security

Mobile World Congress 2018

mobilephonesecurity936843331Leave a comment
View of the new Fira when flying in to Barcelona

This week it is Mobile World Congress, the biggest event in the mobile industry calendar. If you’re interested in meeting for a chat or just hearing about mobile and IoT security & privacy, I’ll be at the following places!

Sunday 25th February
6th GSMA IoT Summit
13:00-17:30
NH Collection Barcelona Tower Hotel

Copper Horse annual security dinner at a secret location in Barcelona
21:00-late (tweet me or message if you want to come along)

Monday 26th February
4YFN – “Hidden Threats and Opportunities to my Business”
Panelist: “Spotlight – How Data and Cyber Security can make or break a new business?”
16:15-17:15
4YFN (at the old Fira), Fira Barcelona Montjuïc, Av. Reina Maria Cristina

Tuesday 27th February
IoT Tuesday, hosted by Cellusys, supported by JT Group and the IoT Security Foundation
17:00-late Cellusys event – I’ll be giving an opening talk on behalf of the IoT Security Foundation, which will be: “The Ticking Clock”: why security in IoT is critical to how you run your business.
Tweet me if you want to attend.

Wednesday 28th February
16:30-17:30
Why Should we Trust your Digital Security?
Me having a fireside chat in this session with Jean Gonie, VEON: Data, Consumer Protection and the GDPR
Auditorium 3, Hall 4 (on-site at MWC)

I’ll be at a few other events and will generally be around and about the MWC main site all week so please feel free to get in contact. Speaking of Barcelona, we’re holding our next training, “Foundations of IoT Security” in May in the city. More details and sign-up can be found on the IoTSF website.

 

The future of humanity depends on us getting security right in the Internet of Things

mobilephonesecurity936843331Leave a comment



There isn’t a day that goes by now without another Internet of Things (IoT) security story. The details are lurid, the attacks look new and the tech is well, woeful. You would be forgiven for thinking that nobody is doing anything about security and that nothing can be done, it’s all broken.

What doesn’t usually reach the press is what has been happening in the background from a defensive security perspective. Some industries have been doing security increasingly well for a long time. The mobile industry has been under constant attack since the late 1990s. As mobile technology and its uses have advanced, so has the necessity of security invention and innovation. Some really useful techniques and methods have been developed which could and should be transferred into the IoT world to help defend against known and future attacks. My own company is running an Introduction to IoT Security training course for those of you who are interested. There is of course a lot of crossover between mobile and the rest of IoT. Much of the world’s IoT communications will transit mobile networks and many mobile applications and devices will interact with IoT networks, end-point devices and hubs. The devices themselves often have chips designed by the same companies and software which is often very similar.

The Internet of Things is developing at an incredible rate and there are many competing proprietary standards in different elements of systems and in different industries. It is extremely unlikely there is going to be one winner or one unified standard – and why should there be? It is perfectly possible for connected devices to communicate using the network and equipment that is right for that solution. It is true that as the market settles down some solutions will fall by the wayside and others will consolidate, but we’re really not at that stage yet and won’t be for some time. Quite honestly, many industries are still trying to work out what is actually meant by the Internet of Things and whether it is going to be beneficial to them or not. 

What does good look like?

What we do know is what we don’t want. We have many lessons from near computing history that we ignore and neglect security at our peril. The combined efforts and experiences of technology companies that spend time defending their product security, as well as those of the security research community, so often painted as the bad guys; “the hackers” have also significantly informed what good looks like. It is down to implementers to actually listen to this advice and make sure they follow it.

We know that opening the door to reports about vulnerabilities in technology products leads to fixes which bring about overall industry improvements in security. Respect on both sides has been gained through the use of Coordinated Vulnerability Disclosure (CVD) schemes by companies and now even across whole industries.

We know that regular software updates, whilst a pain to establish and maintain are one of the best preventative and protective measures we can take against attackers, shutting the door on potential avenues for exploitation whilst closing down the window of exposure time to a point where it is worthless for an attacker to even begin the research process of creating an attack.

