Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 5 June 2019
  • Workshops will be held on 4 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here
Back To Schedule
Wednesday, June 5 • 09:45 - 10:45
State sponsored stalking ?!

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

With the advent of social networks followed by Secure Instant Messaging (S’IM), privacy became more and more important for the public. To the point where S’IM became a problem for some states. For one side this lead to the block of Telegram in countries like Russia and Iran and Instagram in Iran. But also lead to the appearance of cloned Telegram and Instagram applications under the cover of enhanced features or censorship bypass. When the reality is that, although allowed access to the legitimate service, would also allow its operators complete access to the contacts and chats for its users. Some of these applications can even be found on the legitimate Google Play Store with thousands of downloads and on some cases I around 1 million of users using these applications. I will show a various of examples of such cloned applications and the different techniques used to report back. I will also show that the developers of such S’IM applications also bare some of the responsibility for these attacks, by lacking transparency and proper defaults on their applications. But also because some of their features are prone to be abused and still they decide not to do their due diligence on these matters. With my presentation I want the audience to understand that S’IM are being abused to spy on public, in scales that are beyond comprehension. The problem is not limited to rogue application stores or to state sponsored groups, it can be deployed by any malicious actor with the proper knowledge. Finally, these attacks are possible not only due to the lack of security awareness of the public in general, but also because S’IM developers are not doing their share to improve the security of their users.

avatar for Paul Rascagneres

Paul Rascagneres

Cisco Talos
Paul is a security researcher within Talos, Cisco’s threat intelligence and research organization. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has... Read More →

Wednesday June 5, 2019 09:45 - 10:45 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD