CNIT 128: Hacking Mobile Devices

37712 Weds 06:10-09:00 pm SCIE 204

Spring 2017 Sam Bowne

Schedule · Slides · Projects · Links · Home Page


Catalog Description

Mobile devices such as smartphones and tablets are now used for making purchases, emails, social networking, and many other risky activities. These devices run specialized operating systems have many security problems. This class will cover how mobile operating systems and apps work, how to find and exploit vulnerabilities in them, and how to defend them. Topics will include phone call, voicemail, and SMS intrusion, jailbreaking, rooting, NFC attacks, malware, browser exploitation, and application vulnerabilities. Hands-on projects will include as many of these activities as are practical and legal.

Advisory: CNIT 113 and 123, or equivalent familiarity with hacking computers and operating mobile devices

Upon successful completion of this course, the student will be able to:
  1. Describe the risks of using mobile devices for common activities such as making phone calls, emailing, and shopping
  2. Explain cellular network functions, attacks, anbd countermeasures for voice calls, voicemail, and SMS
  3. Perform and analyze jailbreaks for iOS devices
  4. Analyze the Android security model and rooting
  5. Recognize types of mobile malware and anti-malware options
  6. Identify Web browser services and attacks on mobile platforms and recommend countermeasures
  7. Configure and defeat locking, remote location and wiping services
  8. Explain common mobile app risks and make intelligent decisions when installing and using them
  9. Evaluate the functions and risks of mobile payment services, such as Google Wallet

Textbook

"Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018 Buy from Amazon

Quizzes

The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is available for one week, up till 5:30 pm Weds. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the second score is the one that counts, not necessarily the higher score.

To take quizzes, log in to CCSF's online class site here:

https://ccsf.instructure.com

Schedule (may be revised)

DateQuiz & ProjTopic


Wed 1-18  Is Your Mobile App Secure?


Wed 1-25  1: The mobile risk ecosystem
Wed 2-1 2: Hacking the cellular network
Fri 2-3 Last Day to Add Classes
Wed 2-8Ch 1 Quiz due before class
Ch 2 Quiz due before class
Proj 1 due
3: iOS (Part 1)
Wed 2-15 Class Cancelled for RSA
Wed 2-22Ch 3 Quiz due before class
Proj 2-4 due
3: iOS (Part 2)
Wed 3-1Ch 4 (Part 1) Quiz due before class
Proj 5 due
4: Android (Part 1)
Wed 3-8Ch 4 (Part 2) Quiz due before class
Proj 6 due
4: Android (Part 2)
Wed 3-15Ch 5 Quiz due before class
Proj 7 due
5: Mobile malware
Wed 3-22Ch 6 (Part 1) Quiz due before class 6: Mobile services and mobile Web (Part 1)
Wed 3-29 Holiday -- No Class
Wed 4-5Ch 6 (Part 2) Quiz due before class 6: Mobile services and mobile Web (Part 2)
Wed 4-12Ch 7 Quiz due before class
Proj 8 and 9 due
7: Mobile Device Management
Wed 4-19Ch 8 Quiz due before class
Proj 8 and 9 due
8: Mobile development security
Wed 4-26Ch 9 Quiz due before class
9: Mobile payments
Wed 5-3No Quiz
TBA
Wed 5-10No Quiz
TBA
Wed 5-17Last class
No Quiz
All Extra Credit Projects Due
TBA
Wed 5-24  Final Exam

Slides

Policy
Printable schedule
Student agreement

Is Your Mobile App Secure? · PPT · KEY · PDF
1: The mobile risk ecosystem · KEY · PDF
2: Hacking the cellular network · KEY · PDF


Slides below this line are being updated


3: iOS
4: Android
5: Mobile malware
6: Mobile services and mobile Web (part 1)
6: Mobile services and mobile Web (part 2)
7: Mobile Device Management
8: Mobile development security
9: Mobile payments

Click a lecture name to see it on SlideShare.
If you want to use other formats, you may find this useful:
Cloud Convert.

Projects (under revision)

Preparing an Android Auditing Systm

Project 1: Android Studio on Mac or Windows (10 points)
Project 1u: Android Studio on Ubuntu Linux (10 points) (updated 1-18-17)
Project 2: Genymotion and Burp (20 points)

Simple Security Errors

Project 3: Observing the TD Ameritrade Log (10 points)
Project 4: Mayo Clinic Medical Transport App Hardcoded Password Exposure (10 points)

Insecure Encryption

Project 5: GenieMD Broken SSL (10 points)
Project 6: Stitcher Caesar Cipher (10 pts. + 10 pts. extra)


PROJECTS BELOW THIS MESSAGE ARE BEING REVISED


Code Modification and Smali

6. Making a Signed App with Android Studio
7. Trojaning the Charles Schwab App -- (Normal Trojan)
8. Trojaning the Citibank App -- (HTTP Parameters Trojan)
9. Trojaning the Capital One App -- (Apache Cordova Trojan)
10. Trojaning the BanCorp App -- (String Builder Trojan)

