From pocket to Pwn: How we hacked a multinational Corp for $200 with what's in our pockets
Tim Shipp
BSidesSF 2026 · Day 2 · AMC IMAX
In this compelling talk at BSides SF, Tim Shipp, CTO and co-founder of Threat, unveiled a low-cost, high-impact attack vector that leveraged everyday items and overlooked security gaps to compromise a multinational corporation. Titled "From pocket to Pwn: How we hacked a multinational Corp for $200 with what's in our pockets," Shipp detailed a red team engagement where traditional methods failed against a highly resilient target. The team pivoted their focus to mobile devices, specifically targeting developers using their personal Android phones, exploiting common oversights in bring-your-own-device (BYOD) policies and the surprisingly accessible Android developer ecosystem.
AI review
A genuine red team war story with a novel attack chain: Bluetooth jamming + HID spoofing against EV infotainment systems as an initial access vector into a developer's personal Android, then pivoting into a corporate network for under $200. The technique is real, the constraints (Android 13+ process killing) are honestly addressed, and the persistence solution is creative. Not groundbreaking research, but exactly the kind of 'we actually did this' content BSides lives for.