This document discusses security vulnerabilities that can arise from smartphones. It describes how an attacker who steals a phone can potentially access sensitive data by exploiting vulnerabilities in encryption methods, password policies, and memory handling. Experiments were conducted on Android and iOS devices to demonstrate how passwords and one-time passwords can be retrieved from memory, even on jailbroken or rooted phones. It warns developers to test apps under these conditions to find vulnerabilities.
Hardwear.io 2018 BLE Security Essentials workshopSlawomir Jasek
Bluetooth Low Energy (Smart, 4) is recently gaining more and more traction as one of the most common and rapidly growing IoT technologies. Unfortunatelly the prevalence of technology does not come with security. Alarming vulnerabilities in BLE smart locks, medical devices and banking tokens are revealed day by day. And yet, the knowledge on how to comprehensively assess them seems very uncommon.
In this workshop you will get familiar with the basics of BLE security. We will work on a dedicated, readily available BLE hardware nRF devkit device. You will learn how to program and flash it yourself, using special web interface and ready templates. Such approach allows to better understand how things work “under the hood”, experiment with different options, and then secure the hardware properly.
From attacker’s perspective, we will cover among others: sniffing, spoofing, MITM, replay and relay.
Having enough time, we will play with a collection of vulnerable smart locks, sex toys and other devices.
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
This presentation is smartcard and reader centric view of FIPS 201 / PIV program for Federal agencies for physical and logical access. FIPS 201 is a standard developed to comply by 12th presidential directive (HSPD-12).
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)Alexandre Borges
Modern advanced malware samples are used to infect countries and they make part of the current cyber war, cyber espionage and financial attacks. Furthermore, critical actors, who write these malicious codes, try to make the static and dynamic analysis really hard by heavily obfuscating and, eventually, virtualizing codes using techniques such as CFG, call stack manipulation, dead code, opaque predicate and so on. Understanding these concepts and how they are used with virtualized packers is an advantage to learn the main anti-reversing techniques.
Therefore, to manage complex scenarios as exposed above, we are able to use frameworks such as METASM, MIASM and several dynamic static emulation techniques to make code simpler. At end, the goal is to reduce the code (most of time by using symbolic analysis), making us able to get a better understanding about the threat. Additionally, the introduction of dynamic tracing (DTrace) on Windows can help us to having a better understanding about programs and their behavior.
This presentation aims to show concepts and a practical approach on how to handle these reverse engineering challenges and techniques
Step-by-step Development of an Application for the Java Card Connected PlatformEric Vétillard
A JavaOne presentation that describes the Java Card Connected development model, based on a practical example.
Beyond Java Card Connected, could be interesting for people who want to develop small embedded Web servers.
Hardwear.io 2018 BLE Security Essentials workshopSlawomir Jasek
Bluetooth Low Energy (Smart, 4) is recently gaining more and more traction as one of the most common and rapidly growing IoT technologies. Unfortunatelly the prevalence of technology does not come with security. Alarming vulnerabilities in BLE smart locks, medical devices and banking tokens are revealed day by day. And yet, the knowledge on how to comprehensively assess them seems very uncommon.
In this workshop you will get familiar with the basics of BLE security. We will work on a dedicated, readily available BLE hardware nRF devkit device. You will learn how to program and flash it yourself, using special web interface and ready templates. Such approach allows to better understand how things work “under the hood”, experiment with different options, and then secure the hardware properly.
From attacker’s perspective, we will cover among others: sniffing, spoofing, MITM, replay and relay.
Having enough time, we will play with a collection of vulnerable smart locks, sex toys and other devices.
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
This presentation is smartcard and reader centric view of FIPS 201 / PIV program for Federal agencies for physical and logical access. FIPS 201 is a standard developed to comply by 12th presidential directive (HSPD-12).
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)Alexandre Borges
Modern advanced malware samples are used to infect countries and they make part of the current cyber war, cyber espionage and financial attacks. Furthermore, critical actors, who write these malicious codes, try to make the static and dynamic analysis really hard by heavily obfuscating and, eventually, virtualizing codes using techniques such as CFG, call stack manipulation, dead code, opaque predicate and so on. Understanding these concepts and how they are used with virtualized packers is an advantage to learn the main anti-reversing techniques.
Therefore, to manage complex scenarios as exposed above, we are able to use frameworks such as METASM, MIASM and several dynamic static emulation techniques to make code simpler. At end, the goal is to reduce the code (most of time by using symbolic analysis), making us able to get a better understanding about the threat. Additionally, the introduction of dynamic tracing (DTrace) on Windows can help us to having a better understanding about programs and their behavior.
This presentation aims to show concepts and a practical approach on how to handle these reverse engineering challenges and techniques
Step-by-step Development of an Application for the Java Card Connected PlatformEric Vétillard
A JavaOne presentation that describes the Java Card Connected development model, based on a practical example.
Beyond Java Card Connected, could be interesting for people who want to develop small embedded Web servers.
Hardware hacking hit the news quite often in 2017, and a lot of pentesters tried to jump into the band wagon and discover the joy of hacking things rather than servers or applications. But most of them are only looking for rootz shellz and p0wning embedded Linux operating systems rather than doing what we really call "hardware hacking". In this talk, we are going to hack a Bluetooth Low Energy smartlock, from its printed circuit board to a fully working exploit, as well as its (wait for it) associated mobile application you need to install to operate this thing.
This talk is not only an introduction into the field of hardware hacking, but also a good way to dive into electronics and its specific protocols, and of course into microcontrollers and System-on-chip reverse engineering. We will cover some electronics basic knowledge as well as tools and classic methodologies when it comes at analyzing an IoT device and will provide tips and tricks based on our experience but our failures too.
Is Data Secure On The Password Protected Blackberry DeviceYury Chemerkin
People who have ever heard of password utility think the usage of it can protect their private data. There are, however, several ways to steal a lot of information in spite of the fact that device locked by password. These ideas are not complicated to first-time malware developer.
http://hakin9.org/network-security-hakin9-022011/
Keylogging, one of the unsafe malware, is the movement of recording the keys struck on a console with the end goal that the individual utilizing the console is obscure about the way that their activities are being watched. It has legitimate use in examination of human PC collaboration and is considered as the primary danger for business and individual exercises. It tends to be utilized to catch passwords and other secret data entered by means of the console. Subsequently, counteraction of keylogging is significant and severe validation is needed for it. Planning of secure confirmation conventions is very testing, taking into account that different sorts of root units dwell in Personal Computers to watch clients conduct. There are different keylogging procedures, stretching out from equipment and programming based techniques to acoustic assessment. Human contribution in confirmation conventions, however ensuring, isnt straightforward. This paper surveys different examination regions which spread convention confirmations utilized safely forestalling the representation of keylogging assaults. Dr. C. Umarani | Rajrishi Sengupta "Keyloggers: A Malicious Attack" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35776.pdf Paper URL : https://www.ijtsrd.com/engineering/computer-engineering/35776/keyloggers-a-malicious-attack/dr-c-umarani
600.250 UI Cross Platform Development and the Android Security ModelMichael Rushanan
In this presentation I provided undergraduates an introduction to the wildes of cross platform development in the mobile domain. In the end, we explored a few solutions and talked about the strengths/weaknesses of those third party providers. The second half of the talk involved the Android security model and how it WAS important to application developers.
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
Hardware hacking hit the news quite often in 2017, and a lot of pentesters tried to jump into the band wagon and discover the joy of hacking things rather than servers or applications. But most of them are only looking for rootz shellz and p0wning embedded Linux operating systems rather than doing what we really call "hardware hacking". In this talk, we are going to hack a Bluetooth Low Energy smartlock, from its printed circuit board to a fully working exploit, as well as its (wait for it) associated mobile application you need to install to operate this thing.
This talk is not only an introduction into the field of hardware hacking, but also a good way to dive into electronics and its specific protocols, and of course into microcontrollers and System-on-chip reverse engineering. We will cover some electronics basic knowledge as well as tools and classic methodologies when it comes at analyzing an IoT device and will provide tips and tricks based on our experience but our failures too.
