Moving Targets: Location-Based Threats and Mitigations

This year at ToorCon 12 in San Diego, California I will give a presentation entitled "Moving Targets.”

Location-based services are built into every major mobile platform, almost every social networking site, and more and more consumer electronics every day. These services, that record and sometimes share their users’ geographical location in real or near-real time, have been deployed by developers and embraced by users with little consideration of the threat posed by this data. An attacker who possesses the user’s location can abuse it to leverage both technical and social engineering attacks on that user. From cellular networks to web apps such as Foursquare, each layer presents a unique data set that is ripe for different attacks. In many cases, however, these threats can be mitigated with mindful application of recommendations for both location service development and usage. If you want to learn how your moving targets can avoid becoming someone else’s sitting ducks, then come to Toorcon 2010.