Sebastian Schrittwieser and Peter Frühwirt give a talk on Security Obsucrity, powered by HTTPS on March 20th (10.30 – 11.30) in the main track.
Adrian Dabrowski gives a talk at the “Telco Security Day” on March 18th (10.45 – 11.45).
Security Obsucrity, powered by HTTPS
Abstract: Applications on modern smartphone operating systems are protected against analysis and modification through a wide range of security measures such as code signing, encryption, and sandboxing. However, for
network-enabled applications effective attack vectors can be found in their communication protocols. Most applications developers hide the implementation details of their protocols inside an HTTPS connection.
While HTTPS is able to protect data leakage during transmission, it is an inadequate protection against protocol analysis. The concept of SSL interception applied to smartphone applications allows analysis and
modification of transport protocols with endless possibilities: getting paid extras for free, cheating in games, finding design flaws in protocols, etc. In this talk, we demonstrate, based on several live demos, how application developers sometimes try to protect insecure protocols by wrapping them inside an HTTPS connection and show that known countermeasures are rarely used in practice.
About Troopers:
Troopers14 is the seventh edition of the great IT-Security Conference, where the world’s leading IT-Security experts and Hackers present their latest research.
Troopers provides a networking platform for Security interested people from all over the world and enables security folks from the industry, academia and the research community to exchange knowledge and talk about their work. Again, Troopers14 is going to be an event unlike most other “security conferences”: No pointless marketing talks, just high-end workshops with hands-on experiences and most importantly: You’ll get real answers and practical benefits to meet today´s and tomorrow’s threats.