WEBVTT 1 00:00:00.160 --> 00:00:02.879 Welcome to the deep dive. We cut through the noise 2 00:00:02.960 --> 00:00:05.639 to bring you well the stuff that matters, the insights, 3 00:00:05.719 --> 00:00:09.640 the twists, surprising facts. Today we're digging into something that's 4 00:00:10.080 --> 00:00:14.000 probably in your pocket right now, mobile security. I mean, 5 00:00:14.039 --> 00:00:16.600 think about it, our phones, our tablets, they're not just 6 00:00:16.640 --> 00:00:19.359 for calls anymore, are they. They're basically tiny vaults holding 7 00:00:19.440 --> 00:00:22.239 so much personal data. But just how strong are those 8 00:00:22.320 --> 00:00:25.320 digital walls? How secure is all that incredibly sensitive stuff 9 00:00:25.359 --> 00:00:27.320 you carry around every day? To help us unpack all this, 10 00:00:27.359 --> 00:00:30.559 we're mainly drawing from penetration testing with Colleen net Hunter 11 00:00:30.679 --> 00:00:34.039 by Gerald Tripp. Riebel Trips are Real Pro Season red 12 00:00:34.039 --> 00:00:38.039 Teamer founded TENNESSEC and Harmful Stimulus LC got certifications like 13 00:00:38.119 --> 00:00:42.479 GPN CISSP Solid Credentials, and backing him up are his reviewers, 14 00:00:42.479 --> 00:00:46.280 Doctor James Horlock, cybersecurity manager, ethical hacker, PhD Interesh bringing 15 00:00:46.280 --> 00:00:49.560 experience from Oracle, Big Fortune, five hundred companies, AI Cloud, 16 00:00:50.240 --> 00:00:52.240 a lot of brain power here. So our mission today 17 00:00:52.520 --> 00:00:55.320 cut through the jargon. We want to explore mobile penetration testing, 18 00:00:55.359 --> 00:00:57.960 you know, finding the weaknesses using the tools, but maybe 19 00:00:57.960 --> 00:01:00.479 more importantly, show you why this matters. For detecting your 20 00:01:00.479 --> 00:01:03.280 own digital life, give you that shortcut to really understanding 21 00:01:03.280 --> 00:01:06.359 what's at stake. Let's start by just thinking about how 22 00:01:06.439 --> 00:01:09.719 quickly these things took over smartphones, tablets. You remember the 23 00:01:09.760 --> 00:01:13.239 early ones, like the Palm Pilot, maybe the Neukia communicator. 24 00:01:13.280 --> 00:01:13.879 Early days. 25 00:01:14.079 --> 00:01:15.879 Yeah, attempts at putting things together. 26 00:01:15.640 --> 00:01:19.000 Exactly, but then boom, the iPhone in two thousand and seven. 27 00:01:19.120 --> 00:01:21.159 Android hot on its heels in two thousand and eight. 28 00:01:21.280 --> 00:01:24.079 That wasn't just a new phone, it was a fundamental shift. 29 00:01:24.159 --> 00:01:29.040 They suddenly became these incredibly rich but also well vulnerable 30 00:01:29.200 --> 00:01:30.519 personal data hubs. 31 00:01:30.719 --> 00:01:33.239 That's the key point. The attack surface as we call it, 32 00:01:33.319 --> 00:01:36.920 just exploded. Yeah, and our awareness, our defenses they lagged 33 00:01:36.920 --> 00:01:40.560 behind massively, and that pervasive use it directly feeds into 34 00:01:40.560 --> 00:01:44.200 the rising threat landscape. The convenience, how personal these devices 35 00:01:44.239 --> 00:01:48.319 are makes them prime targets. We're seeing really sophisticated malware now, 36 00:01:48.560 --> 00:01:51.319 stuff designs specifically to go after your mobile banking app, 37 00:01:51.439 --> 00:01:52.280 grab credentials. 38 00:01:52.359 --> 00:01:54.280 Quietly scary stuff it is. 39 00:01:54.359 --> 00:01:58.480 And it's not just apps. The operating systems themselves iOS, Android, 40 00:01:58.560 --> 00:02:01.040 They have vulnerabilities popping up constantly. It's a real cat 41 00:02:01.040 --> 00:02:03.599 and mouse game. So the big question becomes, how do 42 00:02:03.680 --> 00:02:06.840 we get proactive? How do we secure these little pocket 43 00:02:06.840 --> 00:02:09.319 computers before the bad guys find the next hole? 44 00:02:09.439 --> 00:02:11.240 Right, So let's get into that core difference the two 45 00:02:11.319 --> 00:02:14.560 big players, Android and iOS. The numbers are pretty stark, right. 46 00:02:14.960 --> 00:02:17.960 January twenty twenty four, stat Counter had Android at nearly 47 00:02:18.000 --> 00:02:19.759 seventy percent globally. 