This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, October 28 • 16:00 - 17:00
Smart Sheriff, Dumb Idea. The wild west of government assisted parenting

Sign up or log in to save this to your schedule and see who's attending!

Would you want to let your kids discover the darker corners of the internet without protection? Wouldn't it be handy to know what they do online, to be alerted when they search for dangerous keywords and to be able to control what websites they can visit, and even when they play games?

Worry no longer, the South Korean government got you covered. Simply install the "Smart Sheriff" app on your and your kids' phones. Smart Sheriff is the first parental-control mobile app that has been made a legally required, obligatory install in an entire country! Yay, monitoring!

Well, something shady yet mandatory like this cannot go without an external pentest. And even better, one that wasn't solicited by the maintainer but initiated by the OTF and CitizenLab and executed by the Cure53 team! In this talk, two of the Cure53 testers involved into the first and, who would have guessed, second penetration test against the "Smart Sheriff" app, will share what they found. Maybe all was fine with the app, maybe the million kids forced to have this run on their devices were all safe. Maybe. But would there be a talk about it then?

We all know, mandated surveillance apps to protect children are a great idea, and outsourcing to the lowest bidder, always delivers the best results. Right?

Going over the first and second pentest results we will share our impressions about the "security" of this ecosystem and show examples about the "comprehensive" vendor response, addressing "all" the findings impeccably. This talk is a great example of how security research about a serious political decision and mandate might achieve nothing at all - or show, how a simple pentest together with excellent activist work can maybe spark a political discussion and more.


Abraham Aranguren

Abraham was an honors student in Information Security at university. His work experience from 2000 until 2007 was mostly defensive: Fixing vulnerabilities, source code reviews and later on trying to prevent vulnerabilities at the design level as an application and framework architect. From 2007 forward Abraham focused more on the offensive side of security with special focus on web app security. | He is a senior member of the Cure53 team, and... Read More →

Fabian Fäßler

Fabian did his bachelors degree in collaboration with IBM and is now doing his masters degree at the technical university in Berlin. He was always interested in IT security, but started to seriously get into it, after he discovered CTF competitions in 2011, and has since won the the German Cyber Security Challenge twice. Fabian is a senior penetration tester for Cure53 and holds an Offensive Security Certified Professional (OSCP) certification... Read More →

Friday October 28, 2016 16:00 - 17:00
01. Westvleteren University