The Grugq (Independent Network Security Researcher)

Presentation Title: Pickpocketing mWallets: A Guide to Looting Mobile Financial Services
Presentation Abstract:

As mobile phones start to play a more central role in financial transactions, the security of mobile financial services requires increased scrutiny.

Telcos are clueless regarding financial service risks, and financial institutes believe mobile telephony is literally some form of portable Internet. And lets not forget the vendors… Poor implementations of mWallet applications expose customer’s financial data to theft and manipulation.

This talk will cover the key implementation features of mobile financial applications and common vulnerabilities that can be exploited. Multiple significant problems are covered, including: stealing money; creating money from thin air, and cashing out. Attack techniques will be demonstrated against an example mWallet implementation.

Note: Due to legal restrictions it is not possible to demonstrate these issues against a live system.

About The Grugq

The Grugq is a pioneering information security researcher with over a decade of professional experience. He has worked extensively with digital forensic analysis, binary reverse engineering, rootkits, Voice over IP, telecommunications and financial security. The grugq’s professional career has included Fortune 100 companies, top consulting firms and innovative start-ups. Currently living in Thailand, the grugq works as an independent information security consultant. While not on engagements, the Grugq continues his research on security, forensics and beer.

Claims to fame:

* pioneered anti-forensics
* developed “userland exec”
* released voip attack software
* decade of experience in info sec
* long term liaison w/ digital underground
* described as “extremely handsome” [by his mom]
* 1992 sussex County 3-legged race, 2nd place

The grugq has spoken at dozens of conferences over the last 7 years; provided expert training courses to .gov, .mil, police and businesses; domain expertise on forensics, voip, telecommunications and financial systems.