With news of a vulnerability in the WhatsApp web extension that could allow hackers to takeover users’ computers using just their phone number and a spate of “DarkHotel” targeted attacks using compromised Wi-Fi networks to hack devices of visiting hotel guests; “…the risks posed by mobile threats are rising and there is still a shortage of trained InfoSec teams to deal with the challenge” says Raul Siles, a highly respected security researcher and one of the few individuals worldwide to earn the GIAC Security Expert (GSE) designation. “Deploying a MDM system is a good first step but it’s not an ‘install and forget’ situation as the environment is much more complicated than say Windows, OS X or Linux and the threats are evolving fast.”
Ahead of the upcoming SANS Gulf Region 2015 in Dubai this October, Siles who will be running the "SEC575: Mobile Device Security and Ethical Hacking" course suggests that organisations need to address several key areas to better cope with the threat posed by mobile devices, “High profile vulnerabilities, that might even combine both the traditional and mobile computing worlds like the recent WhatsApp issue, can serve to highlight what is often an underappreciated threat especially as many of these devices and apps move between the private and work life. This duality of roles forces organisations to think in new ways to enforce management and security policies on devices that are not necessarily owned by the organisation.
As mobile devices start to overtake desktop PC’s, Siles suggests that organisations need to take a closer look at the skill sets of InfoSec professionals charged with protecting environments, “Security training budgets need to reflect the realities of the modern organisation that is increasingly dependent on mobile devices.”
"SANS SEC575: Mobile Device Security and Ethical Hacking" is a 6 day intensive hands-on course that teaches attendees how to capture and evaluate mobile device network activity, analyse strength and weaknesses on each mobile platform, disassemble and analyse mobile code, recognise weaknesses in common or custom mobile applications, and conduct full-scale mobile penetration tests.
As the Gulf Region’s largest Information Security training event, SANS will be offering six vital courses all with an associated GIAC certification covering areas such as pen testing, mobile, web apps, hacker tools and the popular SEC401: Security Bootcamp course.