Jump to navigation Jump to content

Speaker

Miłosz Gaczkowski

Miłosz Gaczkowski

Mobile Security Lead at WithSecure

Basingstoke, United Kingdom

Actions

Miłosz is a mobile security specialist at WithSecure, having previously spent entirely too much time working in academia.

His current work revolves around Mobile Device Management solutions (Do you have a work phone or laptop that's been locked down beyond all reason? Yeah, that), Android device security audits, and complaining about password managers.

Outside of technical work, his primary interests are in education and the culture of education.

Links

Area of Expertise

  • Information & Communications Technology
  • Government, Social Sector & Education

Topics

  • mobile security
  • Mobile Apps
  • cyber security
  • Application Security

Sessions

Per-mission Impossible: Exploring the Android Permission Model and Intents

The way in which Android applications talk to each other is often misunderstood, and it is entirely too common to see apps whose sensitive functionality is completely open to anyone who asks nicely.

This workshop will cover several case studies of overly permissive apps/devices found in the wild, including an OEM's voice recorder application that could be made to start and stop voice recordings without the user's knowledge.

We will go over common implementation flaws, play around with exploiting them from the perspective of an unprivileged application, and explore how an understanding of Android permissions could help us avoid these mistakes.

Sniffing keyboards (Turns out some of them stink)

This lighthearted talk, based on real events at a UK higher education institution, tells the story of unusual attack vectors and the IT industry's struggle with addressing them.

On one sunny day, the anonymous institution started receiving strange IT support tickets - the wireless keyboards in their lecture theatres were running out of battery. There is one notable issue here - the organisation does not install wireless keyboards in these rooms.

Join Miłosz on the adventure of a lifetime as he and his colleagues navigate their way through a possible cyberattack and learn the common techniques used in intercepting and injecting keystrokes in commonly available RF keyboards. This entry-level talk aims to explain the concepts at a high level and raise awareness of strange attack paths.

Events

AppSec Village - DC31 Sessionize Event

August 2023 Las Vegas, Nevada, United States

Security BSides Dublin 2023 Sessionize Event

May 2023 Dublin, Ireland

Miłosz Gaczkowski

Mobile Security Lead at WithSecure

Basingstoke, United Kingdom

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top