SlideShare a Scribd company logo

Social Zombies: Rise of the Mobile Dead

Tom Eston
Tom Eston

Just when you thought “bath salts” were turning innocent humans into flesh eating Zombies in Florida…mobile devices have begun taken over the world like an infectious Zombie virus outbreak. Tablets and mobile phones are being used by everyone today and are more powerful than ever before. The technology implemented in these devices is truly bleeding edge. From new wireless technology like NFC (Near Field Communication) to social networks being integrated directly into mobile operating systems, the times are rapidly changing. These new technology advancements also introduce new privacy and physical security concerns not seen before as well. In addition, with new technology come new responsibilities and challenges for security professionals and consumers alike especially in a world of BYOD. In this presentation Tom Eston and Kevin Johnson explore and exploit the new technology being implemented by these mobile platforms. Tom and Kevin have discovered interesting security and privacy issues with Android Jelly Bean, Apple iOS 6, OS X Mountain Lion, NFC and many popular mobile applications. New tools and exploits will be discussed that can be used by penetration testers to exploit these new technologies. Tom and Kevin will also discuss strategies to combat the ensuing mobile device onslaught into the enterprise. This information alone will help you to survive the “Rise of the Mobile Dead”.

Technology
1 of 85
SOCIAL ZOMBIES
...
• Profiling & Penetration Team Manager, SecureState • Social Media Security Podcast Co-Host • SANS Mentor • OWASP Mobile Threat Model Project Lead • Survivor of the Zombie Apocalypse
• Senior Consultant, Secure Ideas • SANS Instructor and Author – SEC542/642/571 • Open-Source Bigot • Ninja
...
• 5-9 PM TODAY! • $10-$15 • All proceeds benefit Hackers for Charity
…
Thanks to Robin Wood (@digininja)!
LOLZ! THANKS! $$$
• Your friends are still bots • Ed Skoudis will STILL not accept my friend request..why?? • Malware is delivered via social networks • Your private data is harvested more then ever • Zuckerburg is a now a billionaire • Your mom is still on Facebook • MySpace still sucks… – Except in some comments lately?!?!
• Charlie Miller and Moxie Marlinspike BOTH work at Twitter now! “I’m not clicking on any tweets from these guys…”
• Rapid adoption of mobile applications and platforms – We use mobile devices for everything • Advancements in mobile technology • Mobile application developers lack awareness – It’s 2008 all over again! – Or 1999?
,
:
• Let’s hope not • But…do we still care?
… • We love mobile devices! – They provide us with data – They give us new attack vectors • We discuss new ways to leverage mobile devices, applications and new technology for pentesting
• Face Unlock • Google Now – “Cards” that are modified based on what you do
“It’s like having unprotected sex with another device!”
• Near Field Communication • Two-way short range communication • Designed for ease of use • “tap” your device with another device to transfer data • More research recently released – Charlie Miller (Black Hat 2012)
• Using NFC to launch BeEF hook • Great for physical and/or social engineering attacks
• Google wants NFC to be open and have little authorization “When an Android-powered device discovers an NFC tag, the desired behavior is to have the most appropriate activity handle the intent without asking the user what application to use.” http://developer.android.com/guide/topics/connectivity/nfc/nfc.html
• Now with NFC! Imagine all the FUN! Image: Mashable http://mashable.com/2012/09/27/moo-nfc-business-cards/
• iOS keeps adding integrations – Cause it wants to just be friends! • Facebook now integrated into the OS – Twitter since iOS 5 • Provides simple access to share – Providing more chance for problems
• Centralized integration point – Designed to provide access! • Tickets, coupons, geofencing and your data • Two methods to use – Apps now contact you based on your location – You can access application data
• OSX is becoming iOS ;) – Or so it seems • 10.8.2 adds integration with FB and Twitter • Partially on by default – Share via • Accounts add it to Contacts and the others
• OAuth Tokens Stored in PLIST file (Apple iOS) • Simply copy the PLIST file to another device, you’re logged in as them! • We are finding OAuth tokens in lots of PLIST files…Dropbox and apps that use Dropbox like password managers… • Found in LinkedIn (Fixed), Facebook (Fixed) and others
• CNN Mobile App (iOS) – Disqus Comment System API Key Vulnerability • Potentially allows you to delete, update and modify user comments • Passed in the GET request
• Facebook, Twitter and LinkedIn have grown exponentially • 900 Million! • Privacy issues have increased as well Image: Ben Foster http://www.benphoster.com/facebook-user-growth-chart-2004-2010/
: Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricks-facebook- uses-to-affect-your-privacy-decisions/
Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricks-facebook- uses-to-affect-your-privacy-decisions/
Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricks-facebook- uses-to-affect-your-privacy-decisions/
Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricks-facebook- uses-to-affect-your-privacy-decisions/
• UDID = Unique Device Identifier • Privacy concern since this uniquely identifies your mobile device • Research has shown that it can be used to correlate the person using the device!
• Anonymous said it’s from the FBI, FBI denies • Really from a third-party company…
• Many apps are still using UDID…(for example) – Draw Something – Words with Friends – Redbox – United Airlines – Pinterest – Flipboard – Calculator (really?) • Some of these apps use UDID with third-party services like flurry.com!
.
• Sometimes the server response tells you interesting details • What if you wanted to post comments on a news site anonymously? • Sure you can see the user id but…
• Disqus comment system leaks emails…
• …and IP Addresses
!
• Bottom Line – Painful to read, no idea what is captured, I just want to play Angry Birds…
• Hardcoded “production” user name and password used for data access
• More apps are doing this • “See if your friends are using this app” • Apple iOS apps can access contact data without permission (fixed in iOS 6) • Install prompt on Android • Developers can notify you on their own…
• Takes your: – Address book – LinkedIn contacts – Facebook Friends List – Who you follow on Twitter – Gmail address book – FourSquare Locations – And more… Image: Brewster.com
• First “Trojan” for Apple iOS? • It was a spammy app that sent your contact list to a third-party server • Your friends get SMS spammed from the server • App removed from the App Store and Google Play Image: Kaspersky Labs
• Easier then ever to view where someone has been • Pulls location data from photos, status updates and more…
“…you can now much more easily access photos you and others took months or even years ago.” – Kevin Systrom, co- founder and CEO of Instagram Image: Mashable
• “Facedeals” • Camera matches your photo to photos on Facebook to give you deals
:
• Not much has changed over the years • Technology has advanced, privacy has not – It's only going to get worse! – What about privacy policies? • You’re responsible for your data and the services you use! • Don’t complain if you click Kevin’s links…
You thought duck face was bad. This is called “bagel face” and it’s a popular saline injection in Japan. Awesome. You’ve been warned.