Industry-driven recommendations and standards on IoT security have begun to emerge in the past five years. Not only that, the various bodies are interacting with one another and acting pragmatically; where a standard exists there appears to be a willingness to endorse it and move onto areas that need fixing.

Spanning the verticals

There is a huge challenge which is particularly unique to IoT and that is the diversity of uses for the various technologies and the huge number of disparate industries they span. The car industry has its own standards bodies and has to carefully consider safety aspects, as does the healthcare industry. These industries and also the government regulatory bodies related to them all differ in their own ways. One unifying topic is security and it is now so critically important that we get it right across all industries. With every person in the world connected, the alternative of sitting back and hoping for the best is to risk the future of humanity.

Links to recommendations on IoT security

To pick some highlights – (full disclosure – I’m involved in the first two) the following bodies have created some excellent recommendations around IoT security and continue to do so:

IoT Security Foundation Best Practice Guidelines
GSMA IoT Security Guidelines
Industrial Internet Consortium 

The whole space is absolutely huge, but I should also mention the incredible work of the IETF (Internet Engineering Task Force) and 3GPP (the mobile standards body for 5G) to bring detailed bit-level standards to reality and ensure they are secure. Organisations like the NTIA (the US National Telecommunications and Information Administration), the DHS (US Department for Homeland Security) and AIOTI (The EU Alliance for Internet of Things Innovation) have all been doing a great job helping to drive leadership on different elements of th
ese topics.

I maintain a list of IoT security resources and recommendations on this post.

IoT Security Resources

mobilephonesecurity9368433311 Comment

This is a list of useful documentation and links for anyone interested in IoT security, either for building products or as general reference material. The list is alphabetical and doesn’t denote any priority. I’ll maintain this and update it as new documentation gets published. Please feel free to add links in the comments and I will add them to the list.

Privacy-specific:

Additional papers and analysis of interest:

With special thanks to Mike Horton, Mohit Sethi, Ryan Ng and those others who have contributed or have been collecting these links on other sites, including Bruce Schneier and Marin Ivezic.

Updates:

16th July 2019: Added NIST, W3C, CSDE, IOTAC, OCF and PSA Certified

01st July 2019: Added multiple CCDS, NIST, NISC, ioXt, Internet Society, ENISA, Zachary Crockett, founder and CTO of Particle, Mozilla, IRTF, IoT Security Foundation, CTIA, Bipartisan Group, Trustonic, DIN and European Union

28th August 2018: Added [GDPR] Article 29 Data Protection Working Party, multiple AIOTI links, Atlantic Council, CableLabs, CSA, Dutch Cyber Security Council, ENISA links, European Commission and AIOTI  report, IEEE, IERC, Intel, IEC, multiple IETF links, IRTF, ISOC, IoTSF, ISO/IEC JTC 1 report, Microsoft links, MIT, NTIA, CSCC, OECD links, Ofcom, OWASP, SIAA, SAFECode links, TIA, U.S. Department of Homeland Security and US Senate

3rd July 2018: Updated broken OneM2M report, GSMA IoT security assessment, AIOTI policy doc and IETF guidance links.

6th March 2018: Added NIST draft report on cybersecurity standardisation in IoT.

14th February 2018: Added IoTSI, NIST and IRTF additional links.

1st February 2018: Updated with the following organisations: ENISA, IoT Alliance Australia, ISAC, New York City, NTIA, Online Trust Alliance, OneM2M, OWASP, Smart Card Alliance, US Food & Drug Administration. Added additional papers section.

24th April 2017: Added additional IoTSF links.

5th December 2016: Added GSMA, Nominet and OLSWANG IoT privacy links as well as AIOTI security link.

24th November 2016: Added GSMA self-assessment checklist, Cloud Security Alliance research paper, Symantec paper and AT&T CEO’s guide.

Introducing the work of the IoT Security Foundation

mobilephonesecurity936843331Leave a comment

At Mobile World Congress this year, I agreed to give an interview introducing the IoT Security Foundation to Latin American audiences. If you’re interested in IoT security and our work at the Foundation, you should find this video interesting. Enjoy!

IoT Security from Rafael A. Junquera on Vimeo.

