Georgia Weidman (Founder, Bulb Security LLC)
PRESENTATION TITLE: Bypassing the Android Permission Model
PRESENTATION ABSTRACT:
When giving a security talk on the Android platform, one of the most common questions is can the permissions model be bypassed? Can an Android app, short of exploiting the phone and gaining root privileges gain additional permissions?
In this talk we will look at ways attackers can bypass the permission model including: taking advantage of insecure storage practices in other installed apps, and piggybacking on other apps with insecurely implemented interfaces. Demos, code snippets and examples of apps from the Android Market with these problems will be shown.
We will then discuss resources Android has in place to combat these problems and what developers and users can do to mitigate these risks.
ABOUT GEORGIA WEIDMAN
Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding Certified Information Systems Security Professional (CISSP), NIST 4011, Certified Ethical Hacker (CEH) and an Offensive Security Certified Professional (OSCP) certifications.
Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at conferences around the world including Shmoocon, Hacker Halted, Security Zone, and Bsides.
Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews. Building on her experience, Georgia recently founded Bulb Security LLC (http://www.bulbsecurity.com), a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.