THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK...

13
THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC [email protected] WWW.ZWILLGENBLOG.COM @GRANICK ON TWITTER AUGUST 4, 2011

Transcript of THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK...

Page 1: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

THE LAW OF MOBILE HACKING

JENNIFER STISA GRANICK ZWILLGEN PLLC

[email protected] WWW.ZWILLGENBLOG.COM

@GRANICK ON TWITTER

AUGUST 4, 2011

Page 2: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

»  Installing Code on the Phone

»  Studying Malware Distribution

»  SMS Trojans/SPAM

»  Spoofing the Base Station

»  Hacking Other Peripherals

»  Hacking your Work Phone

»  Listening to Calls, Reading SMSs

»  Location Tracking

»  Securing from Law Enforcement Access

MOBILE SECURITY AND LEGAL ISSUES

Page 3: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

INSTALLING CODE LOCKED PHONES (e.g. iPHONE) DON’T ALLOW CODE INSTALLATION

‒  SDK LICENCE

‒  EULA

‒  TECHNOLOGICAL RESTRICTIONS

ANTI-CIRCUMVENTION PROVISIONS ‒  ACTS OF CIRCUMVENTION

‒  TRAFFICKING IN CIRCUMVENTION DEVICES

COPYRIGHT OFFICE RULEMAKING: ‒  INTEROPERABILITY WITH COMPUTER PROGRAMS TO RUN ON THE

HANDSET

Page 4: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

STUDYING MALWARE LIMITED DISTRIBUTORS APP STORE/MARKETPLACE: REVERSE ENGINEERING PROHIBITED

APP LICENSE MAY HAVE A NO REVERSE ENGINEERING TERM

TECHNIQUES FOR DOING THE RESEARCH ‒  AVOID AGREEING TO THE EULA

‒  USE A NON-INFRINGING COPY

‒  DESTROY COPY WHEN RESEARCH DONE

‒  CLEAN ROOM

Page 5: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

SMS TROJANS

CAN SPAM ACT OF 2003

THE COMPUTER FRAUD AND ABUSE ACT (18 U.S.C. 1030)

TELEMARKETING CONSUMER FRAUD AND ABUSE PREVENTION ACT (15 U.S.C. 1601-1608)

TELEPHONE CONSUMER PROTECTION ACT (47 U.S.C. 227)

FEDERAL TRADE COMMISSION'S AMENDED TELEMARKETING SALES RULE

Page 6: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

BASESTATION SPOOFING (SEE, E.G. CHRIS PAGET’S IMSI CATCHER FROM 2010)

FCC REGULATIONS RE: Licensed frequencies

CALL INTERCEPTION: WIRETAP ACT

TRAFFIC INTERCEPTION: PEN REGISTER/TRAP AND TRACE

NETWORK IMPERSONATION

Page 7: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

HACKING PERIPHIALS SECURITY CAMERAS, TRAFFIC CONTROL SYSTEMS, HOME AUTOMATION SYSTEMS CONTROLLABLE OVER THE PHONE

NETWORK

UNAUTHORIZED ACCESS: ‒  ARE THEY COMPUTERS?

‒  REQUISITE DAMAGE, LOSS?

Page 8: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

HACKING YOUR OWN PHONE EMPLOYMENT AGREEMENT

NON-DISCLOSURE AGREEMENT

TRADE SECRET MISAPPROPRIATION

CFAA?

Page 9: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

LISTENING TO CALLS READING SMS

INTERCEPTION OF CONTENT

ACCESSING STORED CONTENT

WHAT IS STORED?

WHAT IS ELECTRONIC STORAGE?

SERVICE PROVIDER EXCEPTIONS

Page 10: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

LOCATION TRACKING NEWS OF THE WORLD-STYLE

SOMETIMES, TRANSACTIONAL DATA IS CONTENT ‒  WIRETAPPING OR PEN/TRAP?

GPS TRACKING

STALKING

INTRUSION INTO SECLUSION

OTHER PRIVACY TORTS?

Page 11: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

GOVERNMENT ACCESS

CELL TOWER TRIANGULATION AND ECPA

GPS TRACKING, FOURTH AMENDMENT, LEAHY BILL

ECPA STATUS OF SMS MESSAGES: QUON V. ARCH WIRELESS

SEARCH INCIDENT TO ARREST

BORDER SEARCHES

Page 12: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

Please turn in your completed feedback form at the

registration desk.

