HOPE XV (2024): "BADBOX: Behind the Scenes of an Android Supply-Chain Attack" (Download)
Saturday, July 13, 2024: 3:00 pm (Little Theatre): "Thank you for your order, sir, would you like malware with that?" While supply-chain attacks on consumer electronics are nothing new, we see no signs of these attacks letting up. In 2023, EFF confirmed findings of click fraud malware coming pre-loaded on obscure brand Android set-top TV boxes. This malware was also found to allow botnet controllers to establish a residential proxy using the infected devices' Internet connections, allowing traffic originating remotely to appear as though it came from the set-top box buyers. After many months of reports and investigations into the botnet (now dubbed "BADBOX"), device resellers like Amazon and AliExpress were still making these devices available. In response, Bill's team at the EFF issued a complaint to the FTC and are uncovering details about the fraud operation in order to hold accountable those responsible for harms to consumers. This talk will share some of their findings, as well as raising further questions concerning the digital divide and access, the scale of attacks consumers now face, and what steps both regulators and consumers can take to protect against these types of attacks.
Bill Budington