CNIT 128: Hacking Mobile DevicesSpring 2024 Sam Bowne
Schedule · Slides · Projects · Links · Grading |
|
Catalog DescriptionMobile devices such as smartphones and tablets are now used for making purchases, emails, social networking, and many other risky activities. These devices run specialized operating systems have many security problems. This class will cover how mobile operating systems and apps work, how to find and exploit vulnerabilities in them, and how to defend them. Topics will include phone call, voicemail, and SMS intrusion, jailbreaking, rooting, NFC attacks, malware, browser exploitation, and application vulnerabilities. Hands-on projects will include as many of these activities as are practical and legal.Advisory: CNIT 113 and 123, or equivalent familiarity with hacking computers and operating mobile devices Upon successful completion of this course, the student will be able to:
Textbook"The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell, Wiley; 1 edition (February 24, 2015), ISBN-10: 1118958500 ISBN-13: 978-1118958506QuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. Discussion BoardEach CCSF student must contribute to the Discussion Board in Canvas. There are dates listed in the schedule with Discussion assignment due. For class-related questions, please emailcnit.128sam@gmail.com |
Schedule (may be revised) | ||||
---|---|---|---|---|
Date | Quiz & Proj | Topic | ||
Wed 1-17 | The Worst Mobile Apps Demos: M 140 and M 141
| |||
Wed 1-24 | Quiz Ch 1 & Ch 6a due * (M 140 & M141) or (M 101 & M103) or (M 104 & M 106) due * |
1. Mobile Application (In)security & 6. Analyzing Android Applications (Part 1) Demo: M 105
| ||
Wed 1-31 | Quiz Ch 6b M 105 due Discussion 1 |
6. Analyzing Android Applications (Part 2) Demo: M 107 and M 111
| ||
Wed 2-7 | Quiz Ch 6c M 107 & M 111 due Discussion 2 |
6. Analyzing Android Applications (Part 3) Demo: M 200 and M 207
| ||
Wed 2-14 | Quiz Ch 7a M 200 (or M 201 or M 203) due Discussion 3 |
7. Attacking Android Applications (Part 1)
| ||
Wed 2-21 | Quiz Ch 7b M 207 due Discussion 4 |
7. Attacking Android Applications (Part 2)
| ||
Wed 2-28 | Quiz Ch 7c M 302 due Discussion 5 |
7. Attacking Android Applications (Part 3) Demo: M 511 and M 401
| ||
Wed 3-6 | Quiz Ch 8a M 401 due Discussion 6 |
8. Android Implementation Issues (Part 1) Demos: M 304 and M 402 and M 503
| ||
Wed 3-13 | Quiz Ch 8b M 511 due Discussion 7 |
8. Android Implementation Issues (Part 2) Demos: M 305 and M 412
| ||
Wed 3-20 | Quiz Ch 8c M 402 due Discussion 8 |
8. Android Implementation Issues (Part 3) Demo: M 513
| ||
Wed 3-27 | Quiz Ch 9 M 503 due Discussion 9 |
9. Writing Secure Android Applications
| ||
Wed 4-3 | Quiz Ch 2a M 412 due Discussion 10 |
2. Analyzing iOS Applications (Part 1)
| ||
Wed 4-10 | Holiday -- No Class | |||
Wed 4-17 | Risks for ML, AI, and Copilot
KEY ·
PDF Demos: M 414 and M 521
| |||
Wed 4-24 | Quiz Ch 2b M 513 due Discussion 11 |
2. Analyzing iOS Applications (Part 2) Demo: M 410
| ||
Wed 5-1 | Quiz Ch 3a (extra credit) M 521 due |
3. Attacking iOS Applications (Part 1) Demo: M 512
| ||
Wed 5-8 | Quiz Ch 3b (extra credit) All Extra Credit Projects Due |
Last class: 3. Attacking iOS Applications (Part 2)
| ||
Wed 5-15 through Wed 5-22 | Final Exam available online throughout the week. You can only take it once. | |||
All quizzes due 30 min. before class * No late penalty until 2-14 |
SlidesMotivationThe Worst Mobile Apps (DEF CON 28, 2020) · KeynoteIntroduction1. Mobile Application (In)security · PDF · KeynoteAndroid
iOS
|