These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
Miasm is a reverse engineering framework created in 2006 and first published in 2011 (GPL). Since then, it has been continuously improved through a daily use. The framework is made of several parts, including an assembler/disassembler for several architectures (x86, aarch64, arm, etc.), an human readable intermediate language describing their instructions' semantic, or sandboxing capabilities of Windows/Linux environment. On top of these foundations, higher level analysis are provided to address more complex tasks, such as variable backtracking and dynamic symbolic execution.
In this talk, we will introduce some of these features. The journey will start with the basics of the framework, go through symbolic emulation and function divination (Sibyl), and end with various components useful for malware analysis.
We will also talk about some of the new features which will be released for Black Hat. For example, the freshly implemented SSA transformation will be illustrated by applications in code simplification. Then, we will demonstrate how this feature, jointly with new operators description, enables more accurate code analyses. Finally, we will highlight what a better environment simulations and a wider support of recent instructions provides.
Miasm being a practical tool, each topic will be covered with real life use-cases.
Embedded Android System Development - Part II talks about Hardware Abstraction Layer (HAL). HAL is an interfacing layer through which Android service can place a request to device. Uses functions provided by Linux system to service the request from android framework. A C/C++ layer with purely vendor specific implementation. Packaged into modules (.so) file & loaded by Android system at appropriate time
Brief introduction of android telephony framework, detailed analyze of RIL (radio interface layer), and some examples for doing telephony thing in a low layer
In order to understand HAL layers of Android Framework, having Linux device driver knowledge is important. Hence Day-2 of the workshop focuses on the same.
Android Things is the latest attempt from Google to connect the dots between the cloud and devices by introducing an OS that is exclusively built for IoT devices. Initially announced as project Brillo, Android Things helps developers to build devices faster and enable them integrate with cloud services. This presentation traces the architectural aspects of Android Things by connecting it back with Embedded Linux, Embedded Android and Brillo.
This slide briefs about various tools & techniques used to extract unprotected data from iOS apps. You can extract resource files, database files, get data in runtime using various methods. In my next slides I will brief about the ways to secure your iOS apps.
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
Miasm is a reverse engineering framework created in 2006 and first published in 2011 (GPL). Since then, it has been continuously improved through a daily use. The framework is made of several parts, including an assembler/disassembler for several architectures (x86, aarch64, arm, etc.), an human readable intermediate language describing their instructions' semantic, or sandboxing capabilities of Windows/Linux environment. On top of these foundations, higher level analysis are provided to address more complex tasks, such as variable backtracking and dynamic symbolic execution.
In this talk, we will introduce some of these features. The journey will start with the basics of the framework, go through symbolic emulation and function divination (Sibyl), and end with various components useful for malware analysis.
We will also talk about some of the new features which will be released for Black Hat. For example, the freshly implemented SSA transformation will be illustrated by applications in code simplification. Then, we will demonstrate how this feature, jointly with new operators description, enables more accurate code analyses. Finally, we will highlight what a better environment simulations and a wider support of recent instructions provides.
Miasm being a practical tool, each topic will be covered with real life use-cases.
Embedded Android System Development - Part II talks about Hardware Abstraction Layer (HAL). HAL is an interfacing layer through which Android service can place a request to device. Uses functions provided by Linux system to service the request from android framework. A C/C++ layer with purely vendor specific implementation. Packaged into modules (.so) file & loaded by Android system at appropriate time
Brief introduction of android telephony framework, detailed analyze of RIL (radio interface layer), and some examples for doing telephony thing in a low layer
In order to understand HAL layers of Android Framework, having Linux device driver knowledge is important. Hence Day-2 of the workshop focuses on the same.
Android Things is the latest attempt from Google to connect the dots between the cloud and devices by introducing an OS that is exclusively built for IoT devices. Initially announced as project Brillo, Android Things helps developers to build devices faster and enable them integrate with cloud services. This presentation traces the architectural aspects of Android Things by connecting it back with Embedded Linux, Embedded Android and Brillo.
This slide briefs about various tools & techniques used to extract unprotected data from iOS apps. You can extract resource files, database files, get data in runtime using various methods. In my next slides I will brief about the ways to secure your iOS apps.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
Few tips for iOS application development from security perspective.
Google docs presentation: https://docs.google.com/presentation/d/1eLQ40YCReg_pXp2as9FrbTgkNfOjOoPxDYUbFNyrT-M/pub?start=false&loop=false&delayms=3000
Pentesting iOS Apps - Runtime Analysis and ManipulationAndreas Kurtz
Apple iOS Apps are primarily developed in Objective-C, an object-oriented extension and strict superset of the C programming language. Objective-C supports the concepts of reflection, also known as introspection. This describes the ability to examine and modify the structure and behavior (specifically the values, meta-data, properties and functions) of an object at runtime.
This talk discusses the background, techniques, problems and solutions to Objective-C runtime analysis and manipulation. It will be discussed how running applications can be extended with additional debugging and runtime tracing capabilities, and how this can be used to modify instance variables and to execute or replace arbitrary object methods of an App.
Moreover, a new framework to assist dynamic analysis and security assessments of iOS Apps will be introduced and demonstrated.
Remote Exploitation of the Dropbox SDK for AndroidIBM Security
The IBM X-Force Application Security Research Team has discovered a vulnerability in the Dropbox SDK for Android (CVE-2014-8889) which allows attackers to connect applications on mobile devices to a Dropbox account controlled by the attacker without the victim's knowledge or authorization. This is a serious flaw in the authentication mechanism within any Android app using a Dropbox SDK Version 1.5.4 through 1.6.1
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
Pentesting iPhone Applications - It mainly focuses on the techniques and the tools that will help security testers while assessing the security of iPhone applications.
Fore more info visit - http://www.securitylearn.net
Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.
How iOS and Android Handle Security WebinarDenim Group
This webinar takes a technical look at mobile security in iOS and Android and how each of the platforms handle security differently. During the webinar, Dan will cover numerous mobile security topics including mobile secure development, defeating platform environment restrictions and their respective permission models and how to protect network communications.
The 60-minute webinar will provide actionable information to help build a more secure mobile application development program with time for questions.
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
Samsung’s first Tizen-based devices are set to launch in the middle of 2015. This paper presents the research outcome on the security analysis of Tizen OS and it’s underlying security architecture. The paper begins with a quick introduction to Tizen architecture and explains the various components of Tizen OS. This will be followed by Tizen’s security model where application sandboxing and resource access control will be explained. Moving on, an overview of Tizen’s Content Security Framework which acts as an in-built malware detection API will be covered.
Various vulnerabilities in Tizen will be discussed including issues like Tizen WebKit2 address spoofing and content injection, Tizen WebKit CSP bypass and issues in Tizen’s memory protection (ASLR and DEP).
Hacking and Securing iOS Applications by Satish BomissttyClubHack
iOS applications share common set of classes and highly depends on the operating system solutions for data communication, storage and encryption. Solely depending on the Apple implementation made them less complex but it affects security of the applications. Though iOS comes with a great set of security features like code signing, ASLR, DEP, sand boxing and Data Protection, all of them are subject to attack. Relying only on the iOS security could lead to demise the sensitive data stored within the application when the iOS is compromised. Application security can be improved by understanding the weaknesses in the current implementation and incorporating own code that work better.
The presentation illustrates several types of iOS application attacks like run time manipulation, custom code injection, SSL session hijacking and forensic data leakage. It gives an insight into the iOS Keychain & data protection API and explains the techniques to circumvent it. The presentation will provide guidelines and suggests best practices for secure iOS application development.
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
Dominic Chell presents "Breaking Secure Mobile Applications" at Hack In The Box 2014.
This presentation details common vulnerabilities that can be found in supposedly secure applications, including BYOD and MDM apps. It also provides an overview of the binary protections that can be implemented to complicate these types of attacks.
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
2. Hello Digitalsec2016!
About me
• Prem Kumar @iAmPr3m
• Senior security consultant at Mercedes Benz Research & Development India.
• Web/Mobile/Network pentesting guy.
