So you've heard about the Security BSides St John's 2011 event and wonder if you'll sign up to attend? Well if you do you'll be able to take in a variety of information security talks from leaders in the field, while having the opportunity to meet other information security practitioners, and researchers. In this week's 'Reasons to attend Security BSides St John's 2011' I'm highlighting Nicholas Donarski's (Kizz MyAnthia) talk entitled "Weaponizing The Smartphone: Deploying The Perfect WMD":
Weaponizing The Smartphone: Deploying The Perfect WMD
Nicholas Donarski (Kizz MyAnthia)
The acceptance and integration of mobile phones, specifically smartphones, into our everyday life has allowed for these devices to penetrate deep into secure areas. The ability to have your phone along with you at any moment of the day feeds our needs for social media, email, business, and pleasure. This ability and access has allowed the use of smartphones to be bred into devices that rival other penetration testing hardware/software combinations.
Nicholas has developed and created an OS platform package that allows penetration testers and security professionals the ability to test both physical security and technical security without being constrained by computers, cords, or the image of suspicious behavior. The WMD platform package is based on Windows Mobile 6.5 Smartphones and is executed similar to a virtual machine. The WMD package is preloaded with many of the same applications and testing tools that are included with Backtrack 4, www.backtrack-linux.org, there is no affiliation between the two projects, only the similar desire to create a single source of the latest tools, applications, and techniques used by today's security professionals integrating today's latest technologies.
"Weaponizing The Smarphone: Deploying The Perfect WMD" will show the audience how to create a deployable package on a MicroSD card for use on the HTC Rhodium (AT&T Tilt2) or similar Windows Mobile 6.5 smartphone. Then using a test wireless AP, a windows server 2003 VM, and The loaded WMD Smartphone the audience will be presented with a live demonstration of some of the tools including NMap, Metasploit, and The Social Engineering Toolkit to exploit the Windows Server 2003 VM and gain administrative access.
The fundamental security flaw of accepting technology to perform only for what is was "made" for without the expectation of manipulation presented by "Weaponizing The Smartphone: Deploying The Perfect WMD" will help security professionals protect their environments while stimulating "out-of-the-box" thinking.