Virtual Mobile Infrastructure Provider Sierraware to Discuss Security Black Holes Created by Certificate Pinning at BSidesSF
CEO Gopal Jayaraman Will Reveal Cert Pinning Risks and How to Regain Visibility
Sunnyvale, CA, April 6, 2015 - Sierraware, a pioneer in virtualization and security, today announced that CEO Gopal Jayaraman will discuss risks brought about by certificate pinning at BSidesSF at 10:00 A.M. PDT, April 19. During his session, titled "Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data Exfiltration," Jayaraman will explain why developers are implementing cert pinning into their mobile apps. He will also describe how certificate pinning works and show how it impacts corporate security strategies.
Today, malicious users and governments can exploit the digital certificate trust model. Certificate authorities (CAs) or intermediate CAs can issue fake certificates, malware can install fake root CA certificates on client machines, and even hardware manufacturers can add forged certificates to laptops and other devices. Recent new headlines illustrate that these dangers are not just theoretical-they are real.
As a result, an increasing number of app developers are using certificate pinning to verify the identity of application servers. Certificate pinning prevents fraud and Man in the Middle (MitM) attacks by validating that a server certificate matches the cert "pinned" to the application. Many of today's most popular mobile apps-including business and social media apps-use certificate pinning.
While certificate pinning improves user privacy, it also exposes a gap in corporate defenses. This is because traditional security controls like firewalls cannot decrypt pinned SSL traffic. As a result, firewalls and Data Loss Prevention (DLP) platforms cannot detect when employees share confidential data through mobile apps. Advanced threat protection (ATP) solutions cannot detect malware sent in mobile apps. The full spectrum of network security solutions lose visibility into cyber threats; certificate pinning creates a black hole in organizations' defenses.
Attend Sierraware's BSidesSF session to learn how attackers can use certificate pinning to bypass security controls. Understand creative strategies and solutions that can help IT Security teams regain visibility into mobile apps that use certificate pinning.
BSides Security is a community-driven event framework developed for and by information security community members. BSidesSF, a two-day event in San Francisco, enables security professionals to both present and participate in an atmosphere that encourages collaboration.
Register to attend the BSidesSF session, "Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data Exfiltration" or learn more about the SierraVMI Virtual Mobile Infrastructure platform.
Sierraware is a leading provider of virtualization and security solutions that change the way applications are accessed and data is secured. Sierraware's virtual mobile infrastructure (VMI) software empowers developers to support all mobile platforms with a single app and to protect data and monitor user activity. SierraVisor Hypervisor and SierraTEE Trusted Execution Environment for ARM® TrustZone® deliver embedded virtualization platforms for ARM-based architectures. Learn more at www.sierraware.com, our blog and on Twitter.