48 00:02:19.520 --> 00:02:22.199 Yeah, sixty nine point nine to four percent. To be exact, 49 00:02:22.639 --> 00:02:24.879 iOS was around twenty nine point three two percent. 50 00:02:25.039 --> 00:02:28.000 So why is androids so dominant? People usually point to 51 00:02:28.039 --> 00:02:32.199 the open source aspect, right, more manufacturers, different price points. 52 00:02:32.039 --> 00:02:35.439 Absolutely, and that open nature leads directly to a different 53 00:02:35.479 --> 00:02:39.319 security philosophy. It's a tail of two worlds. Really. Android's 54 00:02:39.360 --> 00:02:44.599 openness allows for rootability. That means getting privileged control, like 55 00:02:44.680 --> 00:02:46.800 becoming the super ruser of your own device. 56 00:02:46.960 --> 00:02:48.400 Okay, what does that actually involve? 57 00:02:48.479 --> 00:02:51.479 Well, typically you unlocked the bootloader first. Think of it 58 00:02:51.560 --> 00:02:53.800 like opening a locked door and getting control of the 59 00:02:53.840 --> 00:02:57.479 device's foundation. Then you might install a custom recovery something 60 00:02:57.479 --> 00:03:00.960 like TWRP for doing updates or backup, and then you 61 00:03:01.039 --> 00:03:03.159 root it, often with a tool called magisk. 62 00:03:03.199 --> 00:03:05.759 The magist I've heard of that. What's special about it? 63 00:03:05.759 --> 00:03:08.759 It's clever because it's a systemless rooting method. It gets 64 00:03:08.800 --> 00:03:11.319 you root access without messing with the main system files, 65 00:03:11.479 --> 00:03:13.919 which makes it harder for security checks to spot. So 66 00:03:14.080 --> 00:03:17.680 lots of flexibility for users for developers, but it definitely 67 00:03:17.759 --> 00:03:20.680 creates a different security situation compared to Apple's. 68 00:03:20.240 --> 00:03:23.360 Approach, which is the famous walled garden exactly. 69 00:03:23.759 --> 00:03:28.560 iOS is tightly controlled, closed source, sleek design, intuitive, sure, 70 00:03:28.879 --> 00:03:32.080 but very locked down. Now it is robust, but you 71 00:03:32.120 --> 00:03:35.199 can still get around the restrictions, sometimes through jail breaking. 72 00:03:35.439 --> 00:03:37.599 Right jail breaking? Is that all the same or are 73 00:03:37.599 --> 00:03:38.319 there different kinds? 74 00:03:38.400 --> 00:03:41.599 Good question? Three main types. Tether it means you need 75 00:03:41.599 --> 00:03:43.719 a computer plugged in every time you reboot the phone. 76 00:03:44.199 --> 00:03:46.319 Some my tether lets a boot up okay, but some 77 00:03:46.360 --> 00:03:48.960 features are disabled until you connect to a computer again, 78 00:03:49.400 --> 00:03:51.879 and then there's untethered. That's the goal. Usually it stays 79 00:03:51.919 --> 00:03:54.639 jail broken, fully functional, no computer needed at the first time. 80 00:03:54.919 --> 00:03:57.719 Tools like paloer on end check right one in unzero 81 00:03:57.759 --> 00:03:59.280 over are the names you hear there. 82 00:03:59.360 --> 00:04:02.879 That's a really clear contrast. So Android being open, iOS 83 00:04:02.919 --> 00:04:07.280 being closed, how does that translate into specific security features 84 00:04:07.280 --> 00:04:10.319 on the devices themselves? What's a key Android feature? For instance. 85 00:04:10.479 --> 00:04:13.240 Well, for Android, a big one is its sandbox environment. 86 00:04:13.319 --> 00:04:15.879 It keeps apps isolated from each other and the main 87 00:04:15.919 --> 00:04:19.800 system very important. Plus its permissions model lets you control 88 00:04:19.800 --> 00:04:23.120 what apps can access, and the binder mechanism is crucial 89 00:04:23.199 --> 00:04:26.759 for secure communication between different processes, like a graphic coup 90 00:04:26.839 --> 00:04:29.959 for data. Then you've got paramode networking to control network access, 91 00:04:30.399 --> 00:04:34.560 hardware backed security features Google play protect scanning apps, and 92 00:04:34.600 --> 00:04:37.759 the Android key store for safely storing things like encryption keys. 93 00:04:37.959 --> 00:04:41.600 And on the iOS side, what's the equivalent focus control? 