Let’s take a look at what black hatters have been aiming at in 2012. The growing mobile market is a huge target, and companies’ security teams are working to reduce the risk. With more mobile phones in use that televisions, there’s no wonder why black hatters are targeting the mobile platform.
Mobile was a hot topic this year at Black Hat with a strong focus on client-side vulnerabilities and defenses. Apple made their first ever appearance at Black Hat with platform security manager Dallas De Atley walking attendees through the layered approach Apple has taken with iOS and the iPhone. Apple’s focus on security is impressive. I was particularly interested in the hardware level encryption via the A5 processor on the iPhone and how it integrates with iOS to encrypt and protect data. Security has been one of the key deficiencies critics mention when discussing Apple and the enterprise, given that the platform was less mature than RIM’s who have been entrenched in the enterprise. De Ately’s presentation shows that Apple is serious about security and the enterprise and that that the iPhone and iOS are ready for business.
The one area that seemed to be ignored was the infrastructure that supports the increasingly cloud dependent mobile devices. Possibly due to many not seeing server infrastructure as anything new and covered already, or in other sessions dealing specifically with server exploits and defenses. However, as the popularity of mobile devices increase the size of the server infrastructure to support services such as the iCloud, push services and the like increases exponentially. How much data do we really store on our devices vs. the Cloud? The bulk of our sensitive data is not only on our devices but spread across servers around the world, across multiple companies, platforms and with differing levels of security.