SlideShare a Scribd company logo

Passwords on a Phone

Sam Bowne
Sam Bowne

A talk given at DEF CON 25 in the Packet Hacking Village by Sam Bowne on July 29, 2017. For more information see https://samsclass.info

1 of 46
Download to read offline
Passwords on a
Phone
DEF CON 25
Packet Hacking Village
July 29, 2017
Me
• Sam Bowne
• Twitter: @sambowne
• Instructor at City College San Francisco
• All materials freely available at samsclass.info
Persistent Login
•Users remain logged in even after shutting off
their phone
•How does the app remember who you are?
Target == GOOD
Target AU Android App
User Login

Recommended

Passwords On A Phone - Code Camp
Passwords On A Phone - Code CampPasswords On A Phone - Code Camp
Passwords On A Phone - Code CampSam Bowne
 
Passwords On A Phone - Code Camp
Passwords On A Phone - Code CampPasswords On A Phone - Code Camp
Passwords On A Phone - Code CampSam Bowne
 
A lightweight browser start page - 3x3 Links
A lightweight browser start page -  3x3 LinksA lightweight browser start page -  3x3 Links
A lightweight browser start page - 3x3 LinksFederico Elles
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the ApplicationSam Bowne
 
3. Attacking iOS Applications (Part 2)
 3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne
 

More Related Content

More from Sam Bowne

12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic CurvesSam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-HellmanSam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android ApplicationsSam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard ProblemsSam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis MethodologySam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream CiphersSam Bowne
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data CollectionSam Bowne
 
4. Block Ciphers
4. Block Ciphers 4. Block Ciphers
4. Block Ciphers Sam Bowne
 
6 Analyzing Android Applications (Part 2)
6 Analyzing Android Applications (Part 2)6 Analyzing Android Applications (Part 2)
6 Analyzing Android Applications (Part 2)Sam Bowne
 
4 Getting Started & 5 Leads
4 Getting Started & 5 Leads4 Getting Started & 5 Leads
4 Getting Started & 5 LeadsSam Bowne
 
3. Cryptographic Security
3. Cryptographic Security3. Cryptographic Security
3. Cryptographic SecuritySam Bowne
 
Bitcoin and Blockchains
Bitcoin and BlockchainsBitcoin and Blockchains
Bitcoin and BlockchainsSam Bowne
 

More from Sam Bowne (20)

12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
10 RSA
10 RSA10 RSA
10 RSA
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
 
4. Block Ciphers
4. Block Ciphers 4. Block Ciphers
4. Block Ciphers
 
6 Analyzing Android Applications (Part 2)
6 Analyzing Android Applications (Part 2)6 Analyzing Android Applications (Part 2)
6 Analyzing Android Applications (Part 2)
 
4 Getting Started & 5 Leads
4 Getting Started & 5 Leads4 Getting Started & 5 Leads
4 Getting Started & 5 Leads
 
3. Cryptographic Security
3. Cryptographic Security3. Cryptographic Security
3. Cryptographic Security
 
Bitcoin and Blockchains
Bitcoin and BlockchainsBitcoin and Blockchains
Bitcoin and Blockchains
 

Recently uploaded

Mycology Update February 2024 Microbes with Morgan
Mycology Update February 2024 Microbes with MorganMycology Update February 2024 Microbes with Morgan
Mycology Update February 2024 Microbes with MorganMargie Morgan
 
How To Create Record Rules in the Odoo 17
How To Create Record Rules in the Odoo 17How To Create Record Rules in the Odoo 17
How To Create Record Rules in the Odoo 17Celine George
 
Relational_Algebra_Calculus Operations.pdf
Relational_Algebra_Calculus Operations.pdfRelational_Algebra_Calculus Operations.pdf
Relational_Algebra_Calculus Operations.pdfChristalin Nelson
 
Enhancing MRD Testing in Hematologic Malignancies: When Negativity is a Posit...
Enhancing MRD Testing in Hematologic Malignancies: When Negativity is a Posit...Enhancing MRD Testing in Hematologic Malignancies: When Negativity is a Posit...
Enhancing MRD Testing in Hematologic Malignancies: When Negativity is a Posit...i3 Health
 
Understanding Canada's international higher education landscape (2024)
Understanding Canada's international higher education landscape (2024)Understanding Canada's international higher education landscape (2024)
Understanding Canada's international higher education landscape (2024)CaraSkikne1
 
Add Products From Catalog in Odoo 17 Sales
Add Products From Catalog in Odoo 17 SalesAdd Products From Catalog in Odoo 17 Sales
Add Products From Catalog in Odoo 17 SalesCeline George
 
Genetics, Heredity, Variation, history, its roles, Scope, Importance, and Bra...
Genetics, Heredity, Variation, history, its roles, Scope, Importance, and Bra...Genetics, Heredity, Variation, history, its roles, Scope, Importance, and Bra...
Genetics, Heredity, Variation, history, its roles, Scope, Importance, and Bra...AKSHAYMAGAR17
 
EVALUATION POWERPOINT - STRANGER THINGS.pptx
EVALUATION POWERPOINT - STRANGER THINGS.pptxEVALUATION POWERPOINT - STRANGER THINGS.pptx
EVALUATION POWERPOINT - STRANGER THINGS.pptxiammrhaywood
 
Decision on Curriculum Change Path: Towards Standards-Based Curriculum in Ghana
Decision on Curriculum Change Path: Towards Standards-Based Curriculum in GhanaDecision on Curriculum Change Path: Towards Standards-Based Curriculum in Ghana
Decision on Curriculum Change Path: Towards Standards-Based Curriculum in GhanaPrince Armah, PhD
 
Learner Digital Skills Toolkit DRAFT.docx
Learner Digital Skills Toolkit DRAFT.docxLearner Digital Skills Toolkit DRAFT.docx
Learner Digital Skills Toolkit DRAFT.docxGeorgeMilliken2
 
Persuasive Speaking and Organizational Patterns
Persuasive Speaking and Organizational PatternsPersuasive Speaking and Organizational Patterns
Persuasive Speaking and Organizational PatternsCorinne Weisgerber
 
Permeation enhancer of Transdermal drug delivery system
Permeation enhancer of Transdermal drug delivery systemPermeation enhancer of Transdermal drug delivery system
Permeation enhancer of Transdermal drug delivery systemchetanpatil2572000
 
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdfDr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdfDr.Florence Dayana
 
2024-02-24_Session 1 - PMLE_UPDATED.pptx
2024-02-24_Session 1 - PMLE_UPDATED.pptx2024-02-24_Session 1 - PMLE_UPDATED.pptx
2024-02-24_Session 1 - PMLE_UPDATED.pptxgdgsurrey
 
Mycobacteriology update 2024 Margie Morgan.ppt
Mycobacteriology update 2024 Margie Morgan.pptMycobacteriology update 2024 Margie Morgan.ppt
Mycobacteriology update 2024 Margie Morgan.pptMargie Morgan
 
Discussing the new Competence Framework for project managers in the built env...
Discussing the new Competence Framework for project managers in the built env...Discussing the new Competence Framework for project managers in the built env...
Discussing the new Competence Framework for project managers in the built env...Association for Project Management
 
Successful projects and failed programmes – the cost of not designing the who...
Successful projects and failed programmes – the cost of not designing the who...Successful projects and failed programmes – the cost of not designing the who...
Successful projects and failed programmes – the cost of not designing the who...Association for Project Management
 
EmpTech Lesson 7 - Online Creation Tools, Platforms, and Applications for ICT...
EmpTech Lesson 7 - Online Creation Tools, Platforms, and Applications for ICT...EmpTech Lesson 7 - Online Creation Tools, Platforms, and Applications for ICT...
EmpTech Lesson 7 - Online Creation Tools, Platforms, and Applications for ICT...liera silvan
 
Dr.M.Florence Dayana-Cloud Computing-unit - 4.pdf
Dr.M.Florence Dayana-Cloud Computing-unit - 4.pdfDr.M.Florence Dayana-Cloud Computing-unit - 4.pdf
Dr.M.Florence Dayana-Cloud Computing-unit - 4.pdfDr.Florence Dayana
 

Recently uploaded (20)

Mycology Update February 2024 Microbes with Morgan
Mycology Update February 2024 Microbes with MorganMycology Update February 2024 Microbes with Morgan
Mycology Update February 2024 Microbes with Morgan
 
How To Create Record Rules in the Odoo 17
How To Create Record Rules in the Odoo 17How To Create Record Rules in the Odoo 17
How To Create Record Rules in the Odoo 17
 
Relational_Algebra_Calculus Operations.pdf
Relational_Algebra_Calculus Operations.pdfRelational_Algebra_Calculus Operations.pdf
Relational_Algebra_Calculus Operations.pdf
 
Enhancing MRD Testing in Hematologic Malignancies: When Negativity is a Posit...
Enhancing MRD Testing in Hematologic Malignancies: When Negativity is a Posit...Enhancing MRD Testing in Hematologic Malignancies: When Negativity is a Posit...
Enhancing MRD Testing in Hematologic Malignancies: When Negativity is a Posit...
 
