Ransombile, yet another reason to ditch SMS

BSidesLV 2018

Presented by: Martin Vigo
Date: Wednesday August 08, 2018
Time: 18:00 - 18:55
Location: Ground1234!

The general belief is that a mobile device that is locked, encrypted and protected with a PIN or biometrics is a secure device. Personal assistants on mobile devices are very popular like Siri and OK Google. They can perform multiple tasks including calls, sending emails and reading SMS. How secure are they? Can we trust our personal assistants to keep our data safe?With the proliferation of cheap SDR hardware, DIY IMSI catchers, open source tools and still supported broken GSM protocols, targeting mobile communications is easier than ever. But what are the real consequences? It is well known that SMS is not a secure channel but the industry is still hesitant to move away from it. This presentation is yet another nail in the SMS coffin and aims to help push the industry away from supporting it. Ransombile is a tool that can be used in different scenarios to compromise someone’s digital life in less than 2 minutes. Email accounts, financial data, social networks… all gone. Have you ever left your phone on the desk unattended? Do you belief losing your phone only impacts your wallet? This presentation is for you.

Martin Vigo


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats