Phonopticon: Leveraging Low Rent Mobile Ad Services to Achieve State Actor Level Mass Surveillance on a Shoestring Budget

Presented at The Circle Of HOPE (2018), July 20, 2018, 8 p.m. (60 minutes).

By now, we all know that mobile advertisements aren't secure. How would an attacker take advantage of that, though, and spy on people without their consent, knowledge, or interaction? And how do we defend against that? This talk will be a journey through the demand-side of advertising as we put ourselves in the role of an attacker, build an ad-based surveillance system, and unleash it on the masses. Mark will demonstrate how, using the built-in features of advertising demand-side platforms (DSPs), it's easy to build a surveillance system that can track unsuspecting people. He'll demonstrate that some platforms make it much easier than it needs to be, and show that there's more than just geolocations at risk here. Finally, Mark will discuss some ways that everyone can help mitigate this, from the users all the way up to the ad networks and software developers. Like every good spy story, this one includes Russian ad networks, hastily written code, and GPS coordinates - lots of GPS coordinates. By now, if you're still clinging desperately to the hope that your location is safe, then this talk is for you!


Presenters:

  • Mark Milhouse / amne51ac as Mark Milhouse (amne51ac)
    **Mark Milhouse** (@amne51ac) is a computer forensics investigator at Edelson PC, where he investigates high-profile tech-related consumer class action cases (namely digital privacy, security, and fraud) and supports ongoing litigation. Prior to his current position, he served in the United States Marines as a 2651 (Intelligence Systems), deploying to Iraq and supporting various elements within II Marine Expeditionary Force. In his free time, he enjoys cycling, traveling, and endless projects like building obscure web apps.

Links:

Similar Presentations: