Murray Goldschmidt is co-founder and Chief Operating Officer at Sense of Security, a leading Australian Information Security and Risk Management firm.
He is an IT security specialist with over 10 years commercial IT experience.
Murray is frequently invited to present at conferences, workgroups and seminars and asked to provide expert comment for editorials and publications. Murray has presented on security topics to large audiences at recent conferences including AusCERT 2011, Cyber Security for Government 2011, SCADA CoI 2011, Smart Electricity World Conference 2011, ISACA CACS, Australian Information Security Association (AISA) and the Annual PCI DSS Conference.
Along with a degree in Electrical Engineering, Murray is a Certified Information Systems Security Professional (CISSP) and a Payment Card Industry Qualified Security Assessor (PCI QSA) and an active member of the Australian Information Security Association (AISA).
Help! My Mobile Device Is Spying On Me
The use of mobile devices is now mainstream across all sectors with the very rapid rise in adoption of smartphones and tablet technology. This is the technology that is driving both personal mobility requirements and the mobile workforce revolution, providing access to corporate resources and applications across global networks as well as online access to social platforms.
According to an updated forecast from International Data Corporation (IDC), by 2015, the world's mobile worker population will reach 1.3 billion, representing 37.2% of the total workforce. Asia/Pacific (excluding Japan) will see the largest increase in total number of mobile workers with 601.7 million mobile workers in 2010 and 838.7 million in 2015.
Unfortunately new technologies are not impervious to security vulnerabilities. In particular, technologies that are driven by rampant market demand are more likely to have a longer time- in-market than development time-to-market. This creates an opportunity for widely deployed platforms to be under continuous scrutiny for security flaws by an increasingly technically adept and growing hacker culture. The result of this has been numerous disclosures of high impact security vulnerabilities in popular platforms such as Android and Apple IoS (so much so that the German government issued a security warning to consumers).
Mobile devices are essentially small computers with a number of functions including telephony (voice, video and SMS), collaboration, social networking, mapping and access to corporate resources through email, file sharing and VPN's. This rich feature set, combined with the geo-location functionality (GPS), presents mobile devices as a prime target to gain control over to spy on their owner. The implications to the user of having a compromised mobile device can be very serious including, but not limited to, loss of confidentiality (personal and corporate), abuse of privacy and manipulation for financial gain (toll fraud, insider trading etc.).
A sample scenario to compromise a mobile device for financial gain could be:
Sense of Security has been researching such scenarios and technically evaluating the methods through which successful compromise is most likely to occur. I propose to deliver a 30-40 minute presentation covering our research plus question time covering:
Copyright © 2012 The University of Queensland, authorised by AusCERT Program Committee, maintained by: email@example.com