Recommended

Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyTom Eston
 
SUG - Singapore - Use of Social communication in the next generation of business
SUG - Singapore - Use of Social communication in the next generation of businessSUG - Singapore - Use of Social communication in the next generation of business
SUG - Singapore - Use of Social communication in the next generation of businessMark Stokes
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Securitymmavis
 
Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Kirsten Thompson
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewPeter Wood
 
8th grade presentation for slideshare
8th grade presentation for slideshare8th grade presentation for slideshare
8th grade presentation for slideshareMarian Merritt
 
20131030 hkpasea presentation[1]
20131030 hkpasea presentation[1]20131030 hkpasea presentation[1]
20131030 hkpasea presentation[1]Alex Hung
 
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationManaging Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationShauna_Cox
 

Recommended

Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyTom Eston
 
SUG - Singapore - Use of Social communication in the next generation of business
SUG - Singapore - Use of Social communication in the next generation of businessSUG - Singapore - Use of Social communication in the next generation of business
SUG - Singapore - Use of Social communication in the next generation of businessMark Stokes
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Securitymmavis
 
Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Kirsten Thompson
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewPeter Wood
 
8th grade presentation for slideshare
8th grade presentation for slideshare8th grade presentation for slideshare
8th grade presentation for slideshareMarian Merritt
 
20131030 hkpasea presentation[1]
20131030 hkpasea presentation[1]20131030 hkpasea presentation[1]
20131030 hkpasea presentation[1]Alex Hung
 
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationManaging Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationShauna_Cox
 
LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLancope, Inc.
 
