BSides Detroit 12 Interviews 09

This week Wolfgang and Chris talk to John Moore. His talk is about the computer in your pocket, and the data it leaks on a regular basis. Listen for the AD security leak.

He talks about using Shark for Root (Wireshark for Android), to do packet capture around a you, having your phone broadcast as a WiFi access point and seeing what happens. He talks a little about war walking, war dining, stroll trolling and WiFi phaking.

Abstract:  The pervasiveness of mobile devices like smart phones are often overlooked as a valid and effective attack vector in regards to the confidentiality of sensitive data in the general public and IT/Security Enterprise communities. This talk aims to educate both the laymen and professional on how exploitation and social engineering can occur in regards to smart phone attacks against public Wi-Fi networks and what behaviors and technologies can be utilized to minimize the impact of sensitive data loss for both individuals and businesses. This discussion will include an application based presentation and live demonstration on how to sniff data from public wireless hotspots using a smart phone or tablet referred to as “War Walking” or “War Dining”. It will also introduce the social engineering concept called “Wi-Fi Phaking” and “Stroll Trolling” which results from the act of tricking a local device such as a phone or a laptop into joining a smart phone enabled Wi-Fi hotspot with the sole intent of collecting and identifying sensitive information from that connected device. More alarmingly, this can be accomplished by utilizing freely available applications found on the Internet and the Android Market which makes this threat incredibly pervasive and cost effective. The presentation will conclude with discussing security practices and procedures users and businesses can take to help mitigate the risk of these vulnerabilities being exploited both personally and professionally.

This episode is cross-posted at Rats and Rogues.