Faux Disc Encryption: Realities of Secure Storage on Mobile Devices

by Daniel Mayer, Drew Suarez
Sept. 18, 2017 1 comment Black Hat belen_caty Encryption & Authentication

In this talk, we discuss the challenges mobile app developers face in securing data stored on devices including mobility, accessibility, and usability requirements. Given these challenges, we first debunk common misconceptions about full-disk encryption and show why it is not sufficient for most attack scenarios. We then systematically introduce the more sophisticated secure storage techniques that are available for iOS and Android respectively. For each platform, we discuss in-depth which mechanisms are available, how they technically operate, and whether they fulfill the practical security and usability requirements. We conclude the talk with an analysis of what still can go wrong even when current best-practices are followed and what the security and mobile device community can do to address these shortcomings.


Steven Ulm 8 months ago

A lot of the disk-encryption on the market is not as good as it is believed to be... the reason? making it so would make the costs sky-high.. therefore a small (potential) vulnerability is always an affordable risk to take...