DeepSec 2013 Talk: Mobile Fail: Cracking Open “Secure” Android Containers

René Pfeiffer/ November 8, 2013/ Conference, Security

Over the last few years the desire to have information at our fingertips whenever and wherever we want has driven us more and more towards mobile devices. The convenience of having our email, files and access codes available to us on our smartphones or tablets has given rise to a new problem… that of securing our sensitive data on an inherently insecure device. The same form factor that makes smart phones the easy choice for remote access to email and services also makes them easy to lose.

In response, we’ve begun to move security closer to the data, relying on “secure” container applications to keep our private and company data secure. Mobile apps such as LastPass, Dropbox, Evernote, GOOD for Enterprise, and may others all offer differing degrees of security.

In this presentation Chris John Riley of the Raiffeisen Informatik Security Competence Center team will discuss specific design flaws in the security of “secure” Android container applications that promise to keep your data, passwords and even company email safe and sound should the device fall into the wrong hands. Examples of how these simple flaws can be used to disable or bypass security features will show that even if you think your data is secured, physical access still equals game over.