Mona

Mona Wang is an information security researcher working to protect privacy, security, and digital freedoms on the Internet. She is currently a postdoctoral researcher at UC Berkeley, and in 2027 will join the University of Toronto as an Assistant Professor affiliated with the Citizen Lab. She received her Ph.D. in Computer Science from Princeton University, where her dissertation focused on preventing mass surveillance through strengthening network security. Previously, she was a Staff Technologist at the Electronic Frontier Foundation.

Avatar of Mona

Events with this speaker

Day 2
11:00
60m
Protecting the network data of one billion people: Breaking network crypto in popular Chinese mobile apps

In this talk, I will describe how my team and I systematically exploited around a dozen home-rolled network encryption protocols used by popular mobile apps like RedNote, Alipay, and some of the most popular mobile browsers in China to encrypt sensitive information. I'll demonstrate how network eavesdroppers could access users' browsing history and mobile activity. This is a systemic issue; despite our work on the above protocols and the resulting vulnerability disclosures, this plague of home-rolled and proprietary encryption is still at large. I will end by discussing how we got here, re-affirm the age-old adage, “Don’t roll your own crypto!”, and call on hackers around the world to help us move towards HTTPS everywhere in understudied app ecosystems.

SecurityOne