0
Salut à tous, We are pleased to announce that we will be presenting our “Exploiting and Defending Mobile” training course @CanSecWest. Our “Exploiting and Defending Mobile” training will provide you with two days of insight into the world of mobile hacking. The course is designed to keep a balance between theoretical knowledge & practical experience….
0
Introduction In a typical run-time web application security assessment, we often use an HTTP proxy to intercept and manipulate client-server traffic. For web applications, configuring browser settings to get proxying started is pretty straightforward. However, for mobile applications, mobile platforms/operating systems (e.g. Android, BlackBerry) do not necessarily support proxying application traffic natively. This guide will…
![toorcon[1]](/wp-content/uploads/2011/11/toorcon1-150x150.jpg "Mobile Security Presentations from ToorCon and MISTI")
0
Max Veytsman and Subu Ramanathan have just returned from presenting mobile security talks at ToorCon in San Diego and the MISTI Mobile and Smart Device Conference in Atlanta. The talks were entitled “Bust a Cap in an Android App” and “DEEP DIVE: Pentesting the Android and iPhone” Both slide decks are available below: Download “DEEP…
![androidAttack[1]](/wp-content/uploads/2011/11/androidAttack1-150x150.png "Weaponizing the Android Emulator (plus a new tool)")
0
Today, we’re going to look at a scenario where the Android Emulator can be repurposed as an exploitation tool. Specifically, we will look at attacks that involve cloning an application and user data from a stolen Android phone onto a computer running the Android emulator. An attacker that does this will be able to use…
0
This video demonstrates how to bypass the password screen on an android. If you lose your phone, someone who finds it can use this attack to get around the password you set. This attack requires a phone with an unlocked bootloader. Some phones come with unlocked bootloaders, and on others users do this as part…
0
It is a well-documented fact that information transfer over the internet is transitioning over to mobile devices at an alarming rate. Here are some links that provide a high level statistical view of my claim (often, some simple Google-fu will yield the same results): Mobile Applications Downloads Approached Eight Billion in 2010: http://www.itu.int/ITU-D/ict/newslog/Mobile+Applications+Downloads+Approached+Eight+Billion+In+2010.aspx Global Mobile Statistics…