Spy vs. Spy: Spying on Mobile Device Spyware

Presented at DEF CON 20 (2012), July 28, 2012, 4 p.m. (50 minutes)

Commercial spyware is available for mobile devices, including iPhones, Android Smartphones, BlackBerries, and Nokias. Many of the vendors claim that their software and its operation is undetectable on the smartphones after setup is complete. Is this true? Is there a way to identify whether or not some jerk installed spyware on your mobile phone or are you destined to be PWN'd? This presentation examines the operation and trails left by five different commercial spyware products for mobile devices. Research for both Android and iPhone 4S will be given. A list of results from physical dumps, file system captures, and user files will be presented to show how stealthy the spyware really was. The results from the analysis of the install files will also be presented. From this information a list of indicators will be presented to determine whether or not spyware is on your phone.

Presenters:

• Chris Taylor - Security Researcher
  Chris Taylor is a security researcher and teacher that has been doing IT security, incident response, computer forensics, and mobile device forensics for the last 12 years. His experience comes from doing research, not reading research. Imagine that. He makes fun of his co-presenter constantly. He is also a staunch privacy advocate that hates writing bios.
• Michael Robinson - Consultant
  Michael Robinson a/k/a Flash, conducts forensic examinations of computers and mobile devices for consulting firm in the Washington, DC area. In addition to his day job, he teaches graduate level courses in computer forensics and mobile device forensics at Stevenson University and George Mason University. Prior to his current consulting gig, Flash conducted computer forensic examinations in support of federal law enforcement. He worked for the Department of Defense for a bunch of years doing IT and forensics work. Flash has been in school forever. Eventually he'll get smart. He's building on his Master's in Computer Forensics with a Doctorate in the same field.

Links:

• https://defcon.org/html/defcon-20/dc-20-speakers.html#Robinson
• https://infocon.org/cons/DEF CON/DEF CON 20/DEF CON 20 video and slides/DEF CON 20 - Michael Robinson and Chris Taylor - Spy vs Spy Spying on Mobile Device Spyware - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=nTFY-URUHMw

Similar Presentations:

• Black Hat Asia 2016 / Android Commercial Spyware Disease and Medication
• DEF CON 18 (2010) / My Life As A Spyware Developer
• Black Hat USA 2015 / Commercial Mobile Spyware - Detecting the Undetectable