11. Auto-Trojaning the Walmart App

Auditing Local File Storage

12. Auditing Local File Storage for the Safeway App
13. Auditing Local File Storage for the Lumosity App
14. Stitcher Local Password Storage (lower portion)

Defenses & Countermeasures

15: Obfuscating an Android App with ProGuard (10 points)
16: Obfuscating Android Source Code with DashO (15 pts. extra credit)
17: MaaS360 (15 points)

iOS Apps: SSL Auditing Proxy

18. Making an SSL Auditing Proxy with a Mac, Burp, and pf
19. Comparing Secure and Insecure iOS Apps (not public yet)

Forensics

Project 14: Acquiring a Forensic Image of an Android Phone (25 pts.)
Project X4: Acquiring an iPad image with iTunes (15 pts.) (rev. 5-6-15)
Project X6: Analyzing an iTunes Backup with Magnet Forensics' Internet Evidence Finder (15 pts.) (new 5-6-15)
Project 1: Preparing an Android Virtual Machine (25 pts.)
Project 2: Rooting Your Android Virtual Machine (10 pts.)
Project 3: Android Studio (20 pts.)

Troubleshooting Android Emulator Problems

Ubuntu Prep for Android Security Auditing

Project 4: ExploitMe Mobile Lab 1: Sniffing Insecure Connections with Burp (15 points)
Project 5: ExploitMe Mobile Lab 2: Parameter Manipulation (15 points)
Project 6: ExploitMe Mobile Lab 3: Insecure File Storage (20 points)
Project 7: ExploitMe Mobile Lab 4: Secure Logging (10 points)
Project 8: ExploitMe Mobile Lab 7: Scraping Data from RAM (15 points)
Project 9: Decompiling and Trojaning an Android App with Smali Code (15 points)
Project 10: Obfuscating an Android App with ProGuard (10 points)
Project 11: MaaS360 (15 points)

Extra Credit Projects

Project 1x: Android Security Auditing with Genymotion and Burp (20 pts. extra credit)
Project 2x: Security Audit of the NFL Android App (15 pts. extra credit)
Project 3x: Security Audit of Another Android App (20 pts. extra credit)
Project 4x: BlueStacks Android Emulator on Windows (15 pts. extra credit)
Project 5x: Trojaning an Android App and Posting Credentials on the Web (15 pts. extra credit)
Project 6x: Obfuscating Android Source Code with DashO (15 pts. extra credit)
Project 7x: Making an iPhone App with Xcode (15 pts. extra credit)
Project 8x: Security Audit of ExploitMe Mobile in Xcode (25 pts. extra credit)
Project 9x: Making a Data-Stealing Android Trojan (15 pts. extra credit)
Project 10x: Find an Android Vulnerability and Report it Correctly (40 pts. extra credit)
Project 11x: Stealing Credentials from an Android App with a SSL MITM Attack (15 pts.)

More projects are coming later

References for Projects

ExploitMe Mobile Android Labs from Security Compass
ExploitMe Mobile iPhone Labs from Security Compass
Android Assessments with GenyMotion + Burp

Links

Links for Chapter Lectures

Ch 1a: Anthony Weiner sexting scandals - Wikipedia
Ch 1b: Ten Immutable Laws Of Security (Version 2.0)
Ch 1c: How Apple and Amazon Security Flaws Led to My Epic Hacking WIRED
Ch 1d: API Gateway to manage and secure Web APIs- Axway
Ch 1e: Axway - API Gateway Free Trial
Ch 1f: Android Fragmentation Report August 2014
Ch 1g: How Apple is improving mobile app security
Ch 1h: Report: Malware-infected Android apps spike in the Google Play store (2014)
Ch 1i: 14 best antivirus Android apps (2014)
Ch 1j: Major security vulnerability in some Samsung phones could trigger factory reset via web page (2012)
Ch 1k: Vulnerability Note VU#251635 - Samsung and HTC android phone information disclosure vulnerability
Ch 1l: Carrier IQ: What it is, what it isn't, and what you need to know
Ch 1m: Secure Element (SE) Chips
Ch 1n: Apple's Worst Security Breach: 114,000 iPad Owners Exposed (2010)
Ch 1o: weev - Wikipedia
Ch 1p: WS-Security - Wikipedia
Ch 1q: Android Tablet Analysis for the 2014 Holiday Season
Ch 1r: Mobile Device Management -- Gartner Magic Quadrant (2014)

Ch 2a: How to Crack GSM A5 Encryption (from 2009)
Ch 2b: 26C3: GSM: SRSLY?
Ch 2b2: SMS DoS could kill a whole city from a single attacking device (2005)
Ch 2c: Never trust SMS: iOS text spoofing
Ch 2d: Android Vulnerability Opens Door to SMS Phishing Scams
Ch 2e: How I (Easily) Hacked Into Voice Mail (2011)
Ch 2f: Caller ID Spoofing, Voice Changing & Call Recording - Prank Calls - SpoofCard
Ch 2g: Poking at the femtocell hardware in an AT&T Microcell (2012)
Ch 2h: Hacking the Vodafone Femtocell (2009)

Ch 3a: iOS - Wikipedia
Ch 3b: Why Apple's 64-bit iPhone chip is a bigger deal than you think (2013)
Ch 3c: Position-independent code - Wikipedia
Ch 3d: Apple iOS 4 Security Evaluation -- Dino A. Dai Zovi (2011)
Ch 3e: What to Do Before You Give Away your Old iPhone (2014)
Ch 3f: How-To do many things on iPhone, with good screen images
Ch 3g: How The World Butchered Benjamin Franklin's Quote On Liberty Vs. Security
Ch 3h: New virus for jailbroken iPhones the most serious so far (2009)
Ch 3i: New Malware 'Unfold Baby Panda' Discovered on Jailbroken iOS (2014)
Ch 3j: AdThief malware infects over 75,000 jailbroken iOS devices (2014)
Ch 3k: Unlocking A New iPhone Is Now Illegal, But Jailbreaking Is Still Legal
Ch 3l: Obama Signs Cell Phone Unlocking Bill Into Law, iPhone Unlocking No Longer Illegal (Aug., 2014)
Ch 3k: Jailbreaking now legal under DMCA for smartphones, but not tablets (2012)
Ch 3n: evasi0n iOS 7.0.x Jailbreak
Ch 3o: Tethered Jailbreak vs Untethered Jailbreak
Ch 3p: Apple Kicks Security Researcher Out Of The App Store After iOS Exploit Demonstration
Ch 3q: Metasploit Exploits for MobileSafari
Ch 3r: About the security content of iOS 4.3.4 Software Update - Apple Support
Ch 3s: Analysis of the jailbreakme v3 font exploit - Sogeti ESEC Lab
Ch 3t: Source code for iKee worm
Ch 3u: Syn: IPhone Port Scan
Ch 3v: iPhone - Security 101 (from 2008)
Ch 3w: CVE-2009-1683 ICMP DoS Exploit
Ch 3x: Apple iPhone SMS Application Remote Code Execution Vulnerability
Ch 3y: Fuzzing the Phone in your Phone (Black Hat USA 2009
Ch 3z: Baseband Device - The iPhone Wiki
Ch 3z1: WireLurker Malware Infects Macs, Attacks Non-Jailbroken iPhones (Nov. 2014)
Ch 3z2: Lost iPhone? Lost Passwords!
Ch 3z3: Bypass lockscreen in iOS 6.1 with "Emergency Call" feature
Ch 3z4: Bypass lockscreen in iOS 6.1.3 with Siri
Ch 3z5: Bypass lockscreen in iOS 8 with Siri
Ch 3z6: Four-digit passcodes are a weak point in iOS 8 data encryption
Ch 3z7: How Thieves Unlock Passcodes on Stolen iPhones (And How to Protect Yourself Against It)
Ch 3z8: IP-BOX iPhone Password Unlock Tool
Ch 3z9: Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage
Ch 3z10: Signaling Post-Snowden Era, New iPhone Locks Out N.S.A. (Sept. 2014)
Ch 3z11: Apple Still Has Plenty of Your Data for the Feds - The Intercept
Ch 3z12: Apple - Apple Pay
Ch 3z13: Apple Pay vs. Google Wallet
Ch 3z14: About App Distribution
Ch 3z15: Start Developing iOS Apps Today: Setup
Ch 3z16: Start Developing iOS Apps Today: Where to Go from Here
Ch 3z17: Malicious Profiles - The Sleeping Giant of iOS Security
Ch 3z18: iOS Threats - Malicious Configuration Profiles, Threat, Detection & More
Ch 3z19: Latest iOS 'malware' is easy to detect and avoid
Ch 3z20: iCloud - Bypass - doulCi
Ch 3z21: Exploring and Exploiting iOS Web Browsers
Ch 3z22: Adding Trusted Root Certificate Authorities to iOS (iPad, iPhone) (2012)
Ch 3z23: Installing Corporate CA Certificates on iPhone or iPad (2013)
Ch 3z24: MEMSCAN dumps iOS process memory
Ch 3z25: XCode on Windows: How to Develop for Mac or iOS on a PC
Ch 3z26: Jailbreaking is annoying

Ch 4a: iPhone v. Android Market Share (May, 2014)
Ch 4b: Downloading the Source Android Developers
Ch 4c: Android Architecture - The Key Concepts of Android OS
Ch 4d: Manifest.permission Android Developers
Ch 4e: Download Android Studio and SDK Tools
Ch 4f: Google releases Android Studio 1.0, the first stable version of its IDE
Ch 4g Android Emulator
Ch 4h: Android Application hacking with Insecure Bank Part 1
Ch 4i: Brazilian Trojan Bankers -- now on your Android Play Store! (made with App Inventor)
Ch 4j: Careful with photos from unknown sources in Android: They could now contain a nasty surprise
Ch 4k: How to root your android 4.1.1 and up no computer - YouTube
Ch 4l: Root Master 1.3.6_Cekas FIX Sharebertron.blogspot.com
Ch 4m: Fastest way to Root any Android Phone Without a Computer
Ch 4n: How to install Google Play Store app manually
Ch 4o: How to Install Android in VirtualBox
Ch 4p: How to Root Galaxy S3 on Android 4.34.4.2!
Ch 4q: How to Root the Samsung Galaxy S3 on Android 4.3 Jelly Bean
Ch 4r: How to root Android x86 4.3
Ch 4s: Moonpig vulnerability in Android App -- Great example of analysis
Ch 4t: 30 Must-Try Apps For Rooted Android Phones
Ch 4u: DiskDigger undelete (root) - Android Apps on Google Play
Ch 4v: Wifi Protector Detects and Prevents ARP spoofing (Android)
Ch 4w: AFWall (Android Firewall ) - Android Apps on Google Play
Ch 4x: DroidSheep Simple OpenSource Session hijacking on Android devices
Ch 4y: drozer: a comprehensive security audit and attack framework for Android
Ch 4z1: drozer user's guide
Ch 4z2: DroidSheep : ARP-Spoofing App for Android
Ch 4z3: Linux Deploy - Android Apps on Google Play -- USE FOR PROJECT
Ch 4z4: Google abandons 60 percent of Android users (Jan. 12, 2014)
Ch 4z5: Android Forensics -- Open Course Materials!
Ch 4z6: Android Hacking and Security, Part 13: Introduction to Drozer - InfoSec Institute
Ch 4z7: Android Hacking and Security, Part 1: Exploiting and Securing Application Components - InfoSec Institute
Ch 4z8: Android Hacking and Security, Part 2: Content Provider Leakage - InfoSec Institute
Ch 4z9: Android Hacking and Security, Part 3: Exploiting Broadcast Receivers - InfoSec Institute
Ch 4z10: The insecure Android app for your hacking pleasure
Ch 4z11: NSA approves Samsung Knox for use by TOP SECRET g-men (Oct., 2014)
Ch 4z12: Deconstructing an insecure Android password manager
Ch 4z13: Android hacking apps, including SSL killers
Ch 4z14: Setting up a persistent trusted CA in an Android emulator
Ch 4z15: Signing an Android Application for Real Life Mobile Device Usage Installation
Ch 4z16: Android Assessments with GenyMotion Burp
Ch 4z17: Genymotion - User Guide
Ch 4z18: Installing Android Studio - Google Slides
Ch 4z19: Storage: Nexus 5 Data
Ch 4z20: Introduction to Android Development and Security
Ch 4z21: OWASP-GoatDroid-Project GitHub
Ch 4z22: Android Hackmes
Ch 4z23: ProjectsOWASP GoatDroid Project
Ch 4z24: How to install GoatDroid in MobiSec
Ch 4z25: Mobile PenetraUon TesUng with MobiSec
Ch 4z26: My Null Android Penetration Session
Ch 4z27: Android Application Penetration Testing: Setting up, Certificate Installation and GoatDroid Installation
Ch 4z28: OWASP Global Webinar - Jack Mannino - GoatDroid release - YouTube
Ch 4z29: Steal User Information from Android App -- GoatDroid Example
Ch 4z30: Using Introspy and Drozer to analyse GoatDroid - YouTube
Ch 4z31: Securing Android Applications With Goatdroid -- SecurityTube
Ch 4z32: Debug Howto - Android-x86 - Porting Android to x86
Ch 4z33: android - How to install Google Play Services in a Genymotion VM
Ch 4z34: Android emulator: Solution for "Please ensure Intel HAXM is properly installed and usable." error
Ch 4z35: Investigating Your RAM Usage Android Developers
Ch 4z36: Download Eclipse Memory Analyzer Tool for Android
Ch 4z37: Microsoft to Invest in Cyanogen - Taking Android Away from Google
Ch 4z38: Saving data to a file in your Android application
Ch 4z39: KitKat and SD cards -- what's fixed, what's broken and what's misunderstood
Ch 4z40: Make a filedirectory read only on Android?
Ch 4z41: Using Cryptography to Store Credentials Safely Android Developers Blog
Ch 4z42: EmulatorRoot BlueStacks 0.7.7.813 Android Development and Hacking XDA Forums
Ch 4z43: Dancing with dalvik
Ch 4z44: Can't connect Genymotion over ADB
Ch 4z45: Issue 621 - android-apktool - Exception in thread 'main' - error while compiling - A tool for reverse engineering Android apk files - Google Project Hosting
Ch 4z46: Run shell commands from android program - Stack Overflow
Ch 4z47: Adware Android Apps Found in Google Play With Millions of Downloads (2-4-2015)
Ch 4z48: Connecting to the Network Android Developers
Ch 4z49: Android Network Connection Tutorial
Ch 4z50: java - Decompile .smali files on an APK
Ch 4z51: android - decompiling DEX into Java sourcecode
Ch 4z52: android cracking: example.smali
Ch 4z53: android cracking: example-structures.smali -- has HTTP GET
Ch 4z54: Android Reverse Engineering - A Kick Start
Ch 4z55: Want to break some Android apps? -- USEFUL FOR PROJECTS
Ch 4z56: Apache HttpClient - Tutorial (for Android)
Ch 4z57: Registers - smali - Information about registers in the smali format specifically, and dalvik bytecode in general
Ch 4z58: android.os.NetworkOnMainThreadException - Stack Overflow
Ch 4z59: ProGuard
Ch 4z60: How to Use ProGuard in Android Studio
Ch 4z61: Certificate and Public Key Pinning - OWASP
Ch 4z62: Intent Android Developers
Ch 4z63: Intents and Intent Filters Android Developers
Ch 4z64: android - launch sms application with an intent - Stack Overflow
Ch 4z65: Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More (from 2011)
Ch 4z66: NESSUS ANDROID APP - stores login info in plain text on SD card
Ch 4z67: Nessus app removed from Google Play
Ch 4z68: CVE-2012-2980: Samsung and HTC PIN Data Exposure in Log
Ch 4z69: Facebook SDK logs access token
Ch 4z70: CVE-2011-4872: HTC devices expose WiFi password to malicious apps
Ch 4z71: CVE-2010-4804: Android "content:" Scheme leaks contents of SD card
Ch 4z72: HTC IQRD Android Permission Leakage CVE-2012-2217
Ch 4z73: Where is usergroup id info stored on Android and how do I inerpret it?
Ch 4z74: Android Runtime has now replaced Dalvik