94 00:04:41.680 --> 00:04:46.360 Really? iOS also has sandboxing, but it adds mandatory code signing. Basically, 95 00:04:46.439 --> 00:04:50.319 apps have to come from known, validated sources. Apple has to. 96 00:04:50.279 --> 00:04:53.120 Approve it, so it's harder to run unauthorized stuff. 97 00:04:52.839 --> 00:04:56.759 Much harder. Then there's a hardware security, especially the secure enclave. 98 00:04:57.160 --> 00:04:59.839 Think of it as a separate, secure, little processor of 99 00:05:01.040 --> 00:05:04.199 just for handling encryption keys and sensitive data. Even if 100 00:05:04.240 --> 00:05:06.879 the main chip is compromised, the enclaves stays safe. 101 00:05:06.920 --> 00:05:08.600 That sounds pretty secure. 102 00:05:08.360 --> 00:05:10.920 It is, and secure boot ensures that right from startup, 103 00:05:11.199 --> 00:05:13.920 every piece of software it runs is genuine and has 104 00:05:13.959 --> 00:05:14.839 not been tampered with. 105 00:05:15.120 --> 00:05:19.040 What about that criticism though, that the walled garden, while secure, 106 00:05:19.319 --> 00:05:22.240 maybe makes it harder for outside researchers to find flaws. 107 00:05:22.560 --> 00:05:24.879 That's a valid point. The closed nature can make some 108 00:05:25.000 --> 00:05:28.680 deep dives trickier. But Apple does invest heavily in bug 109 00:05:28.680 --> 00:05:32.160 bounty programs trying to incentivize finding flaws, and they have 110 00:05:32.360 --> 00:05:36.319 large internal security teams. It's a trade off, balancing control 111 00:05:36.399 --> 00:05:38.240 with encouraging security research. 112 00:05:38.439 --> 00:05:42.040 Okay, makes sense. So if these phones are such data 113 00:05:42.040 --> 00:05:46.639 treasure chests and the ocs have these defenses, how do 114 00:05:46.759 --> 00:05:49.759 security pros actually test them? How do they find the cracks? 115 00:05:49.800 --> 00:05:51.639 It feels like digital detective work, it. 116 00:05:51.639 --> 00:05:54.800 Really is, And certain types of vulnerabilities just keep showing 117 00:05:54.879 --> 00:05:58.199 up in mobile apps. Number one is probably insecure data storage. 118 00:05:58.319 --> 00:05:59.319 What does that mean exactly? 119 00:05:59.399 --> 00:06:02.639 It means sensitive stuff, passwords, personal info keys is just 120 00:06:02.720 --> 00:06:07.040 left lying around in unprotected storage locations, maybe plain text 121 00:06:07.360 --> 00:06:10.439 in a database file and log files, sometimes even in 122 00:06:10.480 --> 00:06:12.279 the iOS keychain if not used. 123 00:06:12.079 --> 00:06:14.240 Properly, like leaving the keys under the doormat. 124 00:06:14.319 --> 00:06:17.040 Pretty much, it's like leaving a treasure chest unguarded. You'd 125 00:06:17.040 --> 00:06:18.279 be surprised how often it happens. 126 00:06:18.319 --> 00:06:20.759 I bet I heard a story once about an entire 127 00:06:21.040 --> 00:06:26.279 user database just sitting unencrypted in local storage wild. What 128 00:06:26.279 --> 00:06:28.680 about when you actually use the app inputting data. 129 00:06:28.920 --> 00:06:33.199 Ah that leads to improper input handling. If the app 130 00:06:33.199 --> 00:06:34.480 doesn't check will you type in. 131 00:06:34.360 --> 00:06:36.480 Properly, bad things happen, Bad. 132 00:06:36.279 --> 00:06:40.319 Things like SQL injection, sneaking database commands into a search field, 133 00:06:40.680 --> 00:06:44.360 or cross site scripting XSS in web views within the app, 134 00:06:44.519 --> 00:06:47.759 running malicious code in someone else's session. Then there's weak 135 00:06:47.839 --> 00:06:51.120 or broken authentication passwords that are easy to guess, maybe 136 00:06:51.120 --> 00:06:54.439 hard coded into the app itself or just using insecure 137 00:06:54.439 --> 00:06:55.439 ways to log people in. 138 00:06:55.600 --> 00:06:57.480 Yeah, basic stuff sometimes. 139 00:06:57.079 --> 00:07:00.639 And insufficient transport layer protection. That's about data send over 140 00:07:00.639 --> 00:07:04.240 the network using weak encryption, bad certificates, or just sending 141 00:07:04.279 --> 00:07:08.600 sensitive stuff over plane unencrypted HTTP easy pickings for anyone 142 00:07:08.639 --> 00:07:09.360 listening in Okay? 143 00:07:09.360 --> 00:07:10.800 What else is specific to mobile? 