Augmented reality gaming's first breakout hit has millions of players, and a "game board" that spans the globe, so why are so many fans of Ingress, published by Google spinoff Niantic Labs, unhappy? In brief, it comes down to an exploitable game infrastructure, an active community of people designing and building tools to exploit that infrastructure, and a massive player base that doesn't realize how vulnerable they are. This session will reveal weaknesses in the game's communication infrastructure that have enabled people to build tools and services specifically for the purposes of harassment, cheating, and to track the movements and locations of players. We'll also tear apart a commercially-available game bot and reveal how the bot exploits vulnerabilities in the app to permit bot users to engage in antisocial behavior and destroy the cohesion of a three-year-old player community that spans the globe.
Andrew Brandt is the Director of Threat Research for Blue Coat Systems and runs a malware research lab in which malware behavior is monitored and recorded, both on infected endpoints and over the networks used to communicate, in order to facilitate comprehensive retrospective analysis. Prior to his work in infosec, he was a tech journalist and investigative reporter with a focus on issues surrounding online privacy and digital security.