Ch 5a: Mobile Viruses (from 2011)
Ch 5b: F-Secure Mobile Threat Report Q1: 2014
Ch 5c: DroidDream Becomes Android Market Nightmare (from 2011)
Ch 5d: Google's Bouncer Malware Tool Hacked (2012)
Ch 5e: An Evaluation of the Application Verification Service in Android 4.2
Ch 5f: DroidDream Malware Found in Official Android Market
Ch 5g: Best Android Antivirus Apps 2015

Ch 6a: SOAP - Wikipedia
Ch 6b: JSON
Ch 6c: Learn REST: A Tutorial
Ch 6d: OWASP Top Ten (pdf)
Ch 6e: Top Ten Mobile Risks - OWASP
Ch 6f: Web Services Description Language - Wikipedia
Ch 6g: SoapUI - The Home of Functional Testing
Ch 6h: Secure Elements for NFC Payments by Phones
Ch 6i: 6 Things You Should Know About Fragment URLs
Ch 6j: Android Reflection

Ch 7a: Top 10 Enterprise Mobility Management Suites In Gartner*quot*s Magic Quadrant
Ch 7b: MDM Policy Edit
Ch 7c: Method Swizzling
Ch 7d: Arxan EnsureIT App Protections -- POSSIBLE PROJECT
Ch 7e: Arxan Report on Mobile App Security (Nov. 2014)
Ch 7f: State of Mobile App Security Infographic -- Most Apps Have Been Hacked (Nov. 2014)

Ch 8a: Microsoft Threat Modeling (1999)
Ch 8b: Trike Threat Modeling
Ch 8c: OCTAVE | Cyber Risk and Resilience Management | The CERT Division
Ch 8d: Threat modeling - Cigital
Ch 8e: Real World Threat Modeling Using the PASTA Methodology
Ch 8f: The Dangers of Square Bracket Notation
Ch 8g: ISO/IEC 7816 - Wikipedia
Ch 8h: ISO/IEC 14443 - Wikipedia
Ch 8i: MIFARE Hacks
Ch 8j: BART uses MIFARE Cards
Ch 8k: Anatomy of a Subway Hack
Ch 8l: New open-source app extracts passwords stored in Mac OS X keychain (from 2012)
Ch 8m: Apple iOS Security White Paper
Ch 8n: Encryption | Android Developers
Ch 8o: Google*quot*s *quot*encrypted-by-default*quot* Android is NOT encrypting by default (Mar. 2015)
Ch 8p: Certificate Pinning

Ch 9a: Isis Wallet mobile payment service changes its name to Softcard
Ch 9b: Apple Pay, Samsung Pay, Google Wallet, and more: A guide to mobile payment apps (Mar. 29, 2015)
Ch 9c: Missing the EMV Liability Shift Bears a Huge Cost
Ch 9d: Apple Pay - Wikipedia
Ch 9e: Samsung Pay vs. Google Wallet vs. Apple Pay: Drawing the Battle Lines (Mar., 2015)
Ch 9f: CNN Infographic comparing mobile payment options (Mar., 2015)
Ch 9g: Android Pay Is Real, And Will Give Developers The Reins As An API (Mar., 2015)
Ch 9h: CurrentC Is The Big Retailers\' Clunky Attempt To Kill Apple Pay And Credit Card Fees (Oct., 2014)
Ch 9i: Wocket wants to replace your wallet (April, 2015)
Ch 9j: CurrentC suffers pre-launch compromise (Oct. 2014)
Ch 9k: In-depth look at CurrentC and the personal data they want to collect (Oct., 2014)
Ch 9l: Square, Inc. - Wikipedia
Ch 9m: Universal Integrated Circuit Card - Wikipedia
Ch 9n: NFC payments now possible with microSD cards
Ch 9o: DeviceFidelity gets global Visa approval for CredenSE
Ch 9p: Kili acquires NFC microSD pioneer DeviceFidelity (Nov. 2014)
Ch 9q: Square buys mPOS developer Kili (Mar., 2015)
Ch 9r: GlobalPlatform
Ch 9s: Researcher hacks Google Wallet PIN on rooted Android phone (Feb., 2012)
Ch 9t: New Cloud-Based Google Wallet Still Vulnerable to Old PIN Hack (AUg., 2012)
Ch 9u: Square and Chip-and-PIN
Ch 9v: Square's Fees and Pricing
Ch 9u: Square vs. VeriFone: A Long Rivalry

Other Links

Kindle Hacking

Stealing Books For The Kindle Is Trivially Easy (from 2007)

USB Hacking

USB Packet Capture for Windows: USBPcap tour
USBdriveby - exploiting USB in style -- USE FOR PROJECTS
Fun With Teensy - Keyboard emulation, remote shell, more, over USB -- USE FOR PROJECTS
Teensy USB Development Board -- Buy for $20 Here

Baseband Hacking

Defcon 18 - Practical Cellphone Spying - Chris Paget - Part.mov - YouTube
Fake mobile towers in central Oslo may snoop on politicians (from Dec. 2014)
Reverse engineering a Qualcomm baseband

Miscellaneous

IOT hacking process
FCC Issues $34.9 Million Fine To Company Selling Signal Jammers (June, 2014)
Download angecryption
10 VirtualBox Tricks and Advanced Features You Should Know About
PrivacyGrade -- Rating Mobile Apps
DNS Firewall
OWASP Top Ten Mobile App Risks -- Slides from 2011
Mobile App Lockdown by Jack Mannino on Prezi
Stopping HAXM resolves VMware Fusion Startup Error on a Mac
California Penal Code Section 635 - Appears to outlaw any rogue cell phone base station demo
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads -- expert (from 2014)
11 percent of mobile banking apps includes harmful code (Feb., 2015)
Protecting Source Code -- Android Obfuscators
Java & Android Obfuscator DashO -- VERY GOOD
iDevice Kernel Debugging via Lightning
Mobile Internet traffic hijacking via GTP and GRX -- Open Telnet without a password
HOW-TO:Install Kodi on Fire TV - Kodi
I hacked Sam's site!
android cracking: example.smali
Hacking Android APKs or 'how do I create my own Android trojan?'
Accessing Web Services Through Android Apps
smali - Counting locals, registers, and parameters
Calling Web Services in Android using HttpClient
How to debug smali code of an android application? - Stack Overflow
Cracking Android App Binaries - InfoSec Institute
KeyEvent Android Developers -- Maps Key Codes to charactersw
SnoopWall -- SnoopWall's Flashlight Apps Threat Report
Flashlight App Insecurity on Android (YouTube)
Getting Started with Android Forensics
DD over Netcat for a Cheap Ghost Alternative
Review of Android Partition Layout
Android - APK Signature check programmatically in runtime
android - How to get app signature? - Stack Overflow
Proof-of-concept exploit available for Android app signature check vulnerability (from 2013)
Android Security: Adding Tampering Detection to Your App
Cyber Criminals targeting call centers in Apple Pay fraud (Mar., 2015)
Google Play Hosts Data-Stealing Bank App (2014)
Fake Korean bank applications for Android -- part 2 (2014)
The South Korean Fake Banking App Scam (Feb. 2015)
Fake Mobile Banking App Discovered in Android Marketplace (2010)
DB Browser for SQLite
6 Percent of Apple Pay Transactions are Fraudulent (Mar., 2015)
Mobile Exploit Intelligence Project (from 2012)
Dropbox SDK for Android Leaks OAuth Nonce (Mar. 2015)
App Ops Starter - Remove Permissions from Apps
Mobile Top 10 2014-M10 - OWASP -- Lack of Binary Protections -- INCLUDE IN VULN REPORTS
Android Mind Reading: Memory Acquisition and Analysis with LiME and Volatility (from 2012)
How To Create a Full Android Phone or Tablet Backup Without Rooting or Unlocking Your Device
How To Create Online Nandroid Backup [Tutorial]
Android Forensic Capability and Evaluation of Extraction Tools (from 2012)
Popular Xiaomi Phone Could Put Data at Risk (Mar. 5, 2015)
Trustable by Bluebox - Android Apps on Google Play
Working with white-hats to make Mi phones more secure
Five of the best (and free) Android security apps (Dec., 2014)
Learn How to Hack an App Video Series from Arxan
SandDroid: An automatic Android application analysis system
AMAT - Android Malware Analysis Toolkit
Attacking Android Applications With Debuggers
Beginners Guide to Reverse Engineering Android Apps (from RSA 2014)
Analyzing Android Apps with Santoku Linux (from 2013)
Mobile security, forensics & malware analysis with Santoku Linux (from 2013)
Mobile Security | NowSecure (formerly ViaProtect)
HOWTO: Free mobile forensic extractions with viaExtract CE: viaTalks
HOWTO Brute Force Android Encryption on Santoku Linux
How to Bypass Password, PIN and Pattern lockscreen without wiping data in Android
Download « Santoku-Linux
How to reset Android Device Monitor view to default
Secure Element Evaluation Kit for the Android platform - the \'SmartCard API\'
Accessing the embedded secure element in Android 4.x
Apple Pay vs Google Wallet : The Secure Element (from 2014)
Understanding the Threat Profile of Mobile Apps (from 2013)
Android 4.2 \'Verify apps\' security feature explained by Google (from 2012)
Google: Android Security 2014 Year in Review
Dexter @ Bluebox Labs -- static android application analysis tool
Android Fake ID Vulnerability Lets Malware Impersonate Trusted Applications, Puts All Android Users Since January 2010 At Risk (from 2014)
Android Master Key Exploit - Uncovering Android Master Key That Makes 99% of Devices Vulnerable (from 2013)
Android Security Analysis Challenge: Tampering Dalvik Bytecode During Runtime - Bluebox Security -- USE FOR PROJECT
Apple iOS Hardware Assisted Screenlock Bruteforce
Windows Phone: 10% in Europe, 5% in US, 1% in China (Feb. 2015)
SecUpwN/Android-IMSI-Catcher-Detecto
1,500 iOS apps have HTTPS-crippling bug. Is one of them on your device? (April, 2015)

New Links

Inside Eurograbber: How SMS Was Used to Pilfer Millions (2012)
Google releases tool to test apps, devices for SSL/TLS weaknesses (from 2014)
Home Network SSL Checker - Android Apps
MITHYS -- detecting and mitigating SSL vulnerabilities on Android (PDF)
Apple users at risk of SSL man-in-the-middle attacks (2014)
Test antivirus software for Android - March 2015 | AV-TEST
Appthority saw consistent risky app behaviors across both platforms, iOS and Android
Kali Linux NetHunter for Nexus and OnePlus
Could Sexy Space be the Birth of the SMS Botnet? (2009) ty @irfan_asrar
Politically-motivated mobile malware used to sabotage womens\' rights campaign in the Middle East (2013)
Android Malware Set for July 4 Carries Political Message (2013)
Google Play Store has a Porn Problem, and it\'s Not Going Anywhere (from 2014) ty @irfan_asrar
Bitdefender\'s iOS privacy app yanked from the App Store (from 2012) ty @irfan_asrar
More fake antivirus programs found in Google Play, Windows Phone Store (2014) ty @irfan_asrar
Android Kitchen--make custom ROMs
Android botnet spread through drive-by downloads (2014) ty @irfan_asrar
xcode - Cleaning up the iPhone simulator
NowSecure App for Android devices
Alternative Distribution Options | Android Developers
88% of Android Apps make cryptography errors (2013)
Flawed Android Factory Reset Allows Recovery of Sensitive Data: Researchers -- ADD TO LECTURE
How Long Does it Take for your App to be Approved? Google: 2 hrs., Apple: 4-6 days (from 2014)
Blue Cross Blue Shield of North Carolina HIPPA and COPPA Violations -- Fixed in 2 days!
Fandango, Credit Karma Settle FTC Charges from SSL Certificate Validation Failures (from 2014) (ty Robert Butler)
Air New Zealand\'s OneSmart App is very clever!
Apache Cordova Vulnerability Allows One-Click Modification of Android Apps (May, 2015)
Arxan\'s page supporting the importance of binary protections
Two Thirds of Personal Banking Apps Found Full of Vulnerabilities (2014)
Making an SSL Auditing Proxy with a Mac and Burp
Certificate Pinning in a Mobile Application
Six Strategies for Protecting Your Mobile Games Against Hackers, Crackers
Installing Ubuntu on a Chromebook
Installing Ubuntu on the Acer Chromebook 11 (CB3-111-C670)
2015-07-05: Installing Chrubuntu on the Acer Chromebook C720P
2015-07-05: Installing Real Ubuntu on the Acer Chromebook C720P
Ch 1s: Xcode 7 allows anyone to download, build and ˜sideload\' iOS apps for free
AirWatch MDM Product with free trial
Android Studio doesn\'t start, fails saying components not installed - NEEDED FOR MAC
Most top 500 Android mobile apps have security and privacy risks (2014)
Bump keys and lock picks - Fast shipping world wide.
Someone at Subway is a serious security nerd
Download Android Casino Apps Direct To Your Mobile -- Unofficial source!
Hacking Team\'s evil Android app had code to bypass Google Play screening
Google\'s Photos App Keeps Saving Pictures After App Is Deleted
How a Stingray works, including how it cracks encryption
Installing Ubuntu on the Acer Chromebook 11 (CB3-111-C670)
Installing Chrubuntu on the Acer Chromebook C720P
Installing Real Ubuntu on the Acer Chromebook C720P
How to copy virtual devices downloaded by Genymotion to another machine?
Webkey (ROOT REQUIRED) - Replacement for ADB on Android phones
Why app developers should care about SSL pinning
Here\'s what Google thinks of Android security, 2011-present
ING bank has emulator detection and won\'t run in Genymotion
The DANE Protocol DNS-Based Authentication of Named Entities -- Like SSL Pinning!
New Cyber Hacks for Mobile Apps Discovered--\"Masque\" Attacks
iOS Application Security Testing Cheat Sheet - OWASP
iOS Application Security Part 35 - Auditing iOS applications with iDB
DVIA (Damn Vulnerable iOS App) - MANY GOOD PROJECTS HERE
APK Studio - IDE for Reverse Engineering Android APKs
Car parking mobile apps fail to validate TLS certs (Dec., 2015)
DEF CON 23 - Packet Capture Village - Sam Bowne - Is Your Android App Secure (video)
iP-BOX: Breaking Simple Pass Codes on iOS Devices
Demonstration of Facebook\'s Android App Certificate Pinning--Using a Trusted Proxy CA
LTE Security – How Good Is It? (NIST, 2015)
android - How to avoid reverse engineering of an APK file? - Stack Overflow
Summary to prevent APK decompiler tool, two packing etc._Android_Programering
Checkey: test signatures and detect malware for your installed Android apps
Apple can comply with the FBI court order -- VERY INTERESTING RE: SECURE ENCLAVE
Two Charts That Demonstrate One Of Android\'s Big Security Problems (Feb. 2016)
Remote Code Execution in the Baidu Browser for Android -- USEFUL MITMPROXY TIPS
HOW TO BUILD YOUR OWN ROGUE GSM BTS FOR FUN AND PROFIT
Re-using signatures on modified Android apps!
WWDC 2016: Apple ramps up privacy - now all iOS apps must encrypt web connections by year end
Proportion of Vulnerable Android Devices
This malware pretends to be WhatsApp, Uber and Google Play
iOS Security iOS 9.3 or later
Android N is going to make it difficult for security testers using interception proxy tools like Burp Suite/ZAP
How to Factory Reset a Chromebook (Even if It Won't Boot)
Fake Android Prisma Apps Containing Malware Downloaded over 1.5 Million Times from Google Play Store (Aug 3, 2016)
SQLmap POST request injection
obfuscation | Android Security
Protect Your Java Code - Through Obfuscators and Beyond
How to avoid certificate pinning in the latest versions of Android
Bytecode Viewer - Java & Android APK Reverse Engineering Suite/Tool
Kwetza: infecting android applications -- MAKE INTO PROJECT
Genymotion 2.0 Emulators with Google Play support
How To Download Incompatible Apps In Any Android
US government says it's now okay to jailbreak your tablet and smart TV (from 2015)
Reverse Engineering iOS Applications (from 2014)
DVIA (Damn Vulnerable iOS App) - A vulnerable iOS app for pentesting
iOSAppReverseEngineering � GitHub
Reveal - Runtime view debugging for iOS & tvOS apps & extensions
Inspecting iOS Applications with Reveal
Reverse-Engineering iOS Apps: Hacking on Lyft
Installation � theos/theos Wiki � GitHub
Apple File Conduit "2" � Cydia
iFunbox | the File and App Management Tool for iPhone, iPad & iPod Touch.
Ch 1t: How to Sideload iOS Apps onto iPhone & iPad from Xcode
Ch 1u: Android Fragmentation Report August 2015 - OpenSignal
Ch 1v: iOS Version Stats - David Smith
Ch 1w: Dashboards | Android Developers
Ch 2i: What Is Femtocell Technology in Cellular Networks?
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax. -- TRY FOR PROJECTS

          
Back to Top
Last Updated: 1-18-17 10:54 pm