Corporate scale cyber espionage is a threat to keeping a leg up on the competition. Mobile phones are increasingly targeted by attackers and can be a powerful tool to gain entry to a company and exfiltrate intellectual property. We will examine how the ability of the mobile device to operate on either side of corporate boundaries exposes the company to risk. This talk will be particularly technical in describing the implementation of a reprogrammable USB device built upon the Linux gadget framework on Android used to penetrate traditional corporate defenses. We will also demonstrate an Android RAT specifically designed to aware of its surroundings, capable of recording sensitive audio, video, bluetooth, and wireless connections, while silently waiting to be plugged into a corporate laptop/desktop. Then the fun begins!
David is a young software engineer and mobile security researcher. His cutting-edge work in Android and embedded systems has contributed to multiple patent-pending designs, and has recently provided expert consulting to DARPA and other government projects on mobile security. David has written papers on thin-client computing, innovated in the area of cryptographic systems for USB peripherals, and re-envisioned the defensive possibilities of mobile phone chargers.