> Tech News : ExtremeTech: Key takeaways from the SecurityWatch Summit 2012

Full Version: Tech News : ExtremeTech: Key takeaways from the SecurityWatch Summit 2012

> Twitters News > Syndication > Tech News

R2D2

Last night a number of digital security specialists met in a bank vault below the streets of lower Manhattan. While this might sound like the start of a heist film, keep in mind that the former JP Morgan vault was in steakhouse and the security pros were attending the Security Watch Summit 2012.

The event covered all aspects of mobile security and was led by PCMag veteran Neil Rubenking. Panelists included Renato Delatorre the Director of Network Technology & Security at Verizon Wireless, Gary Davis a VP of Marketing at McAfee, Keith Gordon a SVP of Security, Identity and Fraud at Bank of America, and security consultant Dan Guido of Trail of Bits.

The main event was a roundtable discussion where Rubenking asked questions to each of the experts and they proceeded to answer with insights from their corner of the security world, as well as rebut what the others brought up.

A major topic of discussion was the relative safety of iOS over Android, at least based on the number of successful exploits that have been documented. Dan Guido noted that the large number of unpatched Android devices on the market combined with little barrier to entry in Android app stores makes for a more susceptible target than the iPhone or iPad.

This led to one of the key reveals of the evening: so far mobile exploits have been remarkably unsophisticated. Mobile operating systems are pretty well locked down so doing anything naughty requires acceptance from the user — they generally have to open the door (by jailbreaking, rooting, or going to a non-standard app store) and then invite crooks in. The invitation almost always comes in the form of an app because that’s the main way to get new code on the system and give it access. This isn’t really possible within Apple’s walled garden, but an Android user who downloads a questionable app then doesn’t bother to read the permissions during installation might be in for an unpleasant surprise.

Guido, who had many of the best lines of the night, was particularly keen on coming at things from the perceptive of a professional, work-a-day hacker. He noted that while lots of exploits were theoretically possible, they really only mattered if they could lead to some form of profit for the hacker. After all, these exploits aren’t (generally) being done for the lulz, they are done by people who want to use your information to pay the rent. So if the level of effort is too high, or the pay off is too unlikely, the hacks aren’t going to happen in the wild.

In fact, that’s a main reason why mobile systems aren’t being attacked that often — compared to PCs there just aren’t that many smartphones. They might be the computing platform of the future, but their smaller number combined with the relative pain of circumventing security means your mobile won’t be the target that your Windows machine is for some time.

Another notable point was raised by Delatorre, who urged Verizon subscribers to stay on LTE and off of WiFi for the sake of security. The Verizon rep wasn’t just trying to get you to use all your data either — 3G/LTE is secure whereas that free WiFi you picked up while at a coffee shop should not be trusted.

Verizon: BYOD is the most misunderstood idea after cloud computing. #SWSummit

€” Security Watch (@securitywatch) September 28, 2012

Delatorre also made a special aside in order to debunk the idea of BYOD (Bring Your Own Device [to work]). He noted that very few people actually want to bring their own device, what they are asking for is companies to provide new, high-end hardware. He was firm in this belief but didn’t mention how BYOD can prevent people from having to carry two smartphones. Rather, he focused on the user’s logical desire to have a device isn’t an outdated piece of hand-me-down junk.

The final surprise of the night came when the conversation shifted to NFC. At that point Keith Gordon from Bank of America — the group you think would be most in favor of the technology — said his team was looking past NFC for mobile payments. The proximity is good for security but it makes the process no easier than swiping a credit card. Verizon’s Delatorre seemed more hopeful but wasn’t entirely convinced either.

All heads turned to the outspoken Guido, fully expecting him to piece apart the technology as being a fraud and plague on our collective houses, but the wasn’t the case. He noted that NFC is actually very secure right now because the proximity makes theft unlikely, and then because NFC readers (unlike credit card skimmers) are both expensive and require expertise to use. In other words, hacking NFC just doesn’t make dollars and sense at this point in time.

More reading: “Is cloud security an oxymoron?”

[img]http://feedads.g.doubleclick.net/~a/tMOzOVoEC3MEedD3N0fYcQfKk1A/0/di[/img]</img>

[img]http://feedads.g.doubleclick.net/~a/tMOzOVoEC3MEedD3N0fYcQfKk1A/1/di[/img]</img>

[img]http://feeds.feedburner.com/~ff/ziffdavis/extremetech?d=yIl2AUoC8zA[/img]</img> [img]http://feeds.feedburner.com/~ff/ziffdavis/extremetech?d=Gu391qSwH_A[/img]</img> [img]http://feeds.feedburner.com/~ff/ziffdavis/extremetech?i=2L-ZSepy6Vs:gE5qV84-g0w:V_sGLiPBpWU[/img]</img> [img]http://feeds.feedburner.com/~ff/ziffdavis/extremetech?i=2L-ZSepy6Vs:gE5qV84-g0w:F7zBnMyn0Lo[/img]</img> [img]http://feeds.feedburner.com/~ff/ziffdavis/extremetech?d=dnMXMwOfBR0[/img]</img> [img]http://feeds.feedburner.com/~ff/ziffdavis/extremetech?d=TzevzKxY174[/img]</img>
[img]http://feeds.feedburner.com/~r/ziffdavis/extremetech/~4/2L-ZSepy6Vs[/img]

View the full article

View the full article

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.