EuSecWest 2012: That thing in your pocket
AMSTERDAM — As part of my job monitoring security threats and trends for Kaspersky Lab’s global research team, I’m exposed to a healthy dose of paranoia from white hat researchers who find it trivial to hack into modern operating systems and platforms.
After a few days of hanging out in the hallways with exploit writers, I find myself clutching my laptop to my chest a little tighter and constantly peeking at my mobile phone to make sure nothing out of the ordinary is happening.
None of this paranoia is misplaced. Just pay attention to the lessons from the Pwn2Own challenges organized by the CanSecWest/EuSecWest folks (shout-out to Dragos Ruiu for putting together top-notch events) and you get a real-world understanding of why it’s near impossible to keep away a motivated adversary.
This week, I had the opportunity to interview the hacking teams that used zero-day vulnerabilities and clever exploitation techniques to compromise fully patched iPhone 4S and Android 4.0.4 (Samsung S3) and the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the transfer of sensitive business documents.
For many, this is not practical advice. After all, your mobile device is seen as an extension of the computer and there is a legitimate need to access work e-mail on iPhone/iPad, Android and BlackBerry smart phones. However, whether you are a businessman, a celebrity or the average consumer, it’s important to start wrapping your mind around the idea of separating work from play on mobile devices.