Mobile Snitch - Devices telling the world about you

BSidesLV 2012

Presented by: Rodrigo Montoro (Sp0oKeR), Dos Santos
Date: Thursday July 26, 2012
Time: 10:00 - 10:50
Location: Track 3
Track: Underground

This is more of a privacy talk than a security talk. The nature of mobile WiFi device behavior, combined with a lack of user awareness (or attention), could lead someone not only to know what device you use, but also where've you been (and possible where you're heading to), where you work, and in some cases who you are. Some users are security-cautious and use VPNs when connecting company-provided devices to public hotspots, but still there are a large number of people that use a personal mobile device to check corporate emails and other resources. We will also cover how some applications in mobile devices could be spilling out important information about your privacy. This presentation will introduce the proof-of-concept tool Mobile Snitch, which provides easy access to this information.

Dos Santos

With 20 years of experience, throughout his career he has worked with possibly all types of networking technologies on the enterprise and service provider sectors and the security involved in these technologies, especially 802.11 WiFi. He has also developed the Incident Response practices at two networking hardware vendors. Luiz is the creator and co-founder of the y0u Sh0t the Sheriff and Silver Bullet security conferences held in Brazil and has worked on the wireless infrastructure of Blackhat, DefCon, Computer Chaos Congress and Shmoocon. As a public speaker, he has addressed numerous top-level conferences including DEF CON, FIRST, H2HC, HitB Malaysia, Layerone, ShmooCon, BlueHat, THOTCON, ToorCon, SecTor, BayThreat and others. Luiz currently holds many certifications in the information security field.

Rodrigo Montoro

Rodrigo "Sp0oKeR" Montoro is certified LPI, RHCE, SnortCP with 13 years experience deploying open source security software (firewalls, IDS, IPS, HIDS, log management) and hardening systems. At Trustwave, Rodrigo works in the SpiderLabs Research division where he focuses on IDS/IPS Signatures, Modsecurity rules, and new detection research (PDFScore and now working on HTTP Header Research). He is currently coordinator and Snort evangelist for the Brazilian Snort Community and OWASP Brazilian chapter member. Rodrigo has spoken at a number of open source and security conferences (OWASP, Toorcon, H2HC, SecTor, CNASI ) and serves as a coordinator for the creation of new Snort rules, specifically for Brazilian malware.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats