Hacktivity_2019_Conference_Chemerkin_Yury.pdf

YuryChemerkin 22 views 19 slides Jul 19, 2024
Slide 1
Slide 1 of 19
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19

About This Presentation

Presentation by Yury Chemerkin on hacking health, wearable and smart apps to prevent data leakage. Covers forensics capabilities, data extraction from various fitness and health apps, and security issues with mobile and IoT devices.

Size: 1.82 MB
Language: en
Added: Jul 19, 2024
Slides: 19 pages

Slide Content

BREAKINGSMART.
H
ACKINGHEALTH, WEARABLEAND SMART
APPSTOPREVENTLEAKING
YURY CHEMERKIN
MULTI-SKILLED SECURITY EXPERT
CJSC ADVANCED MONITORING

YURY CHEMERKIN
I have 10+ years of experience in information
security. I‘m amulti-skilled security expert on
security & compliance and mainly focused on
privacy and leakage showdown. Key activity
fields are EMM and Mobile &, Cloud
Computing, IAM, Forensics & Compliance.
Ipublished many papers on mobile and cloud
security, regularly appears at conferences such
as CyberCrimeForum, HackerHalted, DefCamp,
NullCon, OWASP, CONFidence, Hacktivity,
Hackfest, DeepSec Intelligence, HackMiami,
NotaCon, BalcCon, Intelligence- Sec, InfoSec
NetSysAdmins, etc.
LINKEDIN:
HTTPS://WWW.LINKEDIN.COM/IN/YURYCHEMERKIN
TWITTER: @YURYCHEMERKIN
EMAIL: [email protected]

SMART ISSUES
FORENSICS
CAPABILITIES
SPORT &
HEALTH
SECURITY &
TIPS

SECURITY NOWADAYS. FORENSICS
DIRECTION
APP SERVERS HEALTH
VENDOR
CLOUD
CDN 3
RD
PARTY
CLOUD
BACKUP OF
DEVICE
MOBILE DEVICE 2FA LEAKED
DATABASE

FORENSICS TOOLS. ADVERTISEMENT IS
NOT SCARIEST THING IN THE WORLD 

FORENSICS. UNSTOPPABLE ACCESS

STRAVA
GOOGLE,
CRASHLYTICS,
FACEBOOK,
ZENDESK,
IO.BRANCH
NETWORK
DATA IS
PROTECTED
FROM MITM
CREDENTIALS,
PROFILE AND
MEASURES
SPORT GEAR
MEASURES IF IT
EXISTS
MAINLY KEEP
ON STRAVA
SERVERS
GEO DATA IN
BACKUPS
ZENDESK
USERID&
TOKEN
+ BASIC
PROFILE
PHOTOS
TAKEN BY
USERS ON
CLOUDFRONT

FORENSICS. DEVELOPED IN A MAC
STYLE 

CLOUDY DATA. EXTRACTION

RUNGAPAPP.
AN EXCHANGE INTERFACE FOR DATA
DROPBOX
SUPPORTS
SPORT
ACTIVITIES
HEALTH DATA BODY
MEASURES
ZIPPED FILES
ROUTES MAPS

ALTERNATIVE SOURCES ARE NOT
SUPPORTED

ALTERNATIVE SOURCES ARE NOT
SUPPORTED. ~50 APPS W/O 2FA
•GeneralSport:Strava,RunGap,Pacer,NikeRUNClub&Training,
MyFitnesspal
•Gym:Smartgym,Gymaholic,GYM&Freelitcs,Flexi,Hussle,Strong
•Health&Sleep:Pillow,HeartWatch,SleepWatch,Welltory
•SummerSports:RunKeeper,Road&MountainBike,iSkate,Bike
Tracks,SpeedTracker,CycleMeter,FitMeterBike,Crono,Altimeter
•WinterSports:Ullr&UllrMaps,Squawalpine,Snowforecast,
SnocRu,Slopes,Skitude,SkiTracks,SkiAR,JollyTurns,Riders,Fatmap,
Avalanche
•Workouts:Workouts++,Running,Gymatic,Gymnotize,Muscle
Booster,Fitnessbuddy,Centr,Bodyweight,AsanRebel,Training
(Adidas,Runtastic)

DOWNLOADS W/O RESTRICTIONS.
PUBLIC DATA, BACKUP ACROSS CLOUDS
SLEEPWATCH:
SLEEP & HEART
DATA
ROADBIKE,
MOUNTAIN BIKE:
IMAGES ON CDN
PACER:
WORKOUTS,
HEATH & GPS
SKITUDE: RIDER LIST
AND THEIR TRACKS

SHARING YOUR DATA. LEAKING OUT
OF HEALTH APP
INTER-ACCESS:
GYMAHOLIC,
WELLTORY,
FATMAP,
CYCLEMETER
DISCOVERING IDS:
MUSCLE BOOSTER
TRANSFERRING:
WELLTORY
NOT CLEANING:
GYMNOTIZE

SECURE APPS. NO DATA, NO ISSUES
•No backup data, no network data
•Speed tracker, Altimeter
•Workouts++, Gymatic, Flexi, Hussle, & Smart gym, BodyWeight
•Squaw alpine, JollyTurns, Avalance
•No network data
•Pillow, SleepWatch
•Cyclemeter, FitmeterBike, Crono
•Muscle Booster
•No backup data
•Pacer, GYM & Freelitcs, Gymnotize, Centr
•Ullr & Maps, Snow Forecast, Slopes

OVERLOADED APPS
ROAD BIKE, MOUNTAIN
BIKE, ISKATE, BIKE
TRACKS, CYCLEMETER,
FITMETERBIKE, FATMAP,
RUNNING, WELLTORY,
RUNKEEPER
ULLR & MAPS, SNOW
FORECAST, SLOPES,
SKITUDE, SKITRACKS,
RIDERS, FATMAP, FITNESS
BUDDY, CENTR,
WELLTORT
ISKATE, SKITRACKS,
FITNESS BUDDY, CENTR,
RUNKEEPER

MOBILE, Io T, CLOUDS…
IT’S TIME TO HIRE A RISK MANAGER!
HOW TO CONTACT ME ?
ADD ME IN LINKEDIN:
HTTPS://WWW.LINKEDIN.COM/IN/YURYCHEMERKIN
YURY CHEMERKIN
SEND A MAIL TO:[email protected]
Tags
yury chemerkin conference presentation iot smart applications smart devices mobile mobile security cloud security security information security cyber security hacktivity
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 22
  • Slides 19
  • Age 503 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
Know for Certain 21
Know for Certain
DaveSinNM
23 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views
View More in This Category