 

Improving IoT Security

mobilephonesecurity9368433311 Comment

I am involved in a few initiatives aimed at improving IoT security. My company wrote the original IoT security strategy for the GSMA and we have been involved ever since, culminating in the publication of a set of IoT Security Guidelines which can be used by device manufacturers through to solution providers and network operators. Here’s a short video featuring me and other industry security experts explaining what we’re doing.

There’s still a long way to go with IoT security and we’ve still got to change the “do nothing” or “it’s not our problem” mindset around big topics like safety when it comes to the cyber physical world. Each step we take along the road is one step closer to better security in IoT and these documents represent a huge leap forward.

When the “Apple Encryption Issue” reached Piers Morgan

mobilephonesecurity936843331Leave a comment

How can we have an intelligent and reasoned debate about mobile device forensics?

I woke up early this morning after getting back late from this year’s Mobile World Congress in Barcelona. It has been a long week and I’ve been moderating and speaking at various events on cyber security and encryption throughout the week. It won’t have escaped anyone’s notice that the “Apple encryption issue” as everyone seems to have referred to it, has been at the top of the news and I have been asked what I think pretty much every day this week. Late last night, I’d seen a twitter spat kicking off between comedy writer and director Graham Linehan and Piers Morgan on the topic, but went to bed, exhausted from the week.

It was still being talked about this morning. My friend Pat Walshe who is one of the world’s leading mobile industry privacy specialists, had quoted a tweet from Piers Morgan:

Ironically, Piers Morgan himself has been accused of overseeing the hacking of phones, something which he has repeatedly denied, despite Mirror Group Newspapers admitting that some stories may have been obtained by illegal means during his tenure and having recently paid compensation to victims of phone (voicemail) hacking, a topic about which I have written in the past.

This week I’ll be up at York St John University where they’ve asked me to teach cyber security to their undergraduate computer scientists. The reason I agreed to teach there was because they highly value ethical concerns, something which I will be weaving into all our discussions this week. The biggest question these students will have this week will be the “what would you do?” scenario in relation to the San Bernadino case.

The truth is, this is not a question of technology engineering and encryption, it is a question of policy and what we as a society want and expect.

The moral aspects have been widely debated with Apple’s Tim Cook bringing, in my view, the debate to a distasteful low by somehow linking the issue to cancer. I’ve tried to stay out of the debate up until now because it has become a circus of people who don’t understand the technical aspects pontificating about how easy it is to break into devices versus encryption activists who won’t accept anything less than “encrypt all the things” (some of whom also don’t understand the technical bits). I sincerely hope that there isn’t a backlash on me here from either side for just voicing an opinion, some friends of mine have deliberately stayed quiet because of this – I’m exercising my right to free speech and I hope people respect that.

The truth is, this is not a question of technology engineering and encryption, it is a question of policy and what we as a society want and expect. If a member of my family is murdered do I expect the police to be able to do their job and investigate everything that was on that person’s phone? Absolutely. Conversely, if I was accused of a crime that I didn’t commit and I wasn’t in a position to handover the password (see Matthew Green’s muddy puddle test), would I also want them to do it? Of course. It is called justice.

Dealing with the world as it is

The mobile phones and digital devices of today replace all of our previous scraps of notepaper, letters, diaries, pictures etc that would have been left around our lives. If someone is murdered or something horrific happens to someone, this information could be used to enable the lawful investigation of a crime. The Scenes of Crime Officer of the past and defence team would have examined all of these items and ultimately present the evidence in court, contributing to a case for or against. Now consider today’s world. Everything is on our phone – our diaries and notes are digital, our pictures are on our phones, our letters are emails or WhatsApp messages. So in the case of the scene of a crime, the police may literally be faced with a body and a phone. How is the crime solved and how is justice done? The digital forensic data is the case.

Remember, someone who has actually committed a crime is probably going to say they didn’t do it. The phone data itself is usually more reliable than witnesses and defendant testimony in telling the story of what actually happened and criminals know that. I’ve been involved with digital forensics for mobile devices in the past and have seen first-hand the conviction of criminals who continually denied having committed a serious crime, despite their phone data stating otherwise. This has brought redress to their victim’s families and brought justice for someone who can no longer speak.

