A few weeks ago Graphite Software attended CounterMeasure2013 in Ottawa. The keynote by Charlie Miller, "Mobile Threats: Hype vs. Reality" - thus the title of this blog - was excellent. Not only does Charlie have the cred - he is a relaxed and entertaining speaker. Download his presentation here.
In the security field, we often get caught up reading our own press releases. Charlie is often creating such headlines, which is what made his "reality check" so refreshing. The best part for us personally at Graphite was that the presentation was a clear affirmation of what we are doing. Here is my summary as it pertains to mobile device and specifically Android security:
1. Android has the advantages of the PC - freedom to innovate, customize and large developer community - and has addressed many of the security issues of the PC - sandboxes, permissions and an app store. Android is not perfect from a security perspective, but in the end Android will win - which is why Android is our focus.
2. Mobile Device Challenge #1: Malware and viruses are not a huge issue, compared to basic issues particular to mobile devices - they are lost and stolen. This is exactly the threat model we address with our product - Secure Spaces. (While also isolating and limiting malware.)
3. Mobile Device Challenge #2: Users vs. BYOD. Users modify and root their devices. They can unintentionally, or intentionally, download code that can access personal and work data on the device. How do you secure both personal and work data on such devices, especially when most MDM software is trivial to break? Again this is where our engineers have developed a very elegant solution - Secure Spaces.
4. The Operating System is the only place for improvement. Application-level solutions can not make a difference. Server side scanning and controls have already been largely put in place. In order to address the mobile threats above, Graphite has developed some secure and fast extensions to Android, that leverage the existing code and security mechanisms, such as SE Android. This is where the next innovation will be.
See you at CounterMeasure 2014 (or before that at CES in January)!
No comments:
Post a Comment