Alexey Troshichev - Strike to the infrastructure a story about analyzing thousands mobile apps
Report
DefconRussiaFollow
Nov. 19, 2013•0 likes•1,217 views
Alexey Troshichev - Strike to the infrastructure a story about analyzing thousands mobile apps
Nov. 19, 2013•0 likes•1,217 views
Download to read offline
Report
Technology
Business
DefconRussiaFollow
Recommended
Owasp for testing_mobile_apps_opdPawel Rzepa
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...Mauricio Velazco
Feeding the Virtual Patch PipelineDevOps.com
Threat Hunting with SplunkSplunk
Purple is the New Black: Modern Approaches for Application SecurityTanya Janca
More Related Content
What's hot
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"Dakiry
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
Red Team vs. Blue Team on AWSPriyanka Aash
Threat Intelligence Field of DreamsGreg Foss
Opencart security testing vikram vashisth
Security War GamesSeniorStoryteller
Similar to Alexey Troshichev - Strike to the infrastructure a story about analyzing thousands mobile apps
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...Jakub "Kuba" Sendor
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
Login cat tekmonks - v3TEKMONKS
Owasp Mobile Top 10 - M7 & M85h1vang
Login cat tekmonks - v5 (mini)Rohit Kapoor
LoginCat - Mini PresentationRohit Kapoor
Similar to Alexey Troshichev - Strike to the infrastructure a story about analyzing thousands mobile apps(20)
More from DefconRussia
![[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...](https://cdn.slidesharecdn.com/ss_thumbnails/preza-170328124723-thumbnail.jpg?width=384&height=256&fit=bounds)
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...DefconRussia
![[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...](https://cdn.slidesharecdn.com/ss_thumbnails/intelbgpart2-170328124242-thumbnail.jpg?width=384&height=256&fit=bounds)
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...DefconRussia
![[Defcon Russia #29] Алексей Тюрин - Spring autobinding](https://cdn.slidesharecdn.com/ss_thumbnails/springautobinding-170328123002-thumbnail.jpg?width=384&height=256&fit=bounds)
[Defcon Russia #29] Алексей Тюрин - Spring autobindingDefconRussia
![[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux](https://cdn.slidesharecdn.com/ss_thumbnails/revealingrootkitsv5-170328122611-thumbnail.jpg?width=384&height=256&fit=bounds)
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/LinuxDefconRussia
Георгий Зайцев - Reversing golangDefconRussia
![[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC](https://cdn.slidesharecdn.com/ss_thumbnails/presentationdefconrussia-160406215741-thumbnail.jpg?width=384&height=256&fit=bounds)
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC DefconRussia
![[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...](https://cdn.slidesharecdn.com/ss_thumbnails/preza-170328124723-thumbnail.jpg?width=1600&height=908&fit=bounds)
![[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...](https://cdn.slidesharecdn.com/ss_thumbnails/intelbgpart2-170328124242-thumbnail.jpg?width=1600&height=908&fit=bounds)
![[Defcon Russia #29] Алексей Тюрин - Spring autobinding](https://cdn.slidesharecdn.com/ss_thumbnails/springautobinding-170328123002-thumbnail.jpg?width=1600&height=908&fit=bounds)
![[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux](https://cdn.slidesharecdn.com/ss_thumbnails/revealingrootkitsv5-170328122611-thumbnail.jpg?width=1600&height=908&fit=bounds)
![[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC](https://cdn.slidesharecdn.com/ss_thumbnails/presentationdefconrussia-160406215741-thumbnail.jpg?width=1600&height=908&fit=bounds)
Recently uploaded
