Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Phantom Menace - How can one mobile App rot everything?

The Phantom Menace - How can one mobile App rot everything?

Alexey Troshichev
@hackappcom

OWASP Japan

March 02, 2016
Tweet

More Decks by OWASP Japan

Other Decks in Technology

Transcript

  1. Who am I? - Work hard on defense - Have

    fun in offense - Break things 1 Alexey Troshichev @hackappcom
  2. What may be wrong with an App? - Insecure transfer

    - Injections - Insecure storage - Architecture flaws 2 OWASP mobile for details
  3. App is dangerous for users. What’s about vendors? Why should

    we waste time attacking one user, when we can just break into backend to get them all? 4
  4. What can an App tell us? - Environment disclosure -

    Common authentication data - Built-in accounts - Anything you can’t even imagine =) 5
  5. Why it’s interesting? - Static analysis - We are just

    searching strings…and it could be automated =) 6
  6. Steps - Containers recursive traversal - Unusual files search -

    Selective GREP - Structure validation (sqlite, binXML,plist, etc..) 10