• Previously presented and trained at DISC, Null Community and other security
conferences.
• Bug Hunter (Synack & Hackerone)
• Acknowledged and rewarded by various organizations including Facebook,
Apple, Yahoo, Vimeo, Nokia, EBay, Mediafire, Barracuda Labs, Telekom and
many more for finding security vulnerabilities in their applications.
• Personally a huge iOS fan.
3. Rough Agenda
We will digress!
Why Mobile Security?
What is iOS?
Understanding iOS Architecture/Sandboxing.
iOS Application Structure.
Types of iOS Applications? How are they distributed?
Types of iOS Pen tests
What is Jailbreak? Why Jailbreak? Perquisites !
Setting up basic iOS pen test platform.
iOS Transport Layer Protection
iOS Insecure Local Storage
iOS Side Channel Data Leakage
iOS Client Side Injections
Runtime Analysis?
Real life Demos.
How To Start on iOS Pentesting?
4. Introduction
• The growth of mobile device usage
in both personal and professional
environments continues to grow
• The number of mobile-connected devices grew 2.5 times to more
than 36 million (2012)
• Mobile devices have become a staple computing device used in
our lives today.
• The massive increased use in mobile devices also brings a
corresponding growth in mobile applications
• Developers looking to capitalize on this potential.
• Research anticipates that mobile app downloads by 2017 would
be a more than 253,914 million.
6. What is iOS?
iPhone Operating System.
An mobile operating system developed by Apple Inc. and distributed
exclusively for Apple hardware.
iOS is derived from OSX, with which it shares the Darwin foundation,
and is therefore a UNIX operating system.
Its an operating system that powers iPhone, iPad, iPod and Apple TV.
Apple designed the iOS platform with security at its core.
8. iOS App Sandboxing
Source: http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf
All the applications running are signed by Apple
Developer submits application, apple verifies it and signs the application.
Applications are isolated by sandboxing
One application can not access the data of the other applications
Reading other application directory is not possible
All applications run under user mobile
All system process run under user root
9. iOS Application Structure
Source: http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf
iOS Applications:
– In Development with Apple SDK XCode:
• Distributed as XCode Project Folders
– Compiled and deployed through the app store:
• Compiled as ARM.
• Distributed as ‘.ipa’ files.
• Zip files containing app resources & ARM
executable.
Deployed as ‘.app’ directories
Executable code is:
– Encrypted with FairPlay DRM (AES)
– Signed with Apple’s signature
10. Types of iOS Applications
Web
Applications
HTML + CSS +
JavaScript
Run inside
Safari/Webkit
Native
Applications
Written in Objective-C
(+ C/C++)
Compiled into ARM
for actual devices, x86
for iOS Simulator
Hybrid
Applications
Combination of
Web
and
Native
applications
11. iPhone Application Distribution
Ad-Hoc Distribution
• Ad-Hoc releases have
to be provisioned to
specific devices.
• Limited
to 100 devices per
membership year.
• Your application does
not need to be
submitted for review
by Apple.
• Can be installed
over-the-air from a
web server, or via
iTunes.
• Provides restriction
on specific devices.
In-House Distribution
• In-House is for
distribution to any
company device.
•There are NO limits to
the amount of devices
onto which you can
deploy an application
•Your application does
not need to be
submitted for review
by Apple.
• It is important to
note that Apple
makes it very clear
that In-House
applications are for
internal use only.
Over The Air
Distribution
• Requires In-House
provision profile.
• Takes 1 minute
instead of 2 weeks.
• Upload the .ipa,
wherever you want.
• Example: Click
App Store Distribution
• Must be part of
either an individual or
organizational Apple
Developer Program.
• iTunes Connect, and
therefore publish your
app to the App Store
• Two to Three weeks
for approval.
12. How Do We Pentest iOS Apps?
Whitebox Testing:
• Full information.
• Source code
provided.
Focus:
Attack the network
communication.
Server component.
Client component.
Blackbox Testing :
• No code or
information
provided.
