This session will show how smartwatches is introducing a new security risk to your enterprise. We have analyzed some of the most popular smartwatches (as well as the plethora of other smartwatches on the market); to determine the risks they introduce to mobile enterprise data. Our research team continues to discover a broad range of smartwatch and wearable vulnerabilities including PIN bypass vulnerabilities, pairing apps speaking to random international IP addresses, lack of proper encryption controls, and more.
In this session, we will focus on:
- What’s different about a smartwatch from other mobile devices
- What vulnerabilities we've discovered and reported on during our research and their impact on enterprise data
- A stack ranking of smartwatches and wearables in terms of their security posture regarding: lack of encryption, PIN protection, and other fundamental security controls
- The pairing apps and which ones exhibit suspicious behaviors (back-channel communications, outbound data exfiltration, data harvesting, etc.)
- A live demo of an attack on a smartwatch, using a PIN bypass vulnerability
- Lessons learned from the research to provide best practices and guidance in terms of smartwatch security and a mobile enterprise strategy for embracing these devices and securing enterprise data
The session will be held by Michael T. Raggo (CISSP, NSA-IAM, CCSI, ACE, CSI), Director, Security Research, MobileIron. Michael has over 20 years of security research experience. His current focus is threats and countermeasures for the mobile enterprise.
Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols” for Syngress Books, and contributing author for “Information Security the Complete Reference 2nd Edition”.
A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, is a participating member of the PCI Mobile Task Force, and is a frequent presenter at international security conferences.
Mer informasjon under HackCon-programmet hvor du også kan melde deg på!