DeepSec 2010 features 33 talks and 8 workshops by international experts
Vienna, 31 August 2010. The international security conference DeepSec brings together the world’s elite in network security and hacking in Vienna from 23 to 26 November 2010. This year, the conference focuses on the security of mobile systems and their users, as well as on the next-generation infrastructure. IT and security companies, users, officials, researchers and the hacker community have the opportunity to take part in the conference with 33 talks and 8 workshops scheduled this year. “We are happy to offer for the fourth time so many experts the chance to exchange ideas and experiences on the most important security issues of everyday IT work in our modern days”, says René Pfeiffer, organiser of DeepSec.
Live attacks on iPhone through a weak point in the mobile phone network
At DeepSec, security researcher Ralf Philipp Weinmann will show for the first time just how easily mobile phone users can fall prey to data theft: in his talk he will present a way to hack Apple’s iPhone by means of a manipulated radio network base station without tampering either with the phone itself or its Internet connection. All he will use for data transport is the regular mobile communications network (GSM), which is used in 219 countries by over 4.3 billion people for regular communication by mobile phone. In his talk, Weinmann will demonstrate the precarious current state of affairs in mobile communication network security. His talk “All your baseband are belong to us” is scheduled on 26 November at 11.50 a.m.
Other speakers at DeepSec will also deal with the explosive topic of mobile phone security: in their two-day workshop “Attacks on GSM networks”, security experts Karsten Nohl (Security Research Labs, Berlin) and Harald Welte (HMW-Consulting, Berlin) will examine the critical security areas of the mobile communication network, while Raphaël Rigo from the French network and data security agency ANSSI will expose weak points in current mobile phones using Google’s Android operating system in his talk entitled “Android: reverse engineering and forensics”.
Spy in the service hotline
As a Group employee, would you dare refuse to give a supposed superior information on the phone? Today’s hackers exploit the insecurity and ignorance of many employees in an increasingly targeted way to get sensitive internal information about the company in question. In the two-day DeepSec workshop “Social engineering training for IT security professionals”, British security experts Sharon Conheady and Martin Law from First Defence Information Security Ltd. will explain how the astute attackers proceed in their social engineering attacks: for example, employees are specifically spied on to circumvent the actual technological security barriers of a company by using the information gathered. To do so, the attackers use Trojan viruses and loopholes in browsers as well as copies of company websites on which unsuspecting users e.g. hand their network access data to the unknown attackers on a silver platter.
Social engineering is particularly dangerous in direct contact: when targeting Groups, attackers like to pose as superiors of the company in question on the phone, e.g. to intimidate hotline staff and extort information from them. Yet supposedly harmless telephone calls are on the attackers’ agenda as well, in which they appeal to social conventions to get information.
“Many people are truly taken aback when they realise that such spy techniques have long since been used outside of Hollywood thrillers”, explains René Pfeiffer, organiser of DeepSec. By the way, in the two-day DeepSec workshop, participants will also learn how to make their staff aware of social engineering attacks and thus increase data security within their own company.
DeepSec promotes raising awareness and exchanging ideas among experts
As a neutral platform, DeepSec brings together security experts from various fields to exchange ideas and experiences. But the conference also wants to counteract the widespread prejudice that hackers are automatically criminals. “On the contrary. For many so-called hackers it is all about identifying security holes and making them public. You can eliminate dangers only once they have been identified and analysed, just as in any other field”, according to Pfeiffer.
For more information and to view the DeepSec schedule, please go to: https://deepsec.net
To register for DeepSec, go to: https://deepsec.net/register/