There's Waldo! Tracking Users via Mobile Apps

Presented at ShmooCon XI (2015), Unknown date/time (Unknown duration)

Sure you assume the NSA can track you, but due to insecure mobile apps, it may be possible for anyone else to track you too. Mobile apps often leverage user location data to provide a custom experience. Unfortunately, as our case studies show, this is often done insecurely, revealing users’ location and compromising privacy.

We will be presenting a case study detailing how we were able to track tens of thousands of users actual locations in realtime, determine pattern of life, and subsequently determine true identities. Using a targeted approach we show just how easy it might be to reveal the identity of and track your favorite athlete, politician, or movie star.

Come for the war stories, leave with best practices and lessons learned!


Presenters:

  • Patrick Wardle
    Colby Moore is Security Research Engineer at Synack, working mainly on breaking emerging technologies. He is a former employee of VRL and has identified 0day vulnerabilities in embedded systems and major applications. Colby prefers focus on that sweet spot where hardware and software meet, usually resulting in interesting... consequences.
  • Colby Moore
    Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Currently he focuses on automated vulnerability discovery, Mac malware. Patrick, a former employee of NSA and VRL, is an experienced vulnerability and analyst, and has found exploitable 0days in major OSs and applications.

Similar Presentations: