All times are in Pacific Daylight Time (UTC-0700).

  • Track: Main Channel: Saturday 10/09 @ 1400-1425 PDT

The root of every attack begins with information gathering. With modern networks, including corporate and BYOD mobile devices that may move between private and public networks, information gathering from mobile devices is important, too. This presentation will explain a technique that abuses the link preview functionality in many modern smartphones to leak data such as operating system version and rough location from any cell-tower-connected smartphone to a third party without the need for user interaction. Additionally, a defense for this attack and a tool built around the attack to automate and store the data will be presented.

Oscar Anaya is a hacker for X-Force Red specializing in hardware and web application testing. He has also previously conducted successful automotive and mobile vulnerability research. Before working for X-Force Red, Oscar conducted research on access control and had great success finding bypass methods for these systems.

Read More

© 2024 ShellCon