1. InfoconDB
  2. Black Hat
  3. Black Hat Asia 2017
  4. Mobile-Telephony Threats in Asia

Mobile-Telephony Threats in Asia

Presented at Black Hat Asia 2017, March 31, 2017, 2:15 p.m. (60 minutes)

Over the last 10 years, the number of mobile subscribers has largely increased overtaking the world global population in October 2014. In countries like India and China, mobile users represent now 90% of the active population, more than traditional landline.<br> As a consequence, cybercrime has started adopting mobile-telephony channels (cellular networks) as a way to reach potential victims and perform attacks like social engineering, spear phishing and targeted attacks.<br><br> In this talk, we shed light on the telephony cybercrime ecosystem by discussing the results of a mobile-telephony honeypot we recently deployed in Asia. By using honeypot sim-cards that we controlled and during a period of seven months, we collected thousands of malicious SMS and fraudulent calls, accounting for over 800 spam messages, hundreds of scams, frauds, voice-over-ip phishing attempts and others. We discuss how cybercrime makes use of mobile-telephony channels and provide examples of how mobile users are concretely threatened.

Presenters:

  • Payas Gupta - Data Scientist, Pindrop
    Dr. Payas Gupta is a Data Scientist at Pindrop, Atlanta, US. Prior to joining Pindrop, he was a research scientist at New York University Abu Dhabi, UAE. His primary research interests revolve around telephony security and human aspects of security. Since, telephony and the web are converging, he is exploring security issues in telephony security domain. He is also involved in many research projects related to human subjects and user authentication for smartphones. He has won best paper awards for his recent work on telephone honeypot (Phoneypot) at NDSS 2015 and on keystroke biometrics at NDSS 2013. His work has been published in top security conferences including CCS, Usenix Security and NDSS. He is a frequent participant and a speaker to the work of the M3AAWG VTA-SIG (Voice and Telephony Abuse Special Interest Group). He has given plenty of talks in major security conferences and events including RSA. Some of the detection systems resulted from his recent research on Phoneypot have been integrated in commercial products distributed by Pindrop, that specializes in phone fraud detection to protect enterprise call centers, and other various other robocall blocking companies. Payas obtained his Ph.D. from School of Information System at Singapore Management University, Singapore in 2013 and Bachelor of Technology in Communication and Computer Engineering from The LNM Institute of Information Technology, Jaipur, India in 2008. Payas was also a visiting scholar for a year in CyLab and Heinz College, Carnegie Mellon University, US in 2011.
  • Marco Balduzzi - Senior Research Scientist, Trend Micro
    Dr. Marco Balduzzi holds a Ph.D. in applied security from Télécom ParisTech and a M.Sc. in computer engineering from the University of Bergamo. His interests concern all aspect of computer security, with particular emphasis on real problems that affect systems and networks. Some topics of interest are web and browser security, code analysis, malware detection, cybercrime, online privacy, and threats in the IoT space. He has been involved in IT security for over ten years with international experiences in both industry and academia. With previous experience as security consultant and engineer, he is now a full-time research scientist at Trend Micro. He gave other twenty talks in major security events like Black Hat, Hack In The Box, and OWASP AppSec. His work has been published in the proceedings of top peer-reviewed conferences like NDSS, RAID and ACSAC, and featured by distinguished media like Forbes, The Register, Slashdot, InfoWorld, DarkReading, BBC, and CNN. He now sits in the review board of conferences, including Hack In The Box, OWASP AppSec, DIMVA and IEEE.
  • Lion Gu - Senior Threat Researcher, Trend Micro, Inc.
    Lion Gu is a senior threat researcher at Trend Micro, Inc. He has been a security professional over 13 years. His researches cover various fields, including malware analysis, mobile security, and underground cybercriminal economy. He has spoken at several conferences like RuxCon, AVAR, AsiaCCS, and RISE.

Links:

Similar Presentations: