Continuing our discussion about our MoST conferences, we move on to 2016. The Mobile Security Technologies 2016 conference was held at The Fairmont Hotel in California. Like every year previously, we aspire to bring together the pioneers and newest minds in the field of research, software development, and policy development.
MoST is always held as part of the IEEE Computer Society Security and Privacy Workshops. On this year, we had Patric McDaniel as our keynote speaker. Professor McDaniel is part of the School of Electrical Engineering and Computer Science at The Pennsylvania State University. He delivered a talk entitled “Learning from Ourselves: Where are we and where can we go in mobile systems security?”
He explored the era of security research of smart mobile systems. He highlighted the lessons learned and lessons that should have been learned. He also touched upon the opportunities and limitations of markets and their providers.
2016 was the year wherein the first session focused up the concepts of risks in mobile transactions, grayware, and target fragmentation. Grayware refers to malicious code or software like adware, spyware, and trackware.
As more and more end users make use of their devices to do transactions, these became the norm target for hackers. It was said that 10% of Android devices suffer from malware attacks every three months. Malware targets sensitive information like personal banking information. If you make use of your mobile device to look up your account balance, this is exactly what hackers try to gain access to. Certain forms of threats aren’t always so obvious.
The act of shoulder surfing, either physically or with the use of cameras, is a well-known method of stealing your passwords and other sensitive details. Yes, this is a thing. Researchers have found that while more and more individuals are looking into the depths of their devices for potential risks, there is even less thought given to physical risks.
The second session of the MoST 2016 conference focused on browser history stealing and inferring activity from smart home network traffic. Browser history data, particularly the key-logged passwords and usernames are quite valuable. If you’ve ever made the habit of telling your device to “remember this password”, you’re opening yourself up to a vulnerability. Personal websites like dating ones are often the target of hackers. The AsheleyMadison.com hack is one such example.
The third and last session of that day focused on defenses. There was an interesting discussion regarding the classification of Android malware based on their runtime behavior. It is comforting to know that we have budding and established professionals who are working around the clock to determine threats.
Mitigating threats is one of the key purposes of mobile security. Threats are becoming more sophisticated and smarter each day. It would only make sense if our defense systems were to evolve as well. The only catch is: how soon can our defenses adapt and block out evolving threats? It is a good thing for everyone that we’ve got good people on our side.