Empowerment technology
Empowerment technologyEmpowerment technology
Empowerment technologypizonaim
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesBlake Carver
 
Internet Research
Internet ResearchInternet Research
Internet ResearchLaurence Yap M.A. (UM) CHRM
 
Social Engineering - By Chris Hills
Social Engineering - By Chris HillsSocial Engineering - By Chris Hills
Social Engineering - By Chris HillsChris Hills CPP, CRMP
 
Etech activity
Etech activityEtech activity
Etech activityAppleCristobal1
 
INTERNET
INTERNETINTERNET
INTERNETyaharamazing
 
LESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1SLESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1SJuvywen
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Melanie g done 6565
Melanie g done 6565Melanie g done 6565
Melanie g done 6565pizonaim
 
Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5lisamulka
 
Web 3.0 semantics
Web 3.0 semanticsWeb 3.0 semantics
Web 3.0 semanticsMaricrs Alfarö
 
Lesson 1 2 Edited
Lesson 1 2 EditedLesson 1 2 Edited
Lesson 1 2 EditedJuvywen
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Safe and Responsible Use of ICT
Safe and Responsible Use of ICTSafe and Responsible Use of ICT
Safe and Responsible Use of ICTRolly Franco
 
Activity 9 common online terminologies
Activity 9 common online terminologiesActivity 9 common online terminologies
Activity 9 common online terminologiesJuan Carlo Fetalino
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media SecurityDel Belcher
 
Empowerment technology Grecille Mae Gesulga and Catalino
Empowerment technology Grecille Mae Gesulga and CatalinoEmpowerment technology Grecille Mae Gesulga and Catalino
Empowerment technology Grecille Mae Gesulga and CatalinoPadsromel
 
Empowerment Technology By: Zyrhell Rafer and Bretny Roces
Empowerment Technology By: Zyrhell Rafer and Bretny RocesEmpowerment Technology By: Zyrhell Rafer and Bretny Roces
Empowerment Technology By: Zyrhell Rafer and Bretny RocesPadsromel
 
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
 
Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Tom Eston
 

More Related Content

What's hot

LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLancope, Inc.
 
Empowerment technology
Empowerment technologyEmpowerment technology
Empowerment technologypizonaim
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesBlake Carver
 
LESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1SLESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1SJuvywen
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Melanie g done 6565
Melanie g done 6565Melanie g done 6565
Melanie g done 6565pizonaim
 
Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5lisamulka
 
Lesson 1 2 Edited
Lesson 1 2 EditedLesson 1 2 Edited
Lesson 1 2 EditedJuvywen
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Safe and Responsible Use of ICT
Safe and Responsible Use of ICTSafe and Responsible Use of ICT
Safe and Responsible Use of ICTRolly Franco
 
Activity 9 common online terminologies
Activity 9 common online terminologiesActivity 9 common online terminologies
Activity 9 common online terminologiesJuan Carlo Fetalino
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media SecurityDel Belcher
 
Empowerment technology Grecille Mae Gesulga and Catalino
Empowerment technology Grecille Mae Gesulga and CatalinoEmpowerment technology Grecille Mae Gesulga and Catalino
Empowerment technology Grecille Mae Gesulga and CatalinoPadsromel
 
Empowerment Technology By: Zyrhell Rafer and Bretny Roces
Empowerment Technology By: Zyrhell Rafer and Bretny RocesEmpowerment Technology By: Zyrhell Rafer and Bretny Roces
Empowerment Technology By: Zyrhell Rafer and Bretny RocesPadsromel
 

What's hot (20)

LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering Threat
 
Empowerment technology
Empowerment technologyEmpowerment technology
Empowerment technology
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
 
Internet Research
Internet ResearchInternet Research
Internet Research
 
Social Engineering - By Chris Hills
Social Engineering - By Chris HillsSocial Engineering - By Chris Hills
Social Engineering - By Chris Hills
 
Etech activity
Etech activityEtech activity
Etech activity
 
INTERNET
INTERNETINTERNET
INTERNET
 
LESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1SLESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1S
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Melanie g done 6565
Melanie g done 6565Melanie g done 6565
Melanie g done 6565
 
Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5
 
Web 3.0 semantics
Web 3.0 semanticsWeb 3.0 semantics
Web 3.0 semantics
 
Lesson 1 2 Edited
Lesson 1 2 EditedLesson 1 2 Edited
Lesson 1 2 Edited
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Safe and Responsible Use of ICT
Safe and Responsible Use of ICTSafe and Responsible Use of ICT
Safe and Responsible Use of ICT
 
Activity 9 common online terminologies
Activity 9 common online terminologiesActivity 9 common online terminologies
Activity 9 common online terminologies
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
Empowerment technology Grecille Mae Gesulga and Catalino
Empowerment technology Grecille Mae Gesulga and CatalinoEmpowerment technology Grecille Mae Gesulga and Catalino
Empowerment technology Grecille Mae Gesulga and Catalino
 
Empowerment Technology By: Zyrhell Rafer and Bretny Roces
Empowerment Technology By: Zyrhell Rafer and Bretny RocesEmpowerment Technology By: Zyrhell Rafer and Bretny Roces
Empowerment Technology By: Zyrhell Rafer and Bretny Roces
 

Viewers also liked

Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
 
Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Tom Eston
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsTom Eston
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesTom Eston
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkTom Eston
 
New School Man-in-the-Middle
New School Man-in-the-MiddleNew School Man-in-the-Middle
New School Man-in-the-MiddleTom Eston
 
Information Gathering With Maltego
Information Gathering With MaltegoInformation Gathering With Maltego
Information Gathering With MaltegoTom Eston
 
The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown Tom Eston
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredTom Eston
 

Viewers also liked (14)

Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
 
Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More Brains
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
 
New School Man-in-the-Middle
New School Man-in-the-MiddleNew School Man-in-the-Middle
New School Man-in-the-Middle
 
Information Gathering With Maltego
Information Gathering With MaltegoInformation Gathering With Maltego
Information Gathering With Maltego
 
The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and Uncensored
 

Similar to Social Zombies: Rise of the Mobile Dead

Boris Chan - AndroidTO - Becoming Social by Default on Android
Boris Chan - AndroidTO - Becoming Social by Default on AndroidBoris Chan - AndroidTO - Becoming Social by Default on Android
Boris Chan - AndroidTO - Becoming Social by Default on AndroidBoris Chan
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Danger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not SecureDanger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not SecureTechWell
 
Boris Chan - FITC SCREENS - Becoming Social By Default on Mobile
Boris Chan - FITC SCREENS - Becoming Social By Default on MobileBoris Chan - FITC SCREENS - Becoming Social By Default on Mobile
Boris Chan - FITC SCREENS - Becoming Social By Default on MobileBoris Chan
 
Smart social networking
Smart social networkingSmart social networking
Smart social networkingKim Grewe
 
Mobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech MogulMobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech MogulAndrew Schwabe
 
Enterprise social networking v1.2
Enterprise social networking v1.2Enterprise social networking v1.2
Enterprise social networking v1.2James Sutter
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Andrew Schwabe
 
Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015 Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015 Andrew Schwabe
 
Social Technologies Presentation CPCU I Day 2010
Social Technologies Presentation CPCU I Day 2010Social Technologies Presentation CPCU I Day 2010
Social Technologies Presentation CPCU I Day 2010Sandra Masters
 
CIC IWOM Panel: Jiepang CEO David on The New Age of Social Networking
CIC IWOM Panel: Jiepang CEO David on The New Age of Social NetworkingCIC IWOM Panel: Jiepang CEO David on The New Age of Social Networking
CIC IWOM Panel: Jiepang CEO David on The New Age of Social NetworkingKantar Media CIC
 
Going beyond google 2 philadelphia loss conference
Going beyond google 2 philadelphia loss conferenceGoing beyond google 2 philadelphia loss conference
Going beyond google 2 philadelphia loss conferencemikep007
 
Technology and Business Growth! - What Companies Need To Know
Technology and Business Growth! - What Companies Need To KnowTechnology and Business Growth! - What Companies Need To Know
Technology and Business Growth! - What Companies Need To KnowBrian Bluff
 
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...OWASP Turkiye
 

Similar to Social Zombies: Rise of the Mobile Dead (20)

Tablets, Apps and Cybersecurity
Tablets, Apps and CybersecurityTablets, Apps and Cybersecurity
Tablets, Apps and Cybersecurity
 