Page 13: THE LAW OF MOBILE HACKING - Black Hat Briefings · THE LAW OF MOBILE HACKING JENNIFER STISA GRANICK ZWILLGEN PLLC JENNIFER@ZWILLGEN.COM @GRANICK ON TWITTER AUGUST 4, 2011 » Installing

JENNIFER STISA GRANICK ZWILLGEN PLLC

[email protected] WWW.ZWILLGENBLOG.COM

@GRANICK ON TWITTER


Hacking: Computer Hacking Beginners Guide

Hacking: Computer Hacking Beginners Guide

Surgical Wound Healing and Management (Granick M.S., Gamell R.L. - 2007 - Informa Healthcare)

Surgical Wound Healing and Management (Granick M.S., Gamell R.L. - 2007 - Informa Healthcare)

17th Large Installation Systems Administration Conference ... · confused judges, at least for a while. PANEL BRIEF CONCLUDING REMARKS Jennifer Granick, Stanford CIS; ... dle.”In

17th Large Installation Systems Administration Conference ... · confused judges, at least for a while. PANEL BRIEF CONCLUDING REMARKS Jennifer Granick, Stanford CIS; ... dle.”In

Hacking Rapidshare Complete Hacking Process

Hacking Rapidshare Complete Hacking Process

Hacking Wireless World, RFID hacking

Hacking Wireless World, RFID hacking

Computer Crime Year In Review - DEF CON · Computer Crime Year In Review: MySpace, MBTA, Boston College and More Jennifer Stisa Granick, EFF Civil Liberties Director Kurt Opsahl,

Computer Crime Year In Review - DEF CON · Computer Crime Year In Review: MySpace, MBTA, Boston College and More Jennifer Stisa Granick, EFF Civil Liberties Director Kurt Opsahl,

GOOGLE HACKING GOOGLE HACKING - Chambet

GOOGLE HACKING GOOGLE HACKING - Chambet

JENNIFER STISA GRANICK (SBN 168423) RIANA … Technologists Apple Brief...the execution of a search warrant on a black lexus is300, california license plate 35kgd203 ed no. cm 16-10

JENNIFER STISA GRANICK (SBN 168423) RIANA … Technologists Apple Brief...the execution of a search warrant on a black lexus is300, california license plate 35kgd203 ed no. cm 16-10

Jennifer Stisa Granick, Esq. (SBN 168423) Matthew ... Shaffer violated the Fourth Amendment to the United States Constitution in searching Plaintiffs ... Benton County, ... study groups,

Jennifer Stisa Granick, Esq. (SBN 168423) Matthew ... Shaffer violated the Fourth Amendment to the United States Constitution in searching Plaintiffs ... Benton County, ... study groups,

Ethical hacking - Good Aspect of Hacking

Ethical hacking - Good Aspect of Hacking

Granick D. the Ministry as Maximising Unit in Soviet Industry

Granick D. the Ministry as Maximising Unit in Soviet Industry

GOOGLE HACKING GOOGLE HACKING

GOOGLE HACKING GOOGLE HACKING

Ah-Young Jee, Boyce Tsang and Steve Granick Agroups.mrl.uiuc.edu/granick/Publications/s/2014...In practice, the smaller particles are most often non-adsorbing, low-molecular-weight

Ah-Young Jee, Boyce Tsang and Steve Granick Agroups.mrl.uiuc.edu/granick/Publications/s/2014...In practice, the smaller particles are most often non-adsorbing, low-molecular-weight

Ethical Hacking and Countermeasures - Varutra · Hacking Concepts o Hacking vs. Ethical Hacking o Effects of Hacking on Business o Who Is a Hacker? o Hacker Classes ... Ethical Hacking

Ethical Hacking and Countermeasures - Varutra · Hacking Concepts o Hacking vs. Ethical Hacking o Effects of Hacking on Business o Who Is a Hacker? o Hacker Classes ... Ethical Hacking

Hacking Tips & Tricks - OWASP 2 Agenda Security Incidents Vulnerability Assessment Wireless Hacking Bluetooth Hacking Advance password hacking

Hacking Tips & Tricks - OWASP 2 Agenda Security Incidents Vulnerability Assessment Wireless Hacking Bluetooth Hacking Advance password hacking

HACKING AUTHENTICATION CHECKS IN WEB … · INDEX •Hacking Authentication Checks in Web Applications Hacking Application Designs Hacking J2EE Container Managed Authentication Hacking

HACKING AUTHENTICATION CHECKS IN WEB … · INDEX •Hacking Authentication Checks in Web Applications Hacking Application Designs Hacking J2EE Container Managed Authentication Hacking

Ah-Young Jee, Boyce Tsang and Steve Granick Agroups.mrl.illinois.edu/granick/Publications/s/2014...crystallize1,2, for example) is the so-called depletion interaction, in which the

Ah-Young Jee, Boyce Tsang and Steve Granick Agroups.mrl.illinois.edu/granick/Publications/s/2014...crystallize1,2, for example) is the so-called depletion interaction, in which the

Hacking health-camp - Hacking Health

Hacking health-camp - Hacking Health

CORSO CYBERSECURITY HACKING ETICO AVANZATO · CORSO CYBERSECURITY – HACKING ETICO AVANZATO Hacking ETICO ... • Google Hacking Tool: Google HackingDatabase (GH B) • Google Hacking

CORSO CYBERSECURITY HACKING ETICO AVANZATO · CORSO CYBERSECURITY – HACKING ETICO AVANZATO Hacking ETICO ... • Google Hacking Tool: Google HackingDatabase (GH B) • Google Hacking

HACKING AND WAYS TO PREVENT HACKING

HACKING AND WAYS TO PREVENT HACKING