Boston Security April 2024 Meetup

Important Notice

All meetup venues we currently use require us to provide a list of names (First & Last) to their door security so they can check people in at the time of the event. We are also required to bring "a picture ID" that matches the name we provide at the time of registration. Please be mindful of this requirement and provide the necessary information to ensure a smooth check in process at the door. Thank you for your cooperation - the management!

ONLY HUMANS ALLOWED AT THIS EVENT

What: Our usual 2 presentation format continues. We also will have a cool sticker swap and show & tell slot.

>>> Bring your favorite stickers and tell us where you got it. Bring extras and swap it with fellow security enthusiasts at the sticker swap table! <<<

Talk #1 - Smart home robots security and privacy by Dennis Giese
Description - Over the last 7 years we have been hacking and rooting vacuum robots. This research was presented at DEFCON, CCC and NULLCON. With the recent rooting methods, we are covering the top 4 vacuum robot vendors and allow users to disconnect their devices from the cloud.

In this talk, we will go over the research and findings of smart home robots of the past years. This not only includes vacuum robots, but also covers mobile air purifiers and lawnmowers. Learn what cool sensors these devices have, how to hack them and what potential impact it has on your privacy. We will also talk about our impact of our research on the whole smart home industry.

Speaker - Dennis is a researcher with focus on the security and privacy of IoT devices. You might know his vacuum robot or smart lock talks.

Talk #2 - Overview of PROXYLIB Campaign by Lindsay Kaye

Description - In May 2023, we identified a cluster of VPN apps available on the Google Play Store that transformed the user’s device into a proxy node without their knowledge. We’ve dubbed this operation PROXYLIB.

Other researchers identified this malicious behavior in a single free VPN application—Oko VPN— which resulted in the app's removal from the Play Store. Based on further analysis of Oko VPN, Satori researchers uncovered 27 additional applications related to PROXYLIB. These apps shared a common native library, written in Golang, that enrolls the device as a proxy node. This talk will provide a high-level overview of the PROXYLIB Android malware and take the listener through the changes we observed in response to defenders’ actions.

Speaker - Lindsay Kaye is the Vice President of Threat Intelligence at HUMAN Security. Her technical specialty spans the fields of malware analysis and reverse engineering, with a keen interest in dissecting custom cryptographic systems. Lindsay is an internationally-recognized cybersecurity speaker and author. Lindsay holds a BS in Engineering with a Concentration in Computing from Olin College of Engineering and an MBA from Babson College.

When: April 18, 2024. 6:30 PM

Where: Rapid 7
120 Causeway St #400
Boston, MA - 02144