There's Waldo! Tracking Users via Mobile Apps

ShmooCon XI - 2015

Presented by: Colby Moore, Patrick Wardle
Date: Saturday January 17, 2015
Time: 12:00 - 12:50
Location: Belay It

Sure you assume the NSA can track you, but due to insecure mobile apps, it may be possible for anyone else to track you too. Mobile apps often leverage user location data to provide a custom experience. Unfortunately, as our case studies show, this is often done insecurely, revealing users’ location and compromising privacy.

We will be presenting a case study detailing how we were able to track tens of thousands of users actual locations in realtime, determine pattern of life, and subsequently determine true identities. Using a targeted approach we show just how easy it might be to reveal the identity of and track your favorite athlete, politician, or movie star.

Come for the war stories, leave with best practices and lessons learned!

Patrick Wardle

Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Currently he focuses on automated vulnerability discovery, Mac malware. Patrick, a former employee of NSA and VRL, is an experienced vulnerability and analyst, and has found exploitable 0days in major OSs and applications.

Colby Moore

Colby Moore is Security Research Engineer at Synack, working mainly on breaking emerging technologies. He is a former employee of VRL and has identified 0day vulnerabilities in embedded systems and major applications. Colby prefers focus on that sweet spot where hardware and software meet, usually resulting in interesting... consequences.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats