Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy: Between Hype and Need


Published on

Alex “Jay” Balan in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.

The videos and other presentations can be found on

Published in: Technology
  • I like this service ⇒ ⇐ from Academic Writers. I don't have enough time write it by myself.
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Privacy: Between Hype and Need

  1. 1. Presentation Time: This presentation should take around 40min. Your Host Alex “Jay” Bălan Chief Security Researcher - Bitdefender PRIVACY: BETWEEN HYPE AND NEED
  2. 2. FBI
  3. 3. June 2013 – the frenzy begins Media outlets love this (obviously) Portreying Big Brother as an abuser has an instant appeal to a society that loves its country but hates the system
  4. 4. What are the pros and cons with regards those leaks? Do you think those leaks were a good or bad thing? Are the whistleblowers heroes or traitors?
  5. 5. This is, obviously, just the tip of a very large and dark iceberg...
  7. 7. Hackers
  8. 8. Rogue GSM cells
  9. 9. Hackers stealing your security recording feeds from smart cameras
  10. 10. • ML behind your keyboard (predictive text, swype, etc) • WIFI • Voice commands • App permissions • E.g. you give a QR code scanner access to the camera. The app will be able to turn it on without your knowledge • E.g. You give Shazam access to the microphone. It will be able to do ambiental recordings and send them to 3rd parties • Truecaller / / facebook / almost everything – when no matter how paranoid you are, your friends may be idiotsless paranoid than you are • You have a very secure password but you type it? I guarantee it’s on dozens of security camera feeds. • Browser extensions have access to your whole browsing behaviour • The list goes on
  11. 11. • CNP/SSN • Last 4 digits of your credit card • Date of birth • Place of birth • Mother’s maiden name • School you went to • Places you worked • Your name. Your phone number. ”but they have to know my name/phone number and that I work there in that position for the attack to work” A few words on static data. Or what to treat as “already compromised”
  12. 12. But wait. GDPR?
  13. 13. • 2001 – Personal Identification Number, home address and more of all Bucharest citizens leaks on the internet • 2014 – ANAF accidentally displays the ID card data for tens of thousands of Ploiesti citizens • 2016 – Adult Friend Finder hacked. 412M accounts exposed. Thousands of divorces. 2 suicides. • 2018 – I dare you to try asking “I’d like to know how you’re going to handle my information” at Public Administration  „WOOPS!” moments and hacks are not prevented by GDPR!
  14. 14. By design, privacy is an utopia in today’s society. The old gossip circle around the watercooler has been given a huge megaphone through the internet. ALWAYS work under this assumption. With that in mind, I ask you: • Big brother claims they spy on citizens to prevent crime. Do we believe them? • The commercial sector claim they spy on us to better predict our needs and make our life easier. Obviously we can’t believe it’s just that but the question here is – do we accept it? • The media hypes whatever gets them clicks: articles against big brother and about people’s privacy always get them clicks. Do we trust them?
  15. 15. Ask me anything :) | @jaymzu Our red team is hiring! Send your offensive security oriented CVs to