Post on 22-Jan-2018
Exposing the Spy in your Pocket
1
I n t r o d u c t i o n s
Mobile devices are ubiquitous3
All that usage creates a lot of raw data
4
Add sensor data that doesn’t rely on usage
5
And you can figure out a lot…
6
In other words…7
Do you trust <insert app here> with all this?
8
Don’t desktops have the same issue?
9
Mobile/IoT Problem
10
So what is your phone doing anyway?
11
Let’s look under the hood12
Things to watch13
Demo
14
Basic Fiddler Setup
15
iPhone Setup
16
iPhone Setup – Connection Proxy
17
<explore>
18
HTTPS Fiddler Setup
19
HTTPS iPhone Setup
20
</explore>
21
What did we see?22
What can we, the poor consumer, do to defend ourselves?
23
Back up, what did we just do?24
What could we have done?
25
Demo
26
Doesn’t this alert the user?27
Not necessarily
28
Pen Pineapple
29
What can we, the devs, do for our users?
30
Inspect
31
Verify certificates
32
OWASP
33
Be your own White Hat
34
Assess your threat risk model35
Security == difficulty level
36
Questions?
37
• Josh.Gillespie@PolarisSolutions.com
• @jcgillespie
All images in the public domain except where otherwise attributed.38