144 00:07:11.120 --> 00:07:15.040 Well? Insecure web view implementations can be risky. That's when 145 00:07:15.040 --> 00:07:18.439 an app displays web content but doesn't lock it down properly, 146 00:07:18.560 --> 00:07:23.560 allowing unexpected code execution. Also, improper handling of deep links, 147 00:07:23.839 --> 00:07:26.160 those links that open specific parts of an app can 148 00:07:26.199 --> 00:07:30.759 sometimes give unauthorized access. And don't forget API security. The 149 00:07:30.800 --> 00:07:33.160 back end systems apps talk to are often a weak 150 00:07:33.199 --> 00:07:37.399 point insecure data handling, broken access control, letting users see 151 00:07:37.480 --> 00:07:40.519 or change data they shouldn't, or error messages that reveal 152 00:07:40.560 --> 00:07:41.399 too much information. 153 00:07:41.680 --> 00:07:43.360 Got it? So that's what they look for. How do 154 00:07:43.399 --> 00:07:45.879 they actually find these things? What techniques did they use? 155 00:07:46.319 --> 00:07:48.879 There are a few main approaches. Static analysis is one. 156 00:07:49.040 --> 00:07:52.360 It's like reading a book, scrutinizing each line. You look 157 00:07:52.360 --> 00:07:55.079 at the app's code or its compiled version without running it. 158 00:07:55.160 --> 00:07:56.199 What tools help with that? 159 00:07:56.560 --> 00:08:00.399 Tools like jabx or gidra are common. They decompile so 160 00:08:00.439 --> 00:08:03.000 you can read something closer to the original code, looking 161 00:08:03.000 --> 00:08:05.160 for flaws, hard coded secrets, things like that. 162 00:08:05.240 --> 00:08:07.959 Okay, so static is looking at the blueprint. What else? 163 00:08:08.240 --> 00:08:12.439 Then there's dynamic analysis. This is observing the application during execution. 164 00:08:12.959 --> 00:08:15.920 You run the app, interact with it, and use tools 165 00:08:15.959 --> 00:08:17.680 to see what it's doing under the hood, like cooking 166 00:08:17.680 --> 00:08:21.519 into it exactly. Tools like freeda let you hook into 167 00:08:21.519 --> 00:08:24.439 the running app, watch its data, even change its behavior 168 00:08:24.439 --> 00:08:28.160 in real time to test things. And finally, there's reverse engineering. 169 00:08:28.399 --> 00:08:31.800 This is like deconstructing as much as building. Taking the 170 00:08:31.839 --> 00:08:35.720 compiled app the AP profile for Android or IPA for iOS, 171 00:08:35.960 --> 00:08:38.559 and breaking it down into a more understandable format, why 172 00:08:38.600 --> 00:08:42.600 do that? To find hidden logic bypass security checks, understand 173 00:08:42.600 --> 00:08:45.799 how it really works. Tools like Hopper or Ida pro 174 00:08:45.919 --> 00:08:48.679 are the heavy hitters here. It's painstaking work. 175 00:08:48.519 --> 00:08:50.679 Sounds like it, and for people wanting to learn the stuff, 176 00:08:50.679 --> 00:08:51.159 hands on. 177 00:08:51.480 --> 00:08:55.519 Practice is key. There are intentionally vulnerable apps out there 178 00:08:55.600 --> 00:08:59.240 safe training grounds these like Diva, Damn insecure and vulnerable 179 00:08:59.279 --> 00:09:02.480 app Cure, Bank, feed too, o, Wasp, goat Droid. 180 00:09:02.759 --> 00:09:04.240 How do those help well? 181 00:09:04.360 --> 00:09:06.919 You can try exploding known issues in a safe space, 182 00:09:07.519 --> 00:09:11.840 for example, finding sensitive data leaked via androids logging system blogcat, 183 00:09:12.559 --> 00:09:16.240 or finding hard coded passwords by treating the APK file 184 00:09:16.639 --> 00:09:20.399 like a ZIP archive and digging inside. You can practice 185 00:09:20.399 --> 00:09:23.919 SQL injection with simple inputs like ORR one equals one, 186 00:09:24.960 --> 00:09:28.120 or use the Android debug Bridge ADB to try and 187 00:09:28.159 --> 00:09:31.960 bypass access controls on certain app screens. It's learning by doing, 188 00:09:32.200 --> 00:09:33.200 which is crucial here. 189 00:09:33.360 --> 00:09:35.879 Right, that makes sense, But then things get really interesting. 