Empowering City ClerksOnBoard
How is AI changing journalism? Strategic considerations for publishers and ne...Damian Radcliffe
Knowledge Graphs and Generative AI_GraphSummit Minneapolis Sept 20.pptxNeo4j
How resolve Gem dependencies in your code?Hiroshi SHIBATA
Product Research Presentation-Maidy Veloso.pptxMaidyVeloso
Privacy in the era of quantum computersSpeck&Tech
Alexey Troshichev - Strike to the infrastructure a story about analyzing thousands mobile apps
- 1. Avalanche Disclosure Story about static analysis of 15k mobile Apps
- 2. Who am I? • Work hard on defense • Have fun in offensive • Break things Alexey Troshichev @pl0lq pl0lq@hackapp.com #ZeroNights2013 hackapp.com 2
- 3. What’s wrong with an App ? Insecure transfer Injections Insecure storage Architecture flaws Mobile OWASP for bla-bla-bla … #ZeroNights2013 hackapp.com 3
- 5. On-device analysis ? Unlock Device Remove DRM Setup research environment Dynamic analysis Time & Brains #ZeroNights2013 hackapp.com 5
- 6. App is dangerous for user, but what’s about vendor ? Why should we waste time attacking one user, when we can just break into backend to get them all ? Why always just binary file? #ZeroNights2013 hackapp.com 6
- 7. What App can tell us? Testing environment disclosure Third party services authentication data Built-in accounts Something you can’t even imagine =) #ZeroNights2013 hackapp.com 7
- 8. Why it’s interesting? Installation is not important Finally, we are just searching strings… …and it could be automated =) #ZeroNights2013 hackapp.com 8
- 9. Let’s build a Grinder ! #ZeroNights2013 hackapp.com 9
- 10. AWK, STRINGS, GREP ? Not suitable for binary containers Too many garbage #ZeroNights2013 hackapp.com 10
- 13. Steps Containers recursive traversal “Unusual” files search Selective GREP Structure validation #ZeroNights2013 hackapp.com 13
- 14. Let’s take ~15k iOS Apps from iTunes Finance section… …I like Finance #ZeroNights2013 hackapp.com 14
- 15. What’s inside ? 224061 files of 1396 types #ZeroNights2013 hackapp.com 15
- 16. Low hanging fruits 94452 files = 42% of whole #ZeroNights2013 hackapp.com 16
- 21. Access to user data AWS-secret:eyH0aw7IW7wdL8z2eSyK/A8q7rIF7uEMVpvQkbwC You “publish” your contacts and photos by installing the app… =( #ZeroNights2013 hackapp.com 21
- 22. Not identified • • • • • • • • • • • • • • RSA private key:MIICeQIBADANBgkqhkiG9w6xmHVejkTokPs68ow== secret:164AC36F64FCC2D5 secret:33728B17A93A4A92 secret:4711429DAE3C6F7C secret:62ebd594bc903feeea5ee459715e08fa secret:6508E621E259AC4A secret:697E46CE13AA557B secret:76a863da0821f58ecb13e31cb761c573 secret:a7df64e1d5a33a93c12b06fa0f8c6f47 secret_android:2859389F73072C90 secret_android:3D05E67E03216A9B secret_android:66549A9BB401AF56 secret_android:678649CED531B8E8 secret_android:745A209380630940 (and more, and more, and more…) #ZeroNights2013 hackapp.com 22
- 23. 4% Apps released with hardcoded credentials #ZeroNights2013 hackapp.com 23
- 24. DEV Environment svn://mokah.siab01.com/ https://test.freerange360.com/ http://test.mmf.berlingskemedia.net http://test.informatel.com http://test.improveagency.com http://test.appswiz.com https://test.freerange360. https://dev.magtab.com:8888 http://dev.touchpublisher.com http://dev.pressrun.com/ http://dev.openstreetmap.de/ http://dev.aleph-labs.com (and more, and more… ) #ZeroNights2013 hackapp.com 24
- 26. Shocking configs SMS gateway OpenVpn config #ZeroNights2013 hackapp.com 26
- 28. Developers Certificates P12 containers, most are encrypted, but.. #ZeroNights2013 hackapp.com 28
- 29. HAVE NO TIME TO EXPLAIN #ZeroNights2013 hackapp.com 29
- 30. Is there an App for that? http://hackapp.com/ #ZeroNights2013 hackapp.com 30