Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy: Between Hype and Need

9 views

Published on

Alex “Jay” Balan in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.

The videos and other presentations can be found on https://def.camp/archive

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Privacy: Between Hype and Need

  1. 1. Presentation Time: This presentation should take around 40min. Your Host Alex “Jay” Bălan Chief Security Researcher - Bitdefender PRIVACY: BETWEEN HYPE AND NEED
  2. 2. FBI
  3. 3. June 2013 – the frenzy begins Media outlets love this (obviously) Portreying Big Brother as an abuser has an instant appeal to a society that loves its country but hates the system
  4. 4. What are the pros and cons with regards those leaks? Do you think those leaks were a good or bad thing? Are the whistleblowers heroes or traitors?
  5. 5. This is, obviously, just the tip of a very large and dark iceberg...
  6. 6. THE CAMBRIDGE ANALYTICA SCANDAL
  7. 7. Hackers
  8. 8. Rogue GSM cells
  9. 9. Hackers stealing your security recording feeds from smart cameras
  10. 10. • ML behind your keyboard (predictive text, swype, etc) • WIFI • Voice commands • App permissions • E.g. you give a QR code scanner access to the camera. The app will be able to turn it on without your knowledge • E.g. You give Shazam access to the microphone. It will be able to do ambiental recordings and send them to 3rd parties • Truecaller / sync.me / facebook / almost everything – when no matter how paranoid you are, your friends may be idiotsless paranoid than you are • You have a very secure password but you type it? I guarantee it’s on dozens of security camera feeds. • Browser extensions have access to your whole browsing behaviour • The list goes on
  11. 11. • CNP/SSN • Last 4 digits of your credit card • Date of birth • Place of birth • Mother’s maiden name • School you went to • Places you worked • Your name. Your phone number. ”but they have to know my name/phone number and that I work there in that position for the attack to work” A few words on static data. Or what to treat as “already compromised”
  12. 12. But wait. GDPR?
  13. 13. • 2001 – Personal Identification Number, home address and more of all Bucharest citizens leaks on the internet • 2014 – ANAF accidentally displays the ID card data for tens of thousands of Ploiesti citizens • 2016 – Adult Friend Finder hacked. 412M accounts exposed. Thousands of divorces. 2 suicides. • 2018 – I dare you to try asking “I’d like to know how you’re going to handle my information” at Public Administration  „WOOPS!” moments and hacks are not prevented by GDPR!
  14. 14. By design, privacy is an utopia in today’s society. The old gossip circle around the watercooler has been given a huge megaphone through the internet. ALWAYS work under this assumption. With that in mind, I ask you: • Big brother claims they spy on citizens to prevent crime. Do we believe them? • The commercial sector claim they spy on us to better predict our needs and make our life easier. Obviously we can’t believe it’s just that but the question here is – do we accept it? • The media hypes whatever gets them clicks: articles against big brother and about people’s privacy always get them clicks. Do we trust them?
  15. 15. Ask me anything :) abalan@bitdefender.com | @jaymzu Our red team is hiring! Send your offensive security oriented CVs to redteam@bitdefender.com

×