190 00:09:35.919 --> 00:09:38.440 When we talk about Colleen net Hunter, this feels like 191 00:09:38.480 --> 00:09:39.879 a different level entirely. 192 00:09:40.000 --> 00:09:42.519 It really is a game changer. Colleen net Hunter essentially 193 00:09:42.519 --> 00:09:45.120 puts the power of Collie Linux, the main penetration testing 194 00:09:45.159 --> 00:09:47.440 operating system, onto your Android phone. 195 00:09:47.480 --> 00:09:49.320 So turning your phone into the hacking. 196 00:09:48.960 --> 00:09:53.799 Tool precisely, and it enhances these operations significantly. Take wireless exploitation. 197 00:09:54.000 --> 00:09:56.399 Net Hunter often comes with kernel support for a POH 198 00:09:56.480 --> 00:09:59.360 two point one point one wireless injection meaning meaning you 199 00:09:59.399 --> 00:10:02.000 can intercept monitor even in jet traffic into Wi Fi 200 00:10:02.000 --> 00:10:05.159 networks directly from your phone. Full monitor mode lets you 201 00:10:05.279 --> 00:10:07.519 just passively listen to all nearby Wi Fi tracks. 202 00:10:07.559 --> 00:10:08.919 Aw, what tools does it use for that? 203 00:10:09.360 --> 00:10:13.480 Standard Collie tools often integrated things like air cracking for 204 00:10:13.559 --> 00:10:17.639 cracking Wi Fi passwords, gizmt for discovering networks even hidden ones. 205 00:10:18.279 --> 00:10:20.799 Your phone becomes a portable Wi Fi auditing station. 206 00:10:21.000 --> 00:10:22.559 Okay, that's wireless. What else? 207 00:10:22.759 --> 00:10:26.039 Each idea attacks human interface device. Nt hunter lets your 208 00:10:26.039 --> 00:10:28.120 phone pretend to be a keyboarder mouse when plugged into 209 00:10:28.159 --> 00:10:29.039 a computer. 210 00:10:28.919 --> 00:10:30.679 Like the infamous rubber ducky. 211 00:10:30.679 --> 00:10:34.799 Exactly like that, Yeah, bad USB duck hunter attacks. Plug 212 00:10:34.840 --> 00:10:38.039 your phone in and it can automatically type commands, run scripts, 213 00:10:38.080 --> 00:10:39.480 potentially take over the machine. 214 00:10:39.519 --> 00:10:41.240 That's sneaky, very. 215 00:10:41.639 --> 00:10:44.159 And then there's the kex manager. This lets you run 216 00:10:44.159 --> 00:10:47.399 a full Collie Linux graphical desktop. Plug your phone into 217 00:10:47.440 --> 00:10:50.320 a monitor, connect a Bluetooth keyboard and mouse. 218 00:10:50.080 --> 00:10:51.559 And you have a full desktop, a. 219 00:10:51.559 --> 00:10:55.840 Virtually identical Collie desktop experience. It brings the extensive capabilities 220 00:10:55.879 --> 00:10:58.799 of Kalie Linux into a mobile form factor, super discrete, 221 00:10:58.960 --> 00:11:00.639 super powerful, incredible. 222 00:11:00.720 --> 00:11:03.320 What about network standing and exploitation. 223 00:11:03.000 --> 00:11:06.559 Built in n map scan pain makes complex network scans easier, 224 00:11:06.639 --> 00:11:09.799 and it integrates the metasplit framework, the standard tool for 225 00:11:09.840 --> 00:11:13.320 finding and using exploits, creating payloads to get command execution, 226 00:11:13.440 --> 00:11:17.799 privileged escalation, or creating backdoors. It also has specialized tool 227 00:11:17.840 --> 00:11:22.360 sets like bluetooth arsenal tools like ubertooth support for specific 228 00:11:22.440 --> 00:11:25.919 hardware like the NRF five one for really deep bluetooth sniffing, 229 00:11:26.200 --> 00:11:29.279 even car Whisperer for messing with car audio systems via. 230 00:11:29.240 --> 00:11:31.399 Bluetothe ceriously car audio Yeah. 231 00:11:31.279 --> 00:11:35.080 Injecting a recording audio and USB arsenal lets the phone 232 00:11:35.080 --> 00:11:39.039 emulate other USB devices, flash drives, network cards useful for 233 00:11:39.120 --> 00:11:40.879 more complex bad USB. 234 00:11:40.639 --> 00:11:42.679 Style attacks, and I guess it can do standard network 235 00:11:42.679 --> 00:11:43.240 attacks too. 236 00:11:43.320 --> 00:11:47.440 Oh yeah, Advanced network attacks ARP scoofing with ttercap to 237 00:11:47.480 --> 00:11:51.000 redirect traffic through your phone and still credentials, DNS hijacking 238 00:11:51.039 --> 00:11:54.639 with dn's mask to send victims to fake websites even 239 00:11:54.720 --> 00:11:58.440 ssltls stripping with SSL strip to try and downgrade HTTPS 240 00:11:58.480 --> 00:12:00.960 connections to planastdps so you can read the traffic. 