Exposing the Spy in your Pocket

1

I n t r o d u c t i o n s

Mobile devices are ubiquitous3

All that usage creates a lot of raw data

4

Add sensor data that doesn’t rely on usage

5

And you can figure out a lot…

6

In other words…7

Do you trust <insert app here> with all this?

8

Don’t desktops have the same issue?

9

Mobile/IoT Problem

10

So what is your phone doing anyway?

11

Let’s look under the hood12

Things to watch13

Demo

14

Basic Fiddler Setup

15

iPhone Setup

16

iPhone Setup – Connection Proxy

17

<explore>

18

HTTPS Fiddler Setup

19

HTTPS iPhone Setup

20

</explore>

21

What did we see?22

What can we, the poor consumer, do to defend ourselves?

23

Back up, what did we just do?24

What could we have done?

25

Demo

26

Doesn’t this alert the user?27

Not necessarily

28

Pen Pineapple

29

What can we, the devs, do for our users?

30

Inspect

31

Verify certificates

32

OWASP

33

Be your own White Hat

34

Assess your threat risk model35

Security == difficulty level

36

Questions?

37

• Josh.Gillespie@PolarisSolutions.com

• @jcgillespie

All images in the public domain except where otherwise attributed.38