Spy vs Spy: Spying on Mobile Device Spyware

DEF CON 20

Presented by: Michael Robinson, Chris Taylor
Date: Saturday July 28, 2012
Time: 16:00 - 16:50
Location: Track 4 / Turbo

Commercial spyware is available for mobile devices, including iPhones, Android Smartphones, BlackBerries, and Nokias. Many of the vendors claim that their software and its operation is undetectable on the smartphones after setup is complete. Is this true? Is there a way to identify whether or not some jerk installed spyware on your mobile phone or are you destined to be PWN'd?

This presentation examines the operation and trails left by five different commercial spyware products for mobile devices. Research for both Android and iPhone 4S will be given. A list of results from physical dumps, file system captures, and user files will be presented to show how stealthy the spyware really was. The results from the analysis of the install files will also be presented. From this information a list of indicators will be presented to determine whether or not spyware is on your phone.

Michael Robinson

Michael Robinson a/k/a Flash, conducts forensic examinations of computers and mobile devices for consulting firm in the Washington, DC area. In addition to his day job, he teaches graduate level courses in computer forensics and mobile device forensics at Stevenson University and George Mason University. Prior to his current consulting gig, Flash conducted computer forensic examinations in support of federal law enforcement. He worked for the Department of Defense for a bunch of years doing IT and forensics work. Flash has been in school forever. Eventually he'll get smart. He's building on his Master's in Computer Forensics with a Doctorate in the same field.

Chris Taylor

Chris Taylor is a security researcher and teacher that has been doing IT security, incident response, computer forensics, and mobile device forensics for the last 12 years. His experience comes from doing research, not reading research. Imagine that. He makes fun of his co-presenter constantly. He is also a staunch privacy advocate that hates writing bios.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats