CNIT 128: Hacking Mobile Devices

37712 Weds 06:10-09:00 pm SCIE 204

Spring 2017 Sam Bowne

Schedule · Slides · Projects · Links · Home Page


Catalog Description

Mobile devices such as smartphones and tablets are now used for making purchases, emails, social networking, and many other risky activities. These devices run specialized operating systems have many security problems. This class will cover how mobile operating systems and apps work, how to find and exploit vulnerabilities in them, and how to defend them. Topics will include phone call, voicemail, and SMS intrusion, jailbreaking, rooting, NFC attacks, malware, browser exploitation, and application vulnerabilities. Hands-on projects will include as many of these activities as are practical and legal.

Advisory: CNIT 113 and 123, or equivalent familiarity with hacking computers and operating mobile devices

Upon successful completion of this course, the student will be able to:
  1. Describe the risks of using mobile devices for common activities such as making phone calls, emailing, and shopping
  2. Explain cellular network functions, attacks, anbd countermeasures for voice calls, voicemail, and SMS
  3. Perform and analyze jailbreaks for iOS devices
  4. Analyze the Android security model and rooting
  5. Recognize types of mobile malware and anti-malware options
  6. Identify Web browser services and attacks on mobile platforms and recommend countermeasures
  7. Configure and defeat locking, remote location and wiping services
  8. Explain common mobile app risks and make intelligent decisions when installing and using them
  9. Evaluate the functions and risks of mobile payment services, such as Google Wallet


"Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018 Buy from Amazon

Optional additional book: iOS App Reverse Engineering (free PDF)


The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is available for one week, up till 5:30 pm Weds. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the second score is the one that counts, not necessarily the higher score.

To take quizzes, first claim your RAM ID and then log in to Canvas here:

Schedule (may be revised)

DateQuiz & ProjTopic

Wed 1-18  Is Your Mobile App Secure?

Wed 1-25  1: The mobile risk ecosystem

Wed 2-1 2: Hacking the cellular network

Fri 2-3 Last Day to Add Classes

Wed 2-8Ch 1 Quiz due before class
Ch 2 Quiz due before class
Proj 1 due
3: iOS (Part 1)

Wed 2-15 Class Cancelled for RSA
Wed 2-22Ch 3 Quiz due before class
Proj 2-4 due
3: iOS (Part 2)

Wed 3-1Ch 4 (Part 1) Quiz due before class
Proj 5 due
4: Android (Part 1)

Wed 3-8Ch 4 (Part 2) Quiz due before class 4: Android (Part 2)

Wed 3-15Ch 5 Quiz due before class
Proj 6 and 7 due
5: Mobile malware

Wed 3-22Ch 6 (Part 1: Beginning Through OAuth) Quiz due before class
Proj 8 due
6: Mobile services and mobile Web (Part 1: Beginning Through OAuth)

Wed 3-29 Holiday -- No Class

Wed 4-5Ch 6 (Part 2: SAML to end) Quiz due before class
Proj 9 due
6: Mobile services and mobile Web (Part 2: SAML to end)

Wed 4-12Ch 7 Quiz due before class
Proj 10-11 due
7: Mobile Device Management

Wed 4-19Ch 8 Quiz due before class
Proj 12 due
8: Mobile development security

Wed 4-26Ch 9 Quiz due before class
Proj 13 due
9: Mobile payments

Wed 5-3No Quiz
Open Lab in S214
Wed 5-10 Class Cancelled for CyberSecureGov in Washington, DC
Wed 5-17Last class
No Quiz
All Extra Credit Projects Due
Open Lab in S214
Wed 5-24  Final Exam -- SCIE 204


Printable schedule
Student agreement

Is Your Mobile App Secure? · PPT · KEY · PDF
1: The mobile risk ecosystem · KEY · PDF
2: Hacking the cellular network · KEY · PDF
3: iOS · KEY · PDF
4: Android · KEY · PDF
5: Mobile malware · KEY · PDF
6: Mobile services and mobile Web (part 1: Beginning Through OAuth) · KEY · PDF
6: Mobile services and mobile Web (part 2: SAML to end) · KEY · PDF
7: Mobile Device Management · KEY · PDF
8: Mobile Development Security · KEY · PDF
9: Mobile payments · KEY · PDF

Click a lecture name to see it on SlideShare.
If you want to use other formats, you may find this useful:
Cloud Convert.

Projects (under revision)

Preparing an Android Auditing Systm

Project 1: Android Studio on Mac or Windows (10 points)
Project 1u: Android Studio on Ubuntu Linux (10 points) (updated 1-18-17)
Project 2: Genymotion and Burp (20 points)

Simple Security Errors

Project 3: Observing the TD Ameritrade Log (10 points)
Project 4: Mayo Clinic Medical Transport App Hardcoded Password Exposure (10 points)

Insecure Encryption

Project 5: GenieMD Broken SSL (10 points) *Updated 3-1-17)
Project 6: Stitcher Caesar Cipher (10 pts. + 10 pts. extra)

SSL Auditing

Project 7: Making an SSL Auditing Proxy with a Mac and Burp (20 pts.)

iPhone Apps

Project 8: Disassembling the Stitcher iPhone App with Hopper (15 pts.)
Project 9: Introduction to IDA Pro (15 pts.) (rev. 4-5-17)

Android Code Modification

Project 10: Adding Trojan Code to the Schwab Android App (20 pts.) (rev. 4-19-17)

Local File Storage on Android

Project 11: theScore Plaintext Password Storage (10 pts.)

Mobile Device Management

Project 12: MaaS360 (15 points)

Local File Storage on iOS

Project 13: "Ask A Lawyer" iOS App Plaintext Password Storage (10 pts.)

Extra Credit Projects

Project 1x: Jailbreaking an iPhone 4 (20 pts.)
Project 2x: Reverse Engineering an iPhone App (20 pts.)
Project 3x: Security Audit of An Android App (20 pts. extra credit)
Project 4x: Find a New Android Vulnerability and Report it (Up to 55 pts. extra credit)
Project 5x: Adding a Keylogger Trojan to the Citi Mobile CN Android App (15 pts.)
Project 6x: Stealing Personal Data from the Staples Android App (20 pts + 20 pts. extra credit)


Ch 1a: Mobile OS market share in the U.S. 2018
Ch 1b: Android App Vulnerablities Research
Ch 1c: How to secure, protect, and completely lock down your Android phone
Installing Burp Certificate as a System Certificate
Ch 6a: SSL broken! Hackers create rogue CA certificate using MD5 collisions (2008)
Ch 6b: Create your own MD5 collisions
Ch 6c: MD5 considered harmful today (2008)
Ch 6d: Why it's harder to forge a SHA-1 certificate than it is to find a SHA-1 collision
Ch 6e: Encryption: Android Open Source Project
Ch 6f: Android version history - Wikipedia
Ch 6g: Android Encryption Demystified | ElcomSoft blog
Stuck at 99% : noxappplayer
JustTrustMe SSL certificate UN-pinning
Android Applications Reversing 101
Android and Apple phone security: Here's an objective chart to help you decide
Android Enterprise Recommended
Ch 6h: What is LineageOS and What Happened to CyanogenMod?
Ch 6i: Paranoid Android (software) - Wikipedia
Ch 7a: Picking your compileSdkVersion, minSdkVersion, targetSdkVersion
Ch 7b: Distribution dashboard: Android Developers
Ch 7c: What has happened to Android's Distribution Dashboards?
Ch 7d: Apple will stop reporting unit sales for iPhone, iPad and Mac from next quarter (2018)
Ch 7e: Vulnerabilities with Custom Permissions
Ch 7f: Permission Downgrade Attacks and Android 5.0
Ch 7g: Android Intents - Tutorial
Ch 7h: am: Activity Manager
Ch 7i: CVE-2013-6271: Remove Device Locks from Android Phone - Cureblog
Ch 5k: whois (archived)
Ch 5j: Zone Transfer Test Online |
Android Security Analysis Tools, Part Four - MobSF | Netguru Blog on Android
Ch 7j: What is Umask and How To Setup Default umask Under Linux? - nixCraft
Ch 7k: linux - Effect of umask on text files - Stack Overflow
Ch 7l: Download Cydia for Android - Full Installation Guide
Ch 7m: Link Substrate Files failed � Issue #1 � AndroidHooker/hooker
Ch 7n: Frida -- A world-class dynamic instrumentation framework
Ch 7o: Hacking Android app with Frida
Ch 7p: Hacking Android apps with FRIDA
passionfruit: [WIP] Crappy iOS app analyzer -- TRY FOR PROJECTS
JEB Decompiler by PNF Software -- Important commercial tool
Ch 7q: Four Ways to Bypass Android SSL Verification and Certificate Pinning
MOBISEC slides for European Android Hacking Class
TrustMeAlready: Disable SSL verification and pinning on Android, system-wide
Ch 7r: CVE-2013-6271 Android Settings Remove Device Locks (4.0-4.3)
Ch 8a: PathClassLoader �|� Android Developers
Ch 8b: DexClassLoader - Android Developers
Don't Trust Google Play Protect to Shield Your Android
9 Mobile App Scanner to Find Security Vulnerabilities
Ch 8c: How to Use ADB and Fastboot on Android (and Why You Should)
Ch 8d: How to Enter Android's Bootloader and Recovery Environments
Ch 8e: Cracking Android passwords, a how-to
Ch 8f: How to crack android lockscreen passwords
Ch 8g: Android WebView addJavascriptInterface Code execution Vulnerability
Ch 8h: Android Basics: How to Enable Unknown Sources to Sideload Apps
Ch 8i: Full Disclosure: CVE-2014-7911: Android (5.0 Privilege Escalation using ObjectInputStream
Ch 8j: How Was SQL Injection Discovered?
Ch 8k: How is the Gmail password stored in Android - and where?
Ch 8l: sch3m4/androidpatternlock: A little Python tool to crack the Pattern Lock on Android devices
Ch 9a: Securing Content Providers - Secure Android App Development
Ch 9b: Online Java Editor and IDE - Fast, Powerful, Free
Ch 9c: Adventures with Android WebViews
Ch 9d: Introduction to debugging Android apps using AndBug
Ch 9e: Behavior changes: apps targeting API level 28 �|� Android Developers
Ch 9f: hardening - Why does highlight rpath and runpath as security issues?
Ch 9g: Android Hacker Protection Level 0 - DEFCON-22-Strazzere-and-Sawyer-Android-Hacker-Protection-Level-UPDATED.pdf

Back to Top
Last Updated: 5-17-17 3:41 pm