• Working only with
downloadable app
14. Reminders
Personal or Identifying Information (PII) for a mobile app can be different that
what you expect. Look for:
Usernames Passwords UDID
Geolocation Address / Zip DOB
Device Name
Network Connection
Name
Application Data
Updates to Social
Media
Chat logs Cookies
15. Other Key Areas To Focus During
a Pentesting :
Network
communication
Privacy Issues
Reverse
Engineering
URL Schema
Runtime Analysis
16. What is Jailbreak?
The name refers to breaking the device out of its own ‘JAIL’
iOS jail breaking is the process of removing limitations on iOS.
Allows installation of apps, which are not present in the AppStore.
Three types of jailbreaks i.e. Tethered, Un-Tethered and Semi-Tethered.
Why Jailbreak?
Say hello to ‘Cydia’.
Able to download additional applications, extensions, tweaks, tools etc.
that are unavailable through the official Apple App Store.
Jailbreaking permits root access to the iOS file system
SSH !
20. SSH Into iPhone
• Install Open SSH from Cydia
• On workstation install SSH Client
• iPhone has two users by default
- Root and Mobile (Default password is ‘alpine’)
• Connect to the phone as a root user via SSH
SSH over WIFI
> ssh root@iPhoneIP
> password: alpine
SSH over USB
> ./itunnel_mux --lport 1234
> ssh –p 1234 root@127.0.0.1
> password: alpine
NOTE: Change you default SSH password.
>_
SSH
21. Analyzing iOS Application:
Dynamic
Analysis
• Executing an application either on the device/simulator/emulator and
interacting with the remote services with which the application communicate.
• Similar to testing Web application.
• Test the application traffic using interception proxy and try to execute all the
test cases that you generally use for web application
Static
Analysis
• Plist Files SQLite3 Databases
• Keychain Temp Files
• Side Channel Data Leakage Logging
• File Caching Keyboard Caching
• Snapshot Caching
Runtime
Analysis
• Runtime analysis allows an attacker to manipulate the application’s behaviour
at runtime to bypass the security locks and access the sensitive information
from memory.
• Runtime analysis is a huge topic, Hence the very basics and some intermediate
topics will be covered in this talk.
22. Dynamic Analysis:
Clear text transmission
(HTTP)
• It’s 2016 and we still
find apps running on
‘HTTP’.
• More possible MITM
attacks because of
WIFI. E.g. Fire-sheep.
• Requires proxy setup
to intercept traffic.
Encrypted transmission
(HTTPS)
• HTTPS is required for
sensitive data
transmission.
• In SSL communication,
Apps may fail to
validate SSL cert,
which will not allow
MITM.
• To capture the traffic,
load your proxy (burp)
CA Cert to iPhone.
Use of Custom or
Proprietary protocols
• Identify the
communication
protocol.
• On SSH Terminal:
tcpdump -w *pcap
• Load the .pcap in
Wireshark and analyze.
• May not respect
iPhone proxy settings.
25. Dynamic Analysis:
Analyze error
messages
Analyze
cacheable
information
Transport layer
security
Attack XML
processors
SQL injection
Privacy issues
(information
disclosure)
Improper
session
handling
Decisions via
untrusted
inputs
Broken
cryptography
Unmanaged
code
URL Schemes
Push
notifications
Authentication Authorization
Session
management
Data storage
Data validation
(input, output)
Transport Layer
protection
Denial
of service
Business logic
UDID or MAC ID
usage
Once you capture the traffic it is a typical web application pentesting, in
which attacks are done on the application server.
26. Challenges: SSL Pinning
Certificate Pinning is an extra layer of security that is used by applications to
ensure that the certificate provided by the remote server, is the one which is
expected.
By including the remote server’s x509 certificate or public key within the
application, it is possible to compare the locally stored certificate or key with
the one provided by the remote server.
Bypassing Certificate Pinning
iOS SSL Kill Switch:
iOS SSL Kill Switch patches low-level
SSL functions within the Secure Transport API, in
order to override and disable the system's default
certificate validation as well as any kind of custom
certificate validation.
