Be the first to like this
This talk is a summary of three different security audits with an interesting background:
First, CloudPets, their epic track record, what we found and what happened afterwards.
Next, two mobile apps by Chinese Police: "BXAQ" and "IJOP", both related to surveillance of ethnic minorities, but in different ways. Stay tuned.
Part 1: CloudPets
Wouldn't it be cool, for a parent far from home, to be able to record a voice message with their phone and make the sound come out of a soft toy that children can hug? That's the idea of CloudPets. Children can even respond directly from the soft toy and communicate with their parents. What could possibly go wrong? Let your imagination go wild and you will still fall short :)
Database dumps, blackmailing, ransoms, millions of people affected, our findings and other intrigues, not to be missed!
Part 2: Chinese Police
This part talks about two mobile surveillance apps that Chinese authorities employ to spy on the Muslim minorities of China's Xinjiang region, the applications: "IJOP" and "BXAQ". These audits were sponsored by Human Rights Watch (HRW) and the Open Technology Fund (OTF). The Chinese government faced international criticism when the results of these audits became public.
While the audits focused on evidence gathering of the surveillance activities, which will be covered in this talk, we will also discuss some interesting vulnerabilities that we found along the way and which were not the focus of the audit itself. Also, for those interested in learning about mobile security we will talk about the challenges faced with these apps and how we overcame them.
This talk will be an interesting learning experience as it combines technical security vulnerabilities with political and commercial background implications.