ATTACKING MOBILE BROADBAND MODEMS LIKE A CRIMINAL WOULD

Black Hat USA 2014

Presented by: Andreas Lindh
Date: Wednesday August 06, 2014
Time: 10:50 - 11:15
Location: South Seas CD

While there has certainly been some interesting research into the security of mobile broadband modems, or "dongles," in the past, it has almost exclusively focused on novel attacks such as buffer overflows over text message, attacks on the device's file system, and other advanced approaches. The level of skill and effort required to execute such an attack reduces the potential number of attackers, but there are easier ways to monetize from attacking these devices too.

This talk will focus on some more likely scenarios; web-based attacks that are not that hard to pull off but that will allow the attacker to cash in without too much effort. The speaker will demonstrate how to profit, steal sensitive information, and establish a persistent hold on the devices, and also how a seemingly modest attack could be used as part of a more advanced attack chain. There will also be an analysis of why it is easy being an Internet criminal, and how it will continue to be so unless drastic changes are made to how we approach and implement new consumer technology.

Oh, and there will be demos.

Andreas Lindh

Andreas Lindh is a security analyst and engineer working for ISecure Sweden. In his day job, he does a wide variety of defensive security work such as threat analysis, incident detection and response, and database security for a number of large clients in the private and public sector. In his spare time, he does web application and browser security research, mainly focused on consumer security. He also likes long walks on the Internet and romantic evenings in front of a Python IDE.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats