In the wake of Edward Snowden, SSL and privacy issues have been at the forefront of public discussion even beyond the cryptogeeks and tech-elite circles. The world is genuinely concerned with the privacy of their communications and personal data after the revelations of massive government surveillance programs. One thing however is mostly missing from this discussion are the less considered real-world consequences to personal safety when cryptography is not implemented properly. While researching the security of several mobile applications, I have identified several circumstances in which vulnerabilities in applications can be exploited with devastating physical world consequences. Join me to see how a simple hack with a Pineapple WiFi can be used to abduct, stalk, spy on, or even physically harm unsuspecting victims. Reverse engineering techniques will be explained and used to demonstrate why these attacks are possible.

Bio: Craig Young is a computer security researcher with Tripwire's Vulnerability and Exposures Research Team (VERT). He has identified and responsibly disclosed dozens of vulnerabilities in products from Google, Amazon, IBM, NETGEAR, and others. His research has resulted in numerous CVE assignments and repeated recognition in the Google Application Security Hall of Fame. Craig's presentations on Google authentication weaknesses have led to considerable security improvements for all Google users. Craig has more recently turned his attention to the security of embedded devices including NAS products, IP cameras, and SOHO routers.

Back to Defcon Wireless Village 2014 (Defcon 22) video list