(https://github.com/iSECPartners/ios-ssl-kill-switch)
iOS TrustMe:
An extreme method of disabling most
certificate verification checks within iOS
applications.
(https://github.com/intrepidusgroup/trustme)
27. iOS Standard Directories
• During installation of a new app, the
installer creates a number of container
directories for the app inside the
sandbox directory like, Bundle, Data etc.
• Each container directory has a specific
role:
• The bundle container directory holds
the app’s bundle.
• ‘Data Container’ directory holds data for
both the app and the user.
• The data container directory is further
divided into a number of subdirectories
that the app can use to sort and
organize its data.
https://developer.apple.com/library/content/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/FileSyst
emOverview/FileSystemOverview.html
29. Tips & Tricks To Locate App Folders
• Apple has a history of changing the paths of application
containers, with their new firmware releases.
• find / -type d -iname "*.app“
• find / -type d -iname "*.app“ | grep “AppName”
• cd /private/var/containers/Bundle/Application/; ls *
Locating App Bundle Containers: (iOS 9.*)
Locating Data Containers: (iOS 9.*)
• By default, the application data container reside in the following
path:
~/var/mobile/Containers/Data/Application/
• Navigate to the above path and run the following command:
• find /var/mobile/Containers/Data/Application/ -iname "*AppName"
30. Static Analysis:
• Decrypt the application
• Investigate property list files
• Analyze iOS keychain
• Analyze SQLlite database
• Analyze NSUserdefault files etc.
• Check for sensitive information in snapshots
• Investigate file caching
• Insecure data storage in Keyboard and Pasteboard cache
• Investigate Cookies.binarycookies
Side Channel Data Leakage:
31. Decrypting an iOS Application
Clutch:
• Clutch is a high-speed iOS decryption tool.
• Clutch supports the iPhone, iPod Touch, and iPad as well as all iOS version
• Loader decrypts app
• Clutch sets a breakpoint in loading process
• Dumps app from memory
32. Decrypting an iOS Application
Class-Dump:
• Command-line utility for examining the Objective-C runtime information.
• From a given executable, ‘class-dump’ and ‘class_dump_z’ will generate
header files with class interfaces.
• This allows for an analysis of what methods exist in the executable, which
can help you guess which ones to hook to get given functionality.
33. Plist files
• Property list files
- /private/var/containers/Bundle/
Application/
- Often used to store user’s properties
• Key value pairs are stored in binary format
• Easily extracted and modified with property
list editor, plutil etc.
• Look for usernames , passwords, cookies.
• Apps may take Authentication/Authorization
decisions
• Ex: admin=1, timeout=10
• Plist files can be viewed and modified easily
on both the Jailbroken and non Jailbroken
iPhones.
“An information property list file is a structured text file that contains
essential configuration information for a bundled executable”
34. Keychain
• SQLite database for sensitive data storage
• Four tables: genp, inet, cert, keys
• Located at: /var/Keychains/keychain-2.db
• Keychain data is encrypted
- Uses hardware encryption key
- Uses user passcode for encryption
- Depends on accessibility constant of keychain entry
- Can not be moved to other device
• Accessible to all the applications.
• Application can only access it’s key chain items
- On a Jailbroken device It can be bypassed
• Keychain Dumper Tool – by github
- Displays keychain entries of all the installed applications
• Keychain data is encrypted with User Passcode
35. Cookies.binarycookies
• On the iPhone, Safari browser and third party iOS applications store the
cookies in ‘Cookies.binarycookies’ files located at the path shown below:
- /ApplicationDirectory/Library/Cookies/
- /private/var/mobile/Library/
• Cookies created only with the future expiration date (persistent cookies)
are stored in the binary Cookies.binarycookies file.
• “BinaryCookieReader.py” by Satish Bommisetty.
36. Side Channel Data Leakage
Logging Files
• Apps may write sensitive data
in logs.
• Trouble shooting
• Requests & Responses
• /private/var/log/syslog
Caching
• File Caching
• Keyboard Caching
• Snapshot Caching
• Clipboard Caching
iOS apps have a number of ‘features’ that can be security
vulnerabilities.