Boris Chan - AndroidTO - Becoming Social by Default on Android
Boris Chan - AndroidTO - Becoming Social by Default on AndroidBoris Chan - AndroidTO - Becoming Social by Default on Android
Boris Chan - AndroidTO - Becoming Social by Default on Android
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Danger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not SecureDanger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not Secure
 
Boris Chan - FITC SCREENS - Becoming Social By Default on Mobile
Boris Chan - FITC SCREENS - Becoming Social By Default on MobileBoris Chan - FITC SCREENS - Becoming Social By Default on Mobile
Boris Chan - FITC SCREENS - Becoming Social By Default on Mobile
 
Smart social networking
Smart social networkingSmart social networking
Smart social networking
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Using Social Media Safely
Using Social Media SafelyUsing Social Media Safely
Using Social Media Safely
 
Mobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech MogulMobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech Mogul
 
Social networking
Social networkingSocial networking
Social networking
 
Enterprise social networking v1.2
Enterprise social networking v1.2Enterprise social networking v1.2
Enterprise social networking v1.2
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
 
Shockproofing Your Use of Social Media
Shockproofing Your Use of Social MediaShockproofing Your Use of Social Media
Shockproofing Your Use of Social Media
 
Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015 Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015
 
Social Technologies Presentation CPCU I Day 2010
Social Technologies Presentation CPCU I Day 2010Social Technologies Presentation CPCU I Day 2010
Social Technologies Presentation CPCU I Day 2010
 
CIC IWOM Panel: Jiepang CEO David on The New Age of Social Networking
CIC IWOM Panel: Jiepang CEO David on The New Age of Social NetworkingCIC IWOM Panel: Jiepang CEO David on The New Age of Social Networking
CIC IWOM Panel: Jiepang CEO David on The New Age of Social Networking
 
Going beyond google 2 philadelphia loss conference
Going beyond google 2 philadelphia loss conferenceGoing beyond google 2 philadelphia loss conference
Going beyond google 2 philadelphia loss conference
 
Technology and Business Growth! - What Companies Need To Know
Technology and Business Growth! - What Companies Need To KnowTechnology and Business Growth! - What Companies Need To Know
Technology and Business Growth! - What Companies Need To Know
 
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
 
You installed what Thierry Sans
You installed what Thierry SansYou installed what Thierry Sans
You installed what Thierry Sans
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

