Tracking the trackers, or how to win Eurovision

Abstract: A significant proportion of tracking devices, varying from kids watches to car trackers to elderly monitoring devices, are vulnerable to trivial attacks. These range from simple location eavesdropping of all user to remote to owning a device or an even gaining platform admin on some tracker platforms. This talk is the summary of 3 years of research that started with trackmageddon, continued down a path exploiting millions of vehicles via GSM-controlled alarms and finished with a working attack that could generate $$$ and/or manipulate reality TV show voting. Bio: Vangelis is a specialist in API security. He’s spent years in mobile & web app development, researched maritime satcomms security with several ship system vulns to his name and more recently moved in to pen testing. Has worked as a CTO at several startups and managed API development for a large number of applications - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Security BSides Athens 2020 CyberSecurity | InfoSec | Ethical Hacking | Computer Security | Evolving Threats | Threat Landscape | Privacy | Cyber Resilience Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent Security BSides-Approved event for Athens, Greece. More: https://www.bsidesath.gr Follow on Twitter: @BSidesAth