State sponsored stalking ?! presented at BSidesLondon 2019

by Paul Rascagneres,

Summary : With the advent of social networks followed by Secure Instant Messaging (S’IM), privacy became more and more important for the public. To the point where S’IM became a problem for some states. For one side this lead to the block of Telegram in countries like Russia and Iran and Instagram in Iran. But also lead to the appearance of cloned Telegram and Instagram applications under the cover of enhanced features or censorship bypass. When the reality is that, although allowed access to the legitimate service, would also allow its operators complete access to the contacts and chats for its users. Some of these applications can even be found on the legitimate Google Play Store with thousands of downloads and on some cases I around 1 million of users using these applications. I will show a various of examples of such cloned applications and the different techniques used to report back. I will also show that the developers of such S’IM applications also bare some of the responsibility for these attacks, by lacking transparency and proper defaults on their applications. But also because some of their features are prone to be abused and still they decide not to do their due diligence on these matters. With my presentation I want the audience to understand that S’IM are being abused to spy on public, in scales that are beyond comprehension. The problem is not limited to rogue application stores or to state sponsored groups, it can be deployed by any malicious actor with the proper knowledge. Finally, these attacks are possible not only due to the lack of security awareness of the public in general, but also because S’IM developers are not doing their share to improve the security of their users.