[Dailydave] Things to think about

Dave Aitel dave at immunityinc.com
Thu Jan 10 15:25:04 EST 2013


CES has a dizzying array of things that look essentially identical and
are based on Android. It makes you think.

And if you're thinking about exploits you're thinking: You know what
didn't pan out? "Mobile attacks" in commercial attack frameworks. The
reasons are a bit non-obvious, but deep down, writing Android exploits
is fairly hard. Not because the exploit itself is hard, but because
testing your exploit on every phone is a nightmare. There's literally
thousands of them, and they're all slightly different. So even if you
know your exploit is solid as a rock, it's hard to say that you tested
it on whatever strange phone your customer happens to have around.

And of course, iOS is its own hard nut to crack. It's a moving
monolithic target, and Apple is highly incentivized by pirates to keep
it secure. So if you have something that works in a commercial package,
Apple will patch it the next day, and all your hard work is mostly wasted.

Regardless, it's interesting to see places where people are making
inroads here. So if you've done mobile work (or any interesting
offensive work) you should submit your talk to INFILTRATE at
cfp at immunityinc.com . We work hard to make talking at it the best
conference experience you've ever had. Think of it as the opposite of
talking at RSA .

-dave

-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 266 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130110/3faea7f3/attachment.sig>


More information about the Dailydave mailing list