Social Zombies: Rise of the Mobile Dead

  • 2. ...
  • 3. • Profiling & Penetration Team Manager, SecureState • Social Media Security Podcast Co-Host • SANS Mentor • OWASP Mobile Threat Model Project Lead • Survivor of the Zombie Apocalypse
  • 4. • Senior Consultant, Secure Ideas • SANS Instructor and Author – SEC542/642/571 • Open-Source Bigot • Ninja
  • 5. ...
  • 6.
  • 7. • 5-9 PM TODAY! • $10-$15 • All proceeds benefit Hackers for Charity
  • 8.
  • 9.
  • 10.
  • 11. Thanks to Robin Wood (@digininja)!
  • 13.
  • 14.
  • 15. • Your friends are still bots • Ed Skoudis will STILL not accept my friend request..why?? • Malware is delivered via social networks • Your private data is harvested more then ever • Zuckerburg is a now a billionaire • Your mom is still on Facebook • MySpace still sucks… – Except in some comments lately?!?!
  • 16. • Charlie Miller and Moxie Marlinspike BOTH work at Twitter now! “I’m not clicking on any tweets from these guys…”
  • 17.
  • 18. • Rapid adoption of mobile applications and platforms – We use mobile devices for everything • Advancements in mobile technology • Mobile application developers lack awareness – It’s 2008 all over again! – Or 1999?
  • 19.
  • 20.
  • 21. ,
  • 22. :
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. • Let’s hope not • But…do we still care?
  • 30. … • We love mobile devices! – They provide us with data – They give us new attack vectors • We discuss new ways to leverage mobile devices, applications and new technology for pentesting
  • 31.
  • 32. • Face Unlock • Google Now – “Cards” that are modified based on what you do
  • 33. “It’s like having unprotected sex with another device!”
  • 34. • Near Field Communication • Two-way short range communication • Designed for ease of use • “tap” your device with another device to transfer data • More research recently released – Charlie Miller (Black Hat 2012)
  • 35. • Using NFC to launch BeEF hook • Great for physical and/or social engineering attacks
  • 36.
  • 37. • Google wants NFC to be open and have little authorization “When an Android-powered device discovers an NFC tag, the desired behavior is to have the most appropriate activity handle the intent without asking the user what application to use.” http://developer.android.com/guide/topics/connectivity/nfc/nfc.html
  • 38. • Now with NFC! Imagine all the FUN! Image: Mashable http://mashable.com/2012/09/27/moo-nfc-business-cards/
  • 39.
  • 40. • iOS keeps adding integrations – Cause it wants to just be friends! • Facebook now integrated into the OS – Twitter since iOS 5 • Provides simple access to share – Providing more chance for problems
  • 41. • Centralized integration point – Designed to provide access! • Tickets, coupons, geofencing and your data • Two methods to use – Apps now contact you based on your location – You can access application data
  • 42.
  • 43.
  • 44. • OSX is becoming iOS ;) – Or so it seems • 10.8.2 adds integration with FB and Twitter • Partially on by default – Share via • Accounts add it to Contacts and the others
  • 45.
  • 46. • OAuth Tokens Stored in PLIST file (Apple iOS) • Simply copy the PLIST file to another device, you’re logged in as them! • We are finding OAuth tokens in lots of PLIST files…Dropbox and apps that use Dropbox like password managers… • Found in LinkedIn (Fixed), Facebook (Fixed) and others
  • 47.
  • 48. • CNN Mobile App (iOS) – Disqus Comment System API Key Vulnerability • Potentially allows you to delete, update and modify user comments • Passed in the GET request
  • 49.
  • 50. • Facebook, Twitter and LinkedIn have grown exponentially • 900 Million! • Privacy issues have increased as well Image: Ben Foster http://www.benphoster.com/facebook-user-growth-chart-2004-2010/
  • 55.
  • 56. • UDID = Unique Device Identifier • Privacy concern since this uniquely identifies your mobile device • Research has shown that it can be used to correlate the person using the device!
  • 57.
  • 58.
  • 59. • Anonymous said it’s from the FBI, FBI denies • Really from a third-party company…
  • 60. • Many apps are still using UDID…(for example) – Draw Something – Words with Friends – Redbox – United Airlines – Pinterest – Flipboard – Calculator (really?) • Some of these apps use UDID with third-party services like flurry.com!
  • 61. .
  • 62.
  • 63. • Sometimes the server response tells you interesting details • What if you wanted to post comments on a news site anonymously? • Sure you can see the user id but…
  • 64. • Disqus comment system leaks emails…
  • 65. • …and IP Addresses
  • 66. !
  • 67. • Bottom Line – Painful to read, no idea what is captured, I just want to play Angry Birds…
  • 68.
  • 69.
  • 70.
  • 71. • Hardcoded “production” user name and password used for data access
  • 72.
  • 73. • More apps are doing this • “See if your friends are using this app” • Apple iOS apps can access contact data without permission (fixed in iOS 6) • Install prompt on Android • Developers can notify you on their own…
  • 74.
  • 75. • Takes your: – Address book – LinkedIn contacts – Facebook Friends List – Who you follow on Twitter – Gmail address book – FourSquare Locations – And more… Image: Brewster.com
  • 76. • First “Trojan” for Apple iOS? • It was a spammy app that sent your contact list to a third-party server • Your friends get SMS spammed from the server • App removed from the App Store and Google Play Image: Kaspersky Labs
  • 77.
  • 78. • Easier then ever to view where someone has been • Pulls location data from photos, status updates and more…
  • 79. “…you can now much more easily access photos you and others took months or even years ago.” – Kevin Systrom, co- founder and CEO of Instagram Image: Mashable
  • 80.
  • 81. • “Facedeals” • Camera matches your photo to photos on Facebook to give you deals
  • 82. :
  • 83.
  • 84. • Not much has changed over the years • Technology has advanced, privacy has not – It's only going to get worse! – What about privacy policies? • You’re responsible for your data and the services you use! • Don’t complain if you click Kevin’s links…
  • 85. You thought duck face was bad. This is called “bagel face” and it’s a popular saline injection in Japan. Awesome. You’ve been warned.