There is no easy answer

On the other side of course, we’re carrying these objects around with us every day and the information can be intensely private. We don’t want criminals or strangers to steal that information. The counter-argument is that the mechanisms and methods to facilitate access to encrypted material would fall into the hands of the bad guys. And this is the challenge we face – there is absolutely no easy answer to this. People are also worried that authoritarian regimes will use the same tools to help further oppress their citizens and make it easier for the state to set people up. Sadly I think that is going to happen anyway in some of those places, with or without this issue being in play.

US companies are also fighting hard to sell products globally and they need to recover their export position following the Snowden revelations. It is in their business interests to be seen to fight these orders in order to s
ell product. It appears that Tim Cook wants to reinforce Apple’s privacy marketing message through this fight. Other less scrupulous countries are probably rubbing their hands in glee watching this show, whilst locally banning encryption, knowing that they’ll continue doing that and attempting to block US-made technology whatever the outcome of the case.

Hacking around

Even now, I have seen tweets from iPhone hackers who are more than capable of an attempt to solve this current case and no doubt they would gain significant amounts financially from doing so – because the method that they develop could potentially be transferable.

This is the same battle that my colleagues in the mobile world fight on a daily basis – a hole is found and exploited and we fix it; a continual technological arms race to see who can do the better job. Piers Morgan has a point, just badly put – given enough time, effort and money the San Bernadino device and encryption could be broken into – it will just be a hell of a lot. It won’t be broken by a guy in a shop on Tottenham Court Road (see my talk on the history of mobile phone hacking to understand this a bit more).

Something that has not been discussed is that we also have a ludicrous situation now whereby private forensic companies seem to be ‘developing’ methods to get into mobile handsets when in actual fact many of them will either re-package hacking and rooting tools and pass them off as their own solutions, as well as purchasing from black and grey markets for exploits, at premium prices. This is very frustrating for the mobile industry as it contributes to security problems. Meanwhile, the Police are being forced to try and do their jobs with not just one hand tied behind their back, it now seems like two. So what should we do about that? What do we consider to be “forensically certified” if the tools are based on fairly dirty hacks?

How do we solve the problem?

We as democratic societies ask and expect our Police forces to be able to investigate crimes under a legal framework that we all accept via the people we elect to Parliament or Senate. If the law needs to be tested, then that should happen through a court – which is exactly what is happening now in the US. What we’re seeing is democracy in action, it’s just messy but at least people in the US and the UK have that option. Many people around the world do not.

On the technical side, we will need to also consider that there are also a multitude of connected devices coming to the market for smart homes, connected cars and things we haven’t even thought of yet as part of the rapidly increasing “Internet of Things”. I hate to say it, but in the future, digital forensics is going to become ever more complex and perhaps the privacy issues for individuals will centre on what a few large technology companies are doing behind your back with your own data rather than the Police trying to do their job with a legal warrant. Other companies need to be ready to step up to ensure consumers are not the product.

I don’t have a clear solution to the overall issue of encrypted devices and I don’t think you’ll thank me for writing another thousand words on the topic of key escrow. Most of the time I respond to people by saying it is significantly complex. The issues we are wrestling with now do need to be debated, but that debate needs to be intellectually sound and unfortunately we are hearing a lot from people with loud voices, but less from the people who really understand. The students I’m meeting next week will be not only our future engineers, but possibly future leaders of companies and even politicians so it is important that they understand every angle. It will also be their future and every other young person’s that matters in the final decision over San Bernadino.

Personally, I just hope that I don’t keep getting angry and end up sat in my dressing gown until lunchtime writing about tweets I saw at breakfast time.

Exploring Threats to IoT Security

mobilephonesecurity936843331Leave a comment

I was recently invited to give a talk on the threat landscape of IoT at Bletchley Park on IoT Security as part of NMI’s IoT Security Summit. Of course you can only touch the surface in 30 minutes, but the idea was to give people a flavour of the situation and to point to some potential solutions to avoid future badness. My company, Copper Horse is doing a lot of work on this topic right now and it is pretty exciting for us to be involved in helping to secure the future for everyone and every thing, right across the world.