241 00:12:01.279 --> 00:12:04.480 So having that capability right there in your pocket, it 242 00:12:04.559 --> 00:12:08.279 must change how defenders think about threats. Right, attackers could 243 00:12:08.320 --> 00:12:08.840 be anywhere. 244 00:12:08.960 --> 00:12:13.440 Fundamentally, it makes network attacks much more localized and potentially 245 00:12:13.480 --> 00:12:17.240 harder to trace back to a traditional source. How do 246 00:12:17.279 --> 00:12:20.080 you defend when the attack tool could be the phone 247 00:12:20.120 --> 00:12:21.360 of the person sitting next to you? 248 00:12:21.399 --> 00:12:24.759 A really unsettling thought. Okay, let's switch gears slightly. Talk 249 00:12:24.759 --> 00:12:27.440 about the people doing this work. A career in mobile 250 00:12:27.480 --> 00:12:30.440 security sounds intense dynamic. 251 00:12:30.720 --> 00:12:34.399 It definitely is challenging, yes, but also really rewarding. You 252 00:12:34.399 --> 00:12:37.159 get the satisfaction of making a real impact protecting people 253 00:12:37.159 --> 00:12:37.759 and companies. 254 00:12:37.919 --> 00:12:40.720 What's the foundation someone needs to get into this field? 255 00:12:40.840 --> 00:12:46.279 Well, First, programming prowess helps immensely understanding languages like Java, Swift, Cotlin, 256 00:12:46.399 --> 00:12:50.320 Objective C, the very languages that bring mobile applications to life. 257 00:12:50.519 --> 00:12:51.720 Why is that so important? 258 00:12:51.840 --> 00:12:54.440 Because it lets you not only build secure apps, but 259 00:12:54.519 --> 00:12:58.639 also spot weaknesses in other people's code, things like buffer overflows, 260 00:12:58.679 --> 00:13:01.960 memory leaks, logic flaws us. Second, you need to dive 261 00:13:02.000 --> 00:13:05.559 deep into the mobile operating systems, really understand the intricate 262 00:13:05.600 --> 00:13:09.039 mechanisms of both iOS and Android, how they work, how 263 00:13:09.039 --> 00:13:11.840 they're secured, where the potential weak spots. 264 00:13:11.559 --> 00:13:14.240 Are makes sense. You need to know the territory exactly. 265 00:13:14.679 --> 00:13:17.879 And third, reverse engineering we touched on it earlier. It's 266 00:13:17.919 --> 00:13:21.480 the investigative art of taking compiled apps apart with tools 267 00:13:21.519 --> 00:13:24.240 like j DX or Hopper to see how they tick 268 00:13:24.360 --> 00:13:25.559 and find hidden flaws. 269 00:13:25.879 --> 00:13:30.039 So solid technical skills, what about proving those skills? Certifications? 270 00:13:30.159 --> 00:13:34.440 Certifications definitely help validate your knowledge. The OSP Offensive Security 271 00:13:34.519 --> 00:13:38.840 Certified Professional is widely respected, often called a transformative experience 272 00:13:39.120 --> 00:13:41.840 because it's so hands on and practical for pen testers. 273 00:13:42.360 --> 00:13:47.480 Others like CEH Certified Ethical Hacker, GPN, GAD Penetration Tester, 274 00:13:47.879 --> 00:13:53.120 GAOIB Mobile Device Security Analysts are valuable, and CISP is 275 00:13:53.159 --> 00:13:57.600 a broader, globally recognized credential covering security theory and management. 276 00:13:57.840 --> 00:14:00.480 It shows a well rounded understanding concerts. 277 00:14:00.559 --> 00:14:03.159 This field changes so fast. How do people stay current? 278 00:14:03.279 --> 00:14:05.159 It feels like you blink and there's a new threat. 279 00:14:05.240 --> 00:14:08.159 You're absolutely right. Continuous learning is non negotiable. It's not 280 00:14:08.200 --> 00:14:11.679 just about reacting. It's about anticipating shifts. Conferences are huge 281 00:14:11.720 --> 00:14:15.559 obviously black hat def Con they're iconic. Defcon especially was 282 00:14:15.600 --> 00:14:18.240 a paradigm shift in how we think about security. Cons. 283 00:14:18.279 --> 00:14:19.919 Are there specific ones good for mobile? 284 00:14:20.039 --> 00:14:22.559 Look for specialized tracks at the big cons, but also 285 00:14:22.600 --> 00:14:26.559 events like b sides often more community driven nullcn Avy Tokyo. 