SMS, Receive SMS, GPS location
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
39. App attacks on privacy
Is this system working? Are users
making good decisions about
apps? Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
40. Top Android App of All Time
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
41. Demo
Demo: App Abusing Permissions
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
42. App Attacks Mitigations
Oversight on apps
Analysis of permissions
User awareness
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
43. Vulnerabilities in Android Apps
No coding standards for Android apps
Badly coded apps
Data Leak
Click to edit the outline text
Permission Leak formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
44. Data Leak
Access to sensitive data
Insecure storage
sdcard
World readable
Stored in source code
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
45. Return to the Source
Free tools available
Complete source available
Don’t store secrets here
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
46. Demo
DEMO: Abusing bad storage practices
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
47. Mitigating this risk
Store sensitive data privately
Don’t use the sdcard
Don’t put secrets in source code
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
48. Permission leak through components
Other apps can call public components
That’s a reason Android is awesome
If not used safely, this can be dangerous
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
49. Demo
DEMO: Stealing permissions from exposed
components
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
50. Mitigating This Risk
Require permissions to access components
Use custom permissions
Don’t have dangerous functionality accessible without
user interaction
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
51. Contact
Georgia Weidman
Security Consultant, Researcher, Trainer
Website: http://www.georgiaweidman.com
Slides: http://www.slideshare.net/georgiaweidman
Click to edit the outline text
Email:georgia@grmn00bs.com
formatedit the outline text format
Click to
Twitter: @georgiaweidman Outline Level
Second Outline Level
Second
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
Editor's Notes
Ubiquitous. Rural areas Saving my battery during a hurricane
Edit and Read SMS, send SMS, receive SMS Modify/delete USB storage contents Prevent phone from sleeping, write sync settings GPS data Services that cost you money Act as account authenticator, manage accounts Read and write to your personal information including contact data Phone calls, read phone state and identity Full network access