If you’re thinking about developing an IoT product or service and need some help with securing it, do feel free to get in touch with us.

Updating the Future

mobilephonesecurity936843331Leave a comment

Later today I’ll be speaking at B-Sides London about software updates and how they are probably the only effective mechanism that can defend users against the malicious use of discovered, exploitable vulnerabilities. Despite that, we still have a long way to go and the rush towards everything being connected could leave users more exposed than they are now.

The recent “effective power” SMS bug in iOS really showed that even with a relatively minor user interface bug, there can be widespread disruption caused and in that case mainly because people thought it would be funny to send it to their friends.

The state of mobile phone updates

In vertical supply chains that are generally wholly owned by the vendor (as in the Apple case), it is relatively straightforward to deploy fixes to users. The device’s security architecture supports all the mechanisms to authenticate itself correctly, pick up a secure update and unpack it, verify and deliver it to the user. The internal processes for software testing and approval are streamlined and consistent so users can get updates quickly. This is not the case for other operating systems. Android users have a very complicated supply chain to deal with unless they have a Google supplied device. Mobile network interoperability issues can also cause problems, so network operators have to drive test every device and approve the updates that come through. Security updates are often bundled with other system updates, meaning that critical security issues can stay open because users just don’t get them fixed for months on end.

That’s if they get an update at all. Some manufacturers have a very chequered history when it comes to supporting devices after they’ve left the factory. If users are not updated and they’re continually exposed to serious internet security flaws such as those experienced with SSL, who is responsible? At the moment it seems nobody is. There is no regulation that says that users must be updated. There seems to be a shift in the mobile industry towards longer software support lifecycles – Microsoft has committed to 36 months support and Google at least 18 months, but there is still a long way to go in terms of ensuring that patch teams at manufacturers remain available to fix security issues and ensuring that an ‘adequate’ end-of-life for products is achieved and communicated properly to users.

The internet of abandoned devices

A lot of IoT devices have no ability to be updated, let alone securely. The foundations are simply not there. There is no secure boot ROM, a secure anchor of trust from which to start from, there is no secure booting mechanism to carefully build up trust as the device starts and web update mechanisms are often not even secured using SSL. Software builds are often as not unencrypted and certainly not digitally signed.

So with this starting point for our future, it appears that many of the hard lessons of the mobile phone world have not seen transference to the IoT world. Even then, we have a lot of future challenges. Many IoT devices or elements of the automotive space are ‘headless’ – they have no user display or interface, so the user themselves has no inkling of what is going on, good or bad. What is often termed “cyber-physical” can rapidly become real issues for people. A problem with an update to a connected health device can really harm a lot of people. Shortly before Google’s acquisition of Nest, a user had tweeted complaining that his pipes had burst. Understanding that certain services cannot just be turned off to allow for an update is key to engineering in this space.

Many of the devices that are planned to be deployed are severely constrained. Updating a device with memory and battery limitations is going to be possible only in limited circumstances. Many of these devices are going to be physically inaccessible too, but still need to be trusted. It’s not simply a question of replacement of obsolete devices – digging a vibration sensor out of the concrete of a bridge is going to be pretty cumbersome. Some of this space will require systems architecture re-thinking and mechanisms to be able to live with the risk. It may be that is simply impossible to have end-to-end security that can be trusted for any real length of time. As engineers if we start from the point that we can’t trust anything that has been deployed in the field and that some of it can’t be updated at all, we might avoid some serious future issues.

10 Inspirational Women in the Mobile Industry

mobilephonesecurity936843331Leave a comment

Today is International Women’s Day and I was thinking about the women who had influenced my thinking in the mobile industry over the past year. I have to say, I thought twice about writing this blog – I didn’t want to patronise or embarrass the individuals mentioned in this piece and that certainly is not my intention. At the end of the day, I have decided to publish as they all deserve to be recognised as the movers and shakers they are in the mobile and/or web and internet security world and after all, the theme this year is “make it happen”!