286 00:14:26.919 --> 00:14:30.759 They often have really focused cutting edge mobile talks. Hope 287 00:14:30.919 --> 00:14:35.519 Ackers on Planet Earth and CCC Chaos Computing Congress are 288 00:14:35.519 --> 00:14:37.879 also great for broader hacker culture and learning. 289 00:14:38.039 --> 00:14:40.399 What about smaller scale local stuff. 290 00:14:40.480 --> 00:14:44.440 Definitely local meetups, workshops over at tea, chapter meetings, even 291 00:14:44.440 --> 00:14:47.240 in formal twenty six hundred meetings. They're a celebration of 292 00:14:47.240 --> 00:14:50.440 a culture dedicated to learning and great for networking and 293 00:14:50.559 --> 00:14:54.720 online hubs are essential security blogs Crebs on Security, Schneier 294 00:14:54.799 --> 00:14:58.159 on Security, or classics podcasts like The cyber Wire or 295 00:14:58.240 --> 00:15:01.519 Darknet diaries, following key people in groups on social media, 296 00:15:01.600 --> 00:15:05.120 hoc five IPsec, live Overflow, Tango SEC, individual researchers. 297 00:15:05.360 --> 00:15:07.879 It's a constant stream of info, soaking it all in. 298 00:15:07.759 --> 00:15:11.039 And actively using continuous learning platforms. Of course, serah You 299 00:15:11.159 --> 00:15:13.519 to Me plural site. These aren't just for starting out. 300 00:15:13.759 --> 00:15:17.120 They help with proactive efforts to keep skill sharp, and finally, 301 00:15:17.120 --> 00:15:20.320 building a strong professional network. It's cliche, but who you 302 00:15:20.399 --> 00:15:25.159 know often complements what you know. How so mentorship, collaboration, opportunities, 303 00:15:25.440 --> 00:15:28.480 just bouncing ideas off people, getting advice when you're stuck. 304 00:15:29.159 --> 00:15:33.879 It accelerates learning. Having a good LinkedIn profile, engaging on Twitter, Reddit, 305 00:15:34.120 --> 00:15:37.559 contributing on GitHub. It all helps build that network. 306 00:15:37.639 --> 00:15:41.159 Okay, so looking ahead now the crystal ball time? What's 307 00:15:41.200 --> 00:15:44.080 coming next in mobile security? This ever evolving field, this 308 00:15:44.240 --> 00:15:45.759 dance between offense and defense. 309 00:15:45.840 --> 00:15:49.039 Well, we're definitely seeing some emerging thread areas gaining traction. 310 00:15:50.080 --> 00:15:51.320 ARVR vulnerabilities, for. 311 00:15:51.279 --> 00:15:54.799 One, augmented in virtual reality. How are they a security risk? 312 00:15:55.120 --> 00:15:57.759 Think about it? They blend the physical and virtual world. 313 00:15:58.480 --> 00:16:02.879 AR could create physically unsafe situations through misleading overlays. VR 314 00:16:02.960 --> 00:16:05.759 raises huge questions about data privacy, what you look at, 315 00:16:05.799 --> 00:16:10.000 your reactions, and even potential for emotional manipulation, new territory, new. 316 00:16:09.960 --> 00:16:10.960 Risks, and un settling. 317 00:16:11.039 --> 00:16:14.120 What else AI based mobile threats. We hear a lot 318 00:16:14.159 --> 00:16:16.639 about AI for security, but AI can be used against 319 00:16:16.639 --> 00:16:19.919 it too, Like what adversarial attacks where you subtly change 320 00:16:19.919 --> 00:16:23.440 input data to fool an AI system, making malware look 321 00:16:23.519 --> 00:16:28.080 benign or tricking facial recognition and poisoning attacks where you 322 00:16:28.159 --> 00:16:31.080 feed bad data into an AI model over time to 323 00:16:31.080 --> 00:16:34.639 skew its learning, maybe teaching it to eventually flag legitimate 324 00:16:34.720 --> 00:16:35.360 sites as. 325 00:16:35.240 --> 00:16:38.759 Phishing, wow weaponizing AI and edge computing threats. 326 00:16:39.320 --> 00:16:42.240 As more processing happens on the device itself rather than 327 00:16:42.279 --> 00:16:45.440 in the cloud, it creates more new entry points for 328 00:16:45.519 --> 00:16:48.000 attackers and risks of localized attacks. 