exposing the spy in your pocket

Download Exposing the Spy in Your Pocket

Post on 22-Jan-2018

161 views

Category:

Technology

3 download

Embed Size (px)

TRANSCRIPT

  • Exposing the Spy in your Pocket

    1

  • I n t r o d u c t i o n s

  • Mobile devices are ubiquitous3

  • All that usage creates a lot of raw data

    4

  • Add sensor data that doesnt rely on usage

    5

  • And you can figure out a lot

    6

  • In other words7

  • Do you trust with all this?

    8

  • Dont desktops have the same issue?

    9

  • Mobile/IoT Problem

    10

  • So what is your phone doing anyway?

    11

  • Lets look under the hood12

  • Things to watch13

  • Demo

    14

  • Basic Fiddler Setup

    15

  • iPhone Setup

    16

  • iPhone Setup Connection Proxy

    17

  • 18

  • HTTPS Fiddler Setup

    19

  • HTTPS iPhone Setup

    20

  • 21

  • What did we see?22

  • What can we, the poor consumer, do to defend ourselves?

    23

  • Back up, what did we just do?24

  • What could we have done?

    25

  • Demo

    26

  • Doesnt this alert the user?27

  • Not necessarily

    28

  • Pen Pineapple

    29

  • What can we, the devs, do for our users?

    30

  • Inspect

    31

  • Verify certificates

    32

  • OWASP

    33

  • Be your own White Hat

    34

  • Assess your threat risk model35

  • Security == difficulty level

    36

  • Questions?

    37

  • Josh.Gillespie@PolarisSolutions.com

    @jcgillespie

    All images in the public domain except where otherwise attributed.38