No more glass ceilings

In alphabetical order, I have included their twitter handles where appropriate, so you can follow them:

Karen Barber, Independent Mobile Business and Startup Advisor

Twitter: @KLBarber

Source: Twitter
I first met Karen at the ForumOxford event in May 2014. She has advised many mobile startups and continues to do so, helping people to productise and bring to market new mobile applications and services. Dedicated, with great connections, she is generous with time and advice.

Anne Bouverot, GSMA

Twitter: @annebouverot

Source: https://www.flickr.com/photos/itupictures/8094137683/ (CC BY 2.0)

As Director General of the GSMA, an association of over 800 member network operators and associate companies, Anne has a huge job to herd the cats of the mobile industry whilst negotiating with the governments of the world over regulatory and policy concerns. She is one of only two women on the Board of the GSMA (Mari-Noëlle Jego-Laveissière of Orange recently joined). Only this week she highlighted that: 1.7 billion women in low and middle income countries don’t own a mobile phone – a gender gap of 200 million.

Melanie Ensign, FleishmanHillard
Twitter: @imeluny

I met Melanie while I was out in Las Vegas for Blackhat and DEFCON in 2014. Determined and skillful, Melanie liaises with the media and the hacking community over security concerns on behalf of some telecom companies. This role requires a head for technology and strong people skills, both of which Melanie has in abundance.

Virginie Galindo, Gemalto

Twitter: @poulpita

Source: https://blog.html5j.org/2013/06/w3c-developer-meetup-tokyo.html

As Chair of the W3C’s Web Crypto group, Virginie has one of the hardest jobs in the web world. The recent rise in interest of encryption on the web has made this activity all the more important. In an almost entirely male group, with some extremely volatile and passionate personalities, Virginie has shown incredible leadership, leading to a seat on the Advisory Board of W3C.

Helen Keegan, Independent Mobile Marketing Specialist

Twitter: @technokitten

Source: https://t
echnokitten.blogspot.co.uk/

Helen is one of the most well known people in the mobile marketing community. She runs the Heroes of the Mobile Fringe series of events every year at Mobile World Congress in Barcelona including the spectacularly popular Swedish Beers. Facilitating connections between startups, mobile companies and VCs. Another unsung heroine of the mobile industry, probably responsible for numerous collaborations between companies that previously would never have met.

Dominique Lazanski, GSMA

Twitter: @dml

Source: Twitter

A well known Internet governance expert, Dominique now advises the GSMA on policy issues and cyber security. She is also on the Board of the UK’s Open Data User Group amongst other things. A true visionary and passionate about securing the future of an open and free internet for all.

Sue Monahan, Small Cell Forum

Source: linkedin

Appointed as CEO of the Small Cell Forum in 2014, Sue has shown great leadership and has made great use of her large global network of mobile industry colleagues to raise the profile of small cells and develop the future of mobile networks.

Marie-Paule Odini, HP

An expert in NFV and SDN (she co-chairs the ETSI NFV SWA working group), Marie-Paule is a Distinguished Engineer at HP and their CTO, EMEA for Communications Media Solutions. Intelligent, resourceful and full of ideas, I had the pleasure of meeting her at ITU World in Qatar where we discussed smart cities, drones and disaster relief.

Natasha Rooney, GSMA

Twitter: @thisNatasha

Source: W3C

Natasha is a Web Technologist for the GSMA and co-chair of the Web and Mobile Interest Group at the W3C. A self-declared geek, she has thrown herself into the role and has taken leadership on quite a few critical issues for the future of the web. She has gained the respect of pretty much everyone I know in a very short space of time (oh and as of the Global Mobile Awards in 2015 is now mates with John Cleese!).

Nico Sell, Wickr

Source: ambassadorialroundtable.org

A staunch defender of privacy, Nico Sell co-founded and is CEO of the privacy and security sensitive messaging app Wickr. Personable and highly intelligent, Nico commands the respect of the hacking community and also runs the successful DEFCON kids event and the R00tz Asylum which is bringing up the next generation of security technologists. At this point, I’ll take the opportunity to apologise to Nico for “borrowing” one of the Stegocat posters at Wickr’s DEFCON party!

Let’s Make it Happen

There are many other women across the past year that have influenced me and that I have not mentioned. Some of those don’t have a public profile or keep themselves to themselves, but they’re also often unrecognised by their own companies. I’m constantly impressed by many women that are often juggling parenting responsibilities with international travel and partners who are also in busy careers.

