Talk

When mobile phone (not) meets privacy. More than apps & SSOO

Alfonso Muñoz Muñoz

Cuando hablamos de seguridad y privacidad en telefonía móvil a menudo las protecciones software suelen ser la opción más socorrida (apps, correcta configuración del sistema operativo, uso de la criptografía, etc.) aunque esta visión (protección) es parcial. En esta charla, se dará una visión global de otros tipos de ataques muy pegados a dispositivos hardware y a software específico fuera del sistema operativo a menudo poco auditado. Se contextualizará ataques en banda base, sms, sistemas de señalización ss7, fuga de información por canal lateral (radio-introspection, gyrophone, etc.), manipulación de comandos AT y covert channels. Finalmente se introducirá a la audiencia el proyecto FreePhone, un terminal móvil open source.

Medio Spanish Mobile / iOS / Android Open Source / Free Software Ciberseguridad / Privacidad 5G / Redes Ciencia / Investigación

Friday 15/03/2019

13:30 - 14:20

Track 5 (Biblioteca)

Sobre el ponente

Alfonso Muñoz Muñoz

BBVA NEXT y CRIPTORED

PhD in Telecommunications Engineering by Technical University of Madrid (UPM) and postdoc researcher in network security by Universidad Carlos III de Madrid (UC3M). He has been a senior security researcher for more than 10 years and has published more than 60 academic publications (IEEE, ACM, JCR, hacking conferences…), books and computer security tools. He has also worked in advanced projects with European Organisms, public bodies and multinational companies (global 500). For over a decade, he has been involved in security architecture design, penetration tests, forensic analysis, mobile and wireless environments, and information security research (leading technical and scientific teams).

Alfonso frequently takes part as a speaker in hacking conferences (STIC CCN-CERT, DeepSec, HackInTheBox, Virus Bulletin, RootedCon, 8.8, No cON Name, GSICKMinds, Cybercamp, Secadmin, JNIC, Ciberseg,X1RedMasSegura, Navaja Negra, T3chfest...) and commercial and academic security conferences (+60 talks). He is certified by CISA (Certified Information Systems Auditor), CEHv8 (Certified Ethical Hacker), CHFIv8 (Computer Hacking Forensic Investigator), CES (Certified Encryption Specialist) and CCSK (Certificate of Cloud Security Knowledge). Several academic and professional awards. Professor in several Universities. He is co-editor of the Spanish Thematic Network of Information Security and Cryptography (CRIPTORED), where he develops and coordinates several projects about cybersecurity and advanced training, with great impact in Spain and Latam.

Specialities: Pentesting & network security, Digital Surveillance & Forensic technology, Cryptography, Steganography, NLP and Machine Learning