At Black Hat, mobile and open-source software emerge as key cybersecurity dangers

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Mobile platforms and open-source software emerged as key cybersecurity issues at the annual Black Hat USA cybersecurity conference this week, judging from presentations by a mix of onsite attendees and virtual streaming of briefings from security researchers around the globe.

In his opening keynote remarks, Black Hat founder Jeff Moss summed up the general feeling in the cybersecurity community, which has weathered an explosion of ransomware attacks, a major supply chain exploit and the growth of Russia, China, North Korea and Iran into serious nation-state hacking operations.

“We’re just recognizing that we’re getting punched in the face and we’re trying to figure out what to do about it,” Moss said. “It’s been a really stressful couple of years.”

Here are five key takeaways from a week of Black Hat presentations:

1. The mobile platform is the next frontier for malicious actors

There is mounting evidence that threat actors are turning their considerable resources to exploiting vulnerabilities in mobile platforms. With an estimated 6 billion smartphone subscriptions around the globe, they’re just too attractive an opportunity to pass up.

The attacks on mobile coincide with an increase in zero-day exploits, bugs that are unknown in the security community and therefore unpatched.

Zero-day exploits are market-driven, based on supply and demand. Last year, the zero-day broker Zerodium announced a pause in acquiring Apple iOS exploits because of a high number of submissions. An iPhone zero-day allowed cybercriminals to hack into the mobile devices of 36 international journalists last summer.

Research presented by keynote speaker Matt Tait, chief operating officer of Corellium LLC and a former analyst for GCHQ, the U.K.’s version of National Security Administration, showed how significant this problem is becoming.

“The amount of zero-day exploitation against mobile phone devices is being exploited dramatically,” Tait told conference participants. “We’re only getting a tiny glimpse of what actually may be happening out in the world.”

Part of the problem is that the architecture of some mobile platforms has created its own set of issues. Natalie…

Source…