The simple fact that I’m writing this shows that world society still has a long way to go, even in the West. Most of the meetings I go to are still populated by white middle aged suits (yes, me too!). Whilst most people in my age group have moved on from old stereotypes, you still hear some pretty shocking stories of prejudice and public humiliation towards women by bosses and colleagues.

To the male readers of this blog – I see many meetings where “he who shouts loudest” seems to be the “successful” conclusion of a lot of email discussions and meeting decisions. Next time you’re speaking in a meeting – stop and think: perhaps you should listen to someone else’s view? That person may be the woman next to you who isn’t choosing to engage in the usual testosterone-fuelled meeting argument.

The glass ceilings do still exist, but there are lots of rays of light and it is great to see so many of my friends and colleagues doing so well. Long may it continue until the point we don’t need an International Women’s Day.

If you want to mention a woman in the mobile, security or web world who has inspired you, please leave a comment below!

Edit: 08/03/14 – some small edits and tidy-ups, and to actually put them in alphabetical order!


Security and Privacy Events at Mobile World Congress 2015

mobilephonesecurity936843331Leave a comment

We’ve listed out some interesting Security and Privacy events from 2015’s Mobile World Congress in Barcelona. This year sees a general shift in topic focus to Software Defined Networking (SDN), Network Function Virtualisation (NFV) and Internet of Things (IoT). Security still isn’t a ‘core’ part of MWC – it doesn’t have a dedicated zone for example on-site, but as it pervades most topics, it gets mentioned at least once in every session!

Sunday 1st March 
1) Copper Horse Mobile Security Dinner
21:00 – Secret Location in Barcelona

Monday 2nd March
1) UKTI Cyber Security in the Mobile World lunchtime series: Securing the Internet of Things
12:00 – 12:40, Hall 7, Stand 7C40

14:00 – 15:30 Hall 4, Auditorium 3

3) Security and IdM on WebRTC
15:00 – 14:00 Spanish Pavilion (Congress Square)

4) Ensuring User-Centred Privacy in a Connected World
16:00 – 17:30 Hall 4, Auditorium 3

Tuesday 3rd March 
1) GSMA Seminar Series at Mobile World Congress: Mobile Connect – Restoring trust in online services by implementing identity solutions that offer convenience and privacy for consumers and enterprises 
09:00 – 12:00 Theatre 1 CC1.1

2) Mobile Security Forum presented by AVG 
11:45 – 14:00 – Hall 8.0 – Theatre District -Theatre D

3) UKTI Cyber Security in the Mobile World lunchtime series: Mobile Cyber Security for Businesses 12:45 – 13:25 Hall 7, Stand 7C40

4) Mobile, Mobility and Cyber Security
17:00 – 21:00 Happy Rock Bar and Grill, 373-385 Gran Via de les Corts Catalanes 08015

5) Wireless and Internet Security B2B Matchmaking Event 
18:30 – 22:00 CTTI Carrer Salvador Espriu, 45-51 08908 L’Hospitalet de Llobregat

Wednesday 4th March 
1) UKTI Cyber Security in the Mobile World lunchtime series: Innovation in Cyber Security: Secure by Default 
11:40 to 12:20 Hall 7, Stand 7C40

2) The Explosion of Imaging 
14:00 – 15:00 Hall 4, Auditorium 5

3) The New Security Challenges: Perspectives from Service Providers
16:30 – 17:30 Hall 4, Auditorium 4

Thursday 5th March 
1) Everything is Connected: Enabling IoT
11:30 – 13:00 Hall 4, Auditorium 2

If you’d like a meet up with the Copper Horse team to talk mobile security, IoT or drones, please drop us an email or tweet us @copperhorseuk. We’ll also be demonstrating our progress on securing IoT in the Picosec project on the NQuiringMinds stand in Hall 7: 7C70.

Picosec Project

Feel free to leave a comment with information on any presentations or events we may have missed and we’ll look to add them.

Note: update 13/02/15 to correct Monday time order and add Quobis event.