2026-06-04 –, Track 1
Inside BADBOX 2.0: Exposing and Disrupting a Global Android Supply Chain Threat
The BADBOX 2.0 operation represents one of the most sophisticated examples of cyber-enabled fraud discovered in recent years. Targeting over a million Android open source project devices globally, including CTV streaming boxes, tablets, and car infotainment systems, this global campaign exploited legitimate hardware supply chains to create a distributed infrastructure for proxy jacking, ad fraud, and persistent remote access.
This session explores how our team identified, investigated, and ultimately disrupted BADBOX 2.0. Building on years of experience uncovering ad fraud and coordinated actor networks, we applied advanced open-source intelligence (OSINT) techniques, device telemetry analysis, and infrastructure correlation to connect activity across continents. These methods led to attribution not only to specific factories but also to the individuals responsible for large-scale distribution of compromised devices.
We will discuss the technical discovery and disruption process, from firmware analysis and reverse-engineering to intelligence fusion and partnership coordination. Attendees will learn how we collaborated with industry peers and ecosystem stakeholders to share intelligence, mitigate impact, and prevent re-emergence of the threat.
The talk will focus on actionable lessons for cyber professionals and defenders. We will present reusable frameworks for analyzing multi-layered criminal infrastructures that cross from consumer devices into enterprise networks. Attendees will walk away with practical approaches for managing complex supply chain threats, developing partnerships to amplify disruption, and enhancing organizational resilience against emerging fraud ecosystems.
Gavin Reid serves as the CISO for HUMAN Security, a cybersecurity company that specializes in safeguarding enterprises against digital attacks while preserving user experiences. In addition, he oversees HUMAN’s global IT and security operations and leads the Satori Threat Intelligence and Research Team.
Gavin began his cybersecurity career in information security at NASA's Johnson Space Center. He later created Cisco's Security Incident Response Team (CSIRT), Cisco's Threat Research and Communications (TRAC), and Fidelity's Cyber Information Group (CIG). Before joining HUMAN, Gavin served as the CSO for Recorded Future, where he was responsible for ensuring the protection, integrity, confidentiality, and availability of all customer-facing services, internal operational systems, and related information assets. For more than 20 years, Gavin has managed every aspect of security for large enterprises.