ToorCon 19 San Diego was held Monday August 28th to Sunday September 3rd, 2017 at The Westin San Diego. It included three parts. The first was training workshops focused on various aspects of computer security. These took place on Aug 28-31. The second was a Seminar held on Sep 1. The third part was the formal Conference that ran from Sep 1-3.
I was honored to be able to present my research, Dig Deep into FlexiSpy for Android at ToorCon 19. FlexiSpy for Android is a spy app with full IM tracking, VoIP call recording, and live call interception. It also can spy on messages, GPS, multimedia, Internet, applications, etc. In short, FlexiSpy can take full control of an Android mobile phone or tablet and spy on all of its communications and activities from any computer with a web browser. At the end of April 2017, Flexidie released the old version source code along with binaries of the FlexiSpy Android spy app. I reviewed the leaked data and finished my deep analysis and reverse engineering of the app around the middle of May. My talk covered the following five points.
In this blog post, I also want to share my review of other talks that I enjoyed the most.
With the popularity of Apple iOS devices, more security researchers have been focusing on iOS devices. One of my favorite talks was DirtyTooth: Put music & lose your contacts by Chema Alonso, the Chief Data Officer at Telefónica. Bluetooth communications are on the increase. Millions of users use the technology to connect to peripherals in order to simplify their use as well as provide greater comfort and an enhanced experience. Chem showed us a trick (or hack) for iOS 10.3.2 and earlier that takes advantage of the management of the profiles, thereby causing great impact on the privacy of millions of users who use Bluetooth technology daily. From the iOS device information leak caused by the incorrect management of profiles, a lot of information about the user and their background may be obtained. More interesting, he invited Kevin Mitnick as a co-speaker. They also delivered a live demo regarding this interesting research.
The keynote was by Lance James, who wrote From Hacker to Home. His talk explored the evolution of the hacker both technically and socially, with highlights of today’s problems with IoT, malware, and the merger of traditional intelligence as information security defensive and offensive disciplines.
I also attended the Friday Night Reception party and met up with other security researchers, thanks for the free drinks and snacks provided by sponsors. You could also make your own badge with some toolsets provided. It was cool! The following is my badge and the schedule for my presentation.
In a word, it was a great experience for me to be able to attend this cyber security conference, deliver my presentation, and meet with other security researchers working in various research fields. You can check out ToorCon 19’s official webpage for the full list of talks if you are interested. The full presentation slides should be released this week.
Sign up for weekly Fortinet FortiGuard Labs Threat Intelligence Briefs and stay on top of the newest emerging threats.