37. File Caching
• If the application uses PDF, Excel, or other files it may be
possible that these files may have been cached on the
device. These can be found at :
~/<ApplicationDirectory>/Documents/temp.pdf
Keyboard Caching
• Keystrokes for predictive spellcheck are stored in:
~/private/var/mobile/Library/Keyboard/dynamic-text.dat
• This issue is similar to autocomplete for web browsers.
38. Snapshot Caching
• On minimizing the iOS application, the
screen shrinks and moves the application
to the background.
• To create that shrinking effect, iOS takes
a snapshot of the application and stores
it in the '/Library/Caches/Snapshots/'
folder of the application’s home directory.
• This might result in storing the user’s
sensitive information on the device which
could be accessed by a malicious
application.
• These persist until reboot.
39. URI Schema:
iOS URL Schemes in general allow one App to be opened by other Apps, or
essentially inter-app communication.
Specific actions can be defined to not only open a URL, but populate what it
is you’d like to search, for example coordinates, local donut shops, and much
more.
Here's an example: tel://1-393-222-2222
Got a Problem?
Apple does
not enforce
the unique
naming for
App schemes.
Insecure
URI Schema
Handling
iOS MASQUE
Attack.
iOS URL
Scheme
Hijacking
(XARA) Attack
42. Runtime Analysis:
Runtime analysis allows an attacker to manipulate the application’s
behaviour during the runtime.
For example, Runtime analysis can be used for analysing and
bypassing client side securities implemented by an application like
security locks and access the sensitive information from memory.
• Cycript is an implementation of JavaScript that can interact with
Objective-C classes and objects.
• With Cycript, you can manipulate existing objects already in
your application’s memory, or instantiate new objects, such as
new view controller classes or windows.
• The tool works by hooking into the process of the running app
by passing the ‘-p’ flag to Cycript, followed by the app name.
Cycript:
44. How to get started?
“Damn Vulnerable iOS App (DVIA) is an iOS
application that is damn vulnerable. Its main
goal is to provide a platform to mobile security
enthusiasts/professionals or students to test
their iOS penetration testing skills in a legal
environment.”
• Most of the vulnerabilities, discussed today
can be found in this application.
• Detailed step by step approach on pentesting
iOS application.
• http://damnvulnerableiosapp.com/
45. References:
• Pentesting iOS Application by ‘Jason Haddix’
• Penetration Testing for iPhone Applications by ‘Satish Bommisetty’
• iPwn Apps: Pentesting iOS Applications
• BlackHat 2011 - DaiZovi_iOS_Security
• Learning iOS Penetration Testing by Swaroop Yermalkar.
• Damn Vulnerable iOS Application (DVIA) by ‘Prateek Gianchandani’.
Editor's Notes
Mobile technology has come a long way in a relatively short space of time. In less than 30 years we’ve moved away from big, brick-like cellular phones and a nascent internet to a world of super-slim and powerful smartphones, tablets and convertible laptops that are able to transmit and store data, as well as hook up the internet, with a simple tap.
While these devices offer us increased internet connectivity and day-to-day convenience, they also carry considerable security risks. In this feature we take a look the reasons behind the growing threat of mobile-related cybercrime.
And cybercriminals know this. As a result, they were shifting their focus and efforts to smartphones and tablets, appreciative of the fact that they can possibly steal more money and data from their victims this way.
Mobile technology has come a long way in a relatively short space of time. In less than 30 years we’ve moved away from big, brick-like cellular phones and a nascent internet to a world of super-slim and powerful smartphones, tablets and convertible laptops that are able to transmit and store data, as well as hook up the internet, with a simple tap.
While these devices offer us increased internet connectivity and day-to-day convenience, they also carry considerable security risks. In this feature we take a look the reasons behind the growing threat of mobile-related cybercrime.
And cybercriminals know this. As a result, they were shifting their focus and efforts to smartphones and tablets, appreciative of the fact that they can possibly steal more money and data from their victims this way.
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component
Three areas to focus on:
Attack the network communication
Attack the server component
Attack the client component