329 00:16:48.120 --> 00:16:51.840 So the threats are evolving, but hopefully the defenses are too. 330 00:16:52.000 --> 00:16:54.960 Absolutely there's a lot of work happening on the defensive side. 331 00:16:55.039 --> 00:16:57.600 Enhanced encryption is a big one. People are working on 332 00:16:57.759 --> 00:17:01.559 post quantum cryptography designed to with DAN future quantum computers, 333 00:17:01.840 --> 00:17:04.759 plus more alliance on hardware security, those secure enclaves we 334 00:17:04.799 --> 00:17:08.599 talked about isolated microprocessors to guard the really sensitive stuff. 335 00:17:08.640 --> 00:17:12.559 What about logging In biometrics, Enhanced biometrics are getting better, 336 00:17:13.160 --> 00:17:16.759 moving beyond just fingerprints to a reliable facial recognition, IRIS scanning, 337 00:17:17.119 --> 00:17:18.759 even vein pattern authentication. 338 00:17:19.799 --> 00:17:24.480 The trend is towards multimodal biometric systems, using multiple methods 339 00:17:24.519 --> 00:17:27.359 together for much stronger authentication, harder to fool. 340 00:17:27.599 --> 00:17:28.119 Makes sense. 341 00:17:28.759 --> 00:17:31.720 Secure boot mechanisms are also getting more sophisticated, making sure 342 00:17:31.759 --> 00:17:34.000 that from the second you turn the device on, every 343 00:17:34.000 --> 00:17:36.440 piece of software it runs is genuine and has not 344 00:17:36.440 --> 00:17:39.440 been tampered with. It protects the entire chain of trust. 345 00:17:39.559 --> 00:17:41.920 And AI. On the defensive side, yes. 346 00:17:41.880 --> 00:17:46.039 AI in mobile security is becoming huge, using AI and 347 00:17:46.119 --> 00:17:49.559 even large language models like chat GPT to improve threat detection, 348 00:17:49.680 --> 00:17:53.000 analyze massive logs for subtle patterns, even automate some of 349 00:17:53.000 --> 00:17:55.880 the basic penetration testing works so human experts can focus 350 00:17:55.920 --> 00:17:56.920 on the harder problems. 351 00:17:56.960 --> 00:17:59.480 What about things like five G and the Internet of Things? 352 00:17:59.559 --> 00:18:03.119 That's the sword. More connectivity is great, but five G 353 00:18:03.319 --> 00:18:06.839 and the explosion of IoT devices vastly expand the attack 354 00:18:06.880 --> 00:18:11.359 surface billions more connected things. It means meticulous security considerations 355 00:18:11.359 --> 00:18:13.960 are needed at every level, more than ever before. 356 00:18:14.240 --> 00:18:18.680 Prue, what an incredible journey we've covered, from the basics 357 00:18:18.680 --> 00:18:23.160 of android and iOS security, through finding vulnerabilities, the power 358 00:18:23.200 --> 00:18:27.359 of tools like net hunter, building a career right up 359 00:18:27.359 --> 00:18:30.039 to future threats and defenses. It really hammers home that 360 00:18:30.119 --> 00:18:33.920 in this dynamic domain, continuous learning and adapting aren't just 361 00:18:34.480 --> 00:18:37.599 nice to have, so they're essential. The game keeps changing. 362 00:18:37.880 --> 00:18:40.519 It absolutely does. And maybe the final thought to leave 363 00:18:40.559 --> 00:18:43.319 you with is this, given how fast mobile tech and 364 00:18:43.359 --> 00:18:47.559 cyber threats are moving, how can we individuals, organizations get 365 00:18:47.559 --> 00:18:51.759 beyond just reacting. How do we build a truly proactive mindset, 366 00:18:51.759 --> 00:18:54.400 one where we're trying to anticipate that next wave of 367 00:18:54.440 --> 00:18:57.559 attacks before they even hit. That's the real challenge, isn't 368 00:18:57.559 --> 00:18:59.279 it the puzzle we're all trying to piece together. 369 00:18:59.519 --> 00:19:01.839 That is a powerful thought, a great place to pause. 370 00:19:01.920 --> 00:19:04.960 We really encourage you listening to explore this further. Maybe 371 00:19:05.000 --> 00:19:07.720 look into net hunter, or research a vulnerability that relates 372 00:19:07.720 --> 00:19:09.960 to an app you use daily, or check out some 373 00:19:10.000 --> 00:19:13.480 of those advanced defenses like multimodal biometrics. Keep learning, keep 374 00:19:13.559 --> 00:19:15.799 asking questions, and let's all play a part in making 375 00:19:15.799 --> 00:19:19.119 our increasingly digital world just a little bit safer. Thanks 376 00:19:19.119 --> 00:19:20.480 for joining us on the deep Dive.