A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget - Mark Milhouse Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget
Mark Milhouse
Derbycon 2018

By now we all know that mobile advertisements aren't secure. How would an attacker take advantage of that, though, and spy on people without their consent, knowledge or interaction, and how do we defend against it? Let's take a journey through the demand-side of advertising as we put ourselves in the role of an attacker, build an ad-based surveillance system, and unleash it on the masses. I'll demonstrate how, using the built-in features of advertising Demand Side Platforms (DSPs), it's easy to build a surveillance system that can track unsuspecting people. I'll demonstrate that some platforms make it much easier than it needs to be, and I'll show that there's more than just geo-locations at risk here. Finally I will discuss some ways that everyone can help mitigate this, from the users, all the way up to the ad networks and software developers. Like every good spy story, this one includes Russian ad networks, hastily written code, and GPS coordinates - lots of GPS coordinates. By now if you're still clinging desperately to the hope that your location is safe then this talk is for you!

Mark Milhouse is a Computer Forensics Investigator at Edelson PC where he investigates high-profile tech-related consumer class action cases (namely digital privacy, security and fraud) and supports ongoing litigation. Prior to his current position he served in the United States Marines as a 2651 (Intelligence Systems), deploying to Iraq, and supporting various elements within II Marine Expeditionary Force. In his free time he enjoys cycling, traveling, and endless projects like building obscure web apps.

@amne51ac

Back to Derbycon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast