Last Tuesday, Patrick Szeto and I presented “Bust a Cap in a Mobile App” at SecTor, our talk about pentesting Android applications. The slides are available here: Download PPT.

Today, we’re going to look at a scenario where the Android Emulator can be repurposed as an exploitation tool. Specifically, we will look at attacks that involve cloning an application and user data from a stolen Android phone onto a computer running the Android emulator. An attacker that does this will be able to use…

This video demonstrates how to bypass the password screen on an android. If you lose your phone, someone who finds it can use this attack to get around the password you set. This attack requires a phone with an unlocked bootloader. Some phones come with unlocked bootloaders, and on others users do this as part…

It is a well-documented fact that information transfer over the internet is transitioning over to mobile devices at an alarming rate. Here are some links that provide a high level statistical view of my claim (often, some simple Google-fu will yield the same results): Mobile Applications Downloads Approached Eight Billion in 2010: http://www.itu.int/ITU-D/ict/newslog/Mobile+Applications+Downloads+Approached+Eight+Billion+In+2010.aspx Global Mobile Statistics…