Understanding Canada's international higher education landscape (2024)
Understanding Canada's international higher education landscape (2024)Understanding Canada's international higher education landscape (2024)
Understanding Canada's international higher education landscape (2024)
 
Advance Mobile Application Development class 04
Advance Mobile Application Development class 04Advance Mobile Application Development class 04
Advance Mobile Application Development class 04
 
Add Products From Catalog in Odoo 17 Sales
Add Products From Catalog in Odoo 17 SalesAdd Products From Catalog in Odoo 17 Sales
Add Products From Catalog in Odoo 17 Sales
 
Genetics, Heredity, Variation, history, its roles, Scope, Importance, and Bra...
Genetics, Heredity, Variation, history, its roles, Scope, Importance, and Bra...Genetics, Heredity, Variation, history, its roles, Scope, Importance, and Bra...
Genetics, Heredity, Variation, history, its roles, Scope, Importance, and Bra...
 
EVALUATION POWERPOINT - STRANGER THINGS.pptx
EVALUATION POWERPOINT - STRANGER THINGS.pptxEVALUATION POWERPOINT - STRANGER THINGS.pptx
EVALUATION POWERPOINT - STRANGER THINGS.pptx
 
Decision on Curriculum Change Path: Towards Standards-Based Curriculum in Ghana
Decision on Curriculum Change Path: Towards Standards-Based Curriculum in GhanaDecision on Curriculum Change Path: Towards Standards-Based Curriculum in Ghana
Decision on Curriculum Change Path: Towards Standards-Based Curriculum in Ghana
 
Learner Digital Skills Toolkit DRAFT.docx
Learner Digital Skills Toolkit DRAFT.docxLearner Digital Skills Toolkit DRAFT.docx
Learner Digital Skills Toolkit DRAFT.docx
 
Persuasive Speaking and Organizational Patterns
Persuasive Speaking and Organizational PatternsPersuasive Speaking and Organizational Patterns
Persuasive Speaking and Organizational Patterns
 
Permeation enhancer of Transdermal drug delivery system
Permeation enhancer of Transdermal drug delivery systemPermeation enhancer of Transdermal drug delivery system
Permeation enhancer of Transdermal drug delivery system
 
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdfDr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
 
2024-02-24_Session 1 - PMLE_UPDATED.pptx
2024-02-24_Session 1 - PMLE_UPDATED.pptx2024-02-24_Session 1 - PMLE_UPDATED.pptx
2024-02-24_Session 1 - PMLE_UPDATED.pptx
 
Mycobacteriology update 2024 Margie Morgan.ppt
Mycobacteriology update 2024 Margie Morgan.pptMycobacteriology update 2024 Margie Morgan.ppt
Mycobacteriology update 2024 Margie Morgan.ppt
 
Discussing the new Competence Framework for project managers in the built env...
Discussing the new Competence Framework for project managers in the built env...Discussing the new Competence Framework for project managers in the built env...
Discussing the new Competence Framework for project managers in the built env...
 
Successful projects and failed programmes – the cost of not designing the who...
Successful projects and failed programmes – the cost of not designing the who...Successful projects and failed programmes – the cost of not designing the who...
Successful projects and failed programmes – the cost of not designing the who...
 
EmpTech Lesson 7 - Online Creation Tools, Platforms, and Applications for ICT...
EmpTech Lesson 7 - Online Creation Tools, Platforms, and Applications for ICT...EmpTech Lesson 7 - Online Creation Tools, Platforms, and Applications for ICT...
EmpTech Lesson 7 - Online Creation Tools, Platforms, and Applications for ICT...
 
Dr.M.Florence Dayana-Cloud Computing-unit - 4.pdf
Dr.M.Florence Dayana-Cloud Computing-unit - 4.pdfDr.M.Florence Dayana-Cloud Computing-unit - 4.pdf
Dr.M.Florence Dayana-Cloud Computing-unit - 4.pdf
 

Passwords on a Phone