At the end of 2023, the Office of the Inspector General released a study of mobile security at ICE. The analysis showed that ICE employees and contractors had many risky and malicious apps on their mobile devices, even though those devices were enrolled in a top-notch MDM (Mobile Device Management) system and were using Mobile Threat Defense tools as well. OIG recommended that ICE use the CISA MAV (Mobile App Vetting) service which can identify these unknown risks.

MDM systems have been around for over a decade, and are prevalent in the enterprise, yet they were never intended to be security tools – rather they are meant to control the device. BYOD is also prevalent in many small, medium, and even large enterprise settings as well, exposing those users and their employers to even greater risk.

In this talk, we will cover the common and uncommon risks unique to the mobile landscape, and how to identify and avoid them at scale. The talk will provide real-world examples of zero-days discovered by Quokka (previously Kryptowire) researchers – the folks who first identified that TikTok was sending data to China 7 years ago.

Takeaways from your talk:

  • The difference between MDM, MTD, and zero-day detection on Mobile
  • Understanding of the unique risks in Mobile Devices and how they differ from traditional threats
  • Recognizing malicious apps, and how that differs from traditional malware detection
  • Real world examples of malicious and dangerous mobile apps in an enterprise setting

September 5 @ 15:15
15:15 — 16:00 (45′)

Ilya Dreytser