Security: the hidden cost of Android stalkerware
Do you like doing work that matters to you… and really frustrates the bad guys?
https://talosintelligence.com/careersAt Talos, our mission is to make the internet a safer place and fight the good fight for our customers
and users. If you think you have the expertise and attitude to help lead the world in cutting-edge security,
we’d like to talk.
F5 helps find malware hiding in plain sight
https://www.f5.com/company/blog/half-the-world-s-malware-is-now-encryptedEncrypted malware is becoming increasingly common, and daisy-chaining security devices is neither
cost-effective, nor efficient. Detecting and stopping malware doesn’t have to be overwhelming with
F5’s innovative products.
Looking for performance validation for your product?
https://www.virusbulletin.com/testing/Get an edge over your competitors with Virus Bulletin’s anti-malware & email security certification
programmes, supported by 30+ years of experience. Or take advantage of our bespoke testing service
offering valuable performance feedback for R&D. Email [email protected].
Calling all Hackers!
https://www.ise.io/careers/#op-470256-hacker-midseniorprincipalWe are hiring mid-senior-principal level hackers!
Remote option • Flex schedule • Unlimited vacation • Opportunities for research and publication
Threat Intelligence and Cyber Resilience
https://vblocalhost.com/programme/#TIPSJoin the VB2021 Threat Intelligence Practitioners' Summit (TIPS), sponsored by the Cyber Threat Alliance,
and learn how investment in threat intelligence builds cyber resilience, allowing you to be more effective
when addressing today's dynamic threat landscape.
QI-ANXIN Technology Group Inc. Leader of New Generation Cybersecurity
https://ti.qianxin.com/marketing/vb2021/QI-ANXIN Technology Group Inc. offers next generation enterprise-class cybersecurity products
and services to government and businesses. QI-ANXIN is the Official Cyber Security Services and
Anti-Virus Software Sponsor of the Olympic and Paralympic Winter Games Beijing 2022.
We don’t just talk about sharing. We do it every day.
https://www.cyberthreatalliance.org/about-ctaLearn how to collaborate with the Cyber Threat Alliance to improve your overall cyber resilience.
We are a greater team when we work together; our collective efforts magnifies our success and
ensures that we are and remain cyber resilient.
Farsight Security DNSDB® is the world's largest real-time and historical database of DNS resolutions
https://www.farsightsecurity.com/get-started-guide/DNSDB 2.0 introduces Flexible Search support, unlocking both Regular Expressions and Globbing syntaxes for more granular and accurate search results. Get your free DNSDB API key and use it in our newly updated
web GUI, DNSDB Scout as well as your own existing environments. Contextualize everything that is DNS related with one API key - DNSDB.
Amazon Information Security - come build the future with us!
https://www.amazon.jobs/en-gb/team/infosecDo you want to work on privacy and security challenges at unprecedented scale?
We have Privacy and Information Security opportunities available now across
the United States, Dublin, Ireland, and Sydney, Australia.
VirusTotal: Actionable crowdsourced threat intelligence
https://www.virustotal.com/Comprehensive context and cutting-edge functionality to proactively protect from cybersecurity threats.
Ransomware prevention starts with zero
https://www.zscaler.com/solutions/security-transformation/ransomware-protectionRansomware attacks are increasing 500% year-over-year.
Learn how Zscaler's Zero Trust Exchange helps minimize exposure, damage, and risk
at every stage of a ransomware attack.
IoT security begins with your Smart TV
https://chomar.link/smarttvCHOMAR Smart TV Security.
Protect your Android Smart TV against malicious activities and use your IoT devices without any worries.
Stay ahead of threats with VirusTotal
https://www.virustotal.com/Stay ahead of the next generation of threats and get relevant insights to solve
the most critical security challenges.
Downloads
We will cover over 80 different families of Android stalkerware and focus on security analyses of their code. Since stalkerware is known to spy on users, it gathers, transmits and stores user PII. Considering that, basic security principals should be followed. Most of these apps are not free. Many times the buyer of this product is in close relationship with the victim, which means that data leaks might impact both parties significantly.
We discovered serious vulnerabilities both in the Android apps and on their servers that, once exploited, could result in serious user impact such as account takeover, PII data leaks (photos, videos, phone call records, phone number, SMS, call logs, Facebook and WhatsApp messages, etc.), removing accounts without authorization, leaking of credentials over the network and on-device, admin console access without restriction, allowing identification of the buyer of the stalkerware or possibly even using fabricated evidence to frame the spied upon person.
We also identified reuse of the same source code (including the security issues) for different stalkerware products being sold under different names on different websites. This probably means that there is one group of developers controlling "different" stalkerware products.
In 64% of analysed apps we identified the possibility to extract internal data of stalkerware applications during forensics analysis that might help to identify the stalker, the period of infiltration and what data were gathered from victim’s device.
Apparently, these developers don’t care about their clients or their data: we reported various security issues to these service providers; only around 12% have fixed these issues. Some of our reports were made over a year ago. This talk will help to create an accurate picture of these shady apps, their false claims, security issues, and the developers' lack both of ethics and of responsibility to their clients and their data.
Got a question about this presentation? To get in touch with the speaker, contact Lukas on Twitter at @LukasStefanko.
Lukas Štefanko
ESETLukas is a malware researcher with a strong engineering background and a well-demonstrated focus on Android malware research and security. With more than nine years’ experience with malware, he has been focusing on improving detection mechanisms of Android malware and in the past couple of years has made major strides towards heightening public awareness around mobile threats and app vulnerabilities.