07-13, 15:00–15:50 (US/Eastern), Little Theatre
"Thank you for your order, sir, would you like malware with that?" While supply-chain attacks on consumer electronics are nothing new, we see no signs of these attacks letting up. In 2023, EFF confirmed findings of click fraud malware coming pre-loaded on obscure brand Android set-top TV boxes. This malware was also found to allow botnet controllers to establish a residential proxy using the infected devices' Internet connections, allowing traffic originating remotely to appear as though it came from the set-top box buyers. After many months of reports and investigations into the botnet (now dubbed "BADBOX"), device resellers like Amazon and AliExpress were still making these devices available. In response, Bill's team at the EFF issued a complaint to the FTC and are uncovering details about the fraud operation in order to hold accountable those responsible for harms to consumers. This talk will share some of their findings, as well as raising further questions concerning the digital divide and access, the scale of attacks consumers now face, and what steps both regulators and consumers can take to protect against these types of attacks.
Bill Budington is a longtime activist, cryptography enthusiast, and a senior staff technologist on EFF's public interest technology team. His research has been featured in The New York Times, The Los Angeles Times, The Guardian, and cited by the U.S. Congress. He is the lead developer of Cover Your Tracks (formerly Panopticlick) and apkeep, has led HTTPS Everywhere from 2015 to 2018, and has contributed to projects like Let's Encrypt and SecureDrop. His primary interest lies in dismantling systems of oppression, building up collaborative alternatives, and, to borrow a phrase from Zapatismo, fighting for a "world in which many worlds fit."
mastodon bluesky