Is Data Secure On The Password Protected Blackberry DeviceYury Chemerkin
People who have ever heard of password utility think the usage of it can protect their private data. There are, however, several ways to steal a lot of information in spite of the fact that device locked by password. These ideas are not complicated to first-time malware developer.
http://hakin9.org/network-security-hakin9-022011/
Keylogging, one of the unsafe malware, is the movement of recording the keys struck on a console with the end goal that the individual utilizing the console is obscure about the way that their activities are being watched. It has legitimate use in examination of human PC collaboration and is considered as the primary danger for business and individual exercises. It tends to be utilized to catch passwords and other secret data entered by means of the console. Subsequently, counteraction of keylogging is significant and severe validation is needed for it. Planning of secure confirmation conventions is very testing, taking into account that different sorts of root units dwell in Personal Computers to watch clients conduct. There are different keylogging procedures, stretching out from equipment and programming based techniques to acoustic assessment. Human contribution in confirmation conventions, however ensuring, isnt straightforward. This paper surveys different examination regions which spread convention confirmations utilized safely forestalling the representation of keylogging assaults. Dr. C. Umarani | Rajrishi Sengupta "Keyloggers: A Malicious Attack" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35776.pdf Paper URL : https://www.ijtsrd.com/engineering/computer-engineering/35776/keyloggers-a-malicious-attack/dr-c-umarani
600.250 UI Cross Platform Development and the Android Security ModelMichael Rushanan
In this presentation I provided undergraduates an introduction to the wildes of cross platform development in the mobile domain. In the end, we explored a few solutions and talked about the strengths/weaknesses of those third party providers. The second half of the talk involved the Android security model and how it WAS important to application developers.
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
When stars align: studies in data quality, knowledge graphs, and machine lear...
Smart Cards & Devices Forum 2012 - Smart Phones Security
1. Smart Phones Security
How (Not) To Summon The Devil
Tomáš Rosa
http://crypto.hyperlink.cz
Smart Cards & Devices Forum 2012, May 17th, Prague
2. Abstract
We present several real-life vulnerabilities that the
author has found when experimenting with mobile
applications.
It is not hard to guess the area of those application…
(hint: try author’s personal web).
These are often based on innocent-looking
constructions.
Furthermore, once known, the observations seem really
trivial.
When unknown, however, they remain silently hidden
waiting for the day of their exploit.
The final impact can be then really dramatic…
Smart Cards & Devices Forum 2012
4. ATA Scenario
Definition. Let the After-Theft Attack (ATA) be
any attacking scenario that assumes the
attacker has unlimited physical access to the
user’s smart phone.
Imagine somebody steals your mobile phone…
Despite being really obvious threat, it is often
totally neglected in contemporary applications.
By a robbery, the attacker can even get access to
unlocked screen, hence receiving another
considerable favor!
Smart Cards & Devices Forum 2012
5. Forensic Techniques Lessons
Hackers conferences are not the only one place
where to look for an inspiration.
There are also forensic experts who publish very
interesting results [4], [5], [15], [24].
Actually, they often take hacking techniques and refine
them to another level of maturity.
The main purpose is to prosecute criminals, of course.
But it is like a pistol – it is a question of who is holding the
gun…
Anyway, security experts shall definitely consider looking
into forensic publications, at least time to time.
Smart Cards & Devices Forum 2012
6. Cross-Platform Attacks
Interestingly, forensics also shows how to
exploit certain access to both the mobile
phone and the “paired” computer.
Such situation is rarely studied at hackers
conferences, yet.
This model, however, fits nicely cross-platform
attacks that arise e.g. with banking applications.
Again, we shall really look at what those forensic
experts can do…
Smart Cards & Devices Forum 2012
7. 2root || !(2root) ? Don’t!
Running highly sensitive applications on rooted or
jailbroken devices shall be avoided.
Already rooted or jailbroken device definitely makes the
attacker’s job easier.
In the same way as it already helps in forensics [15], [24].
Furthermore, the runtime protection is almost none.
As you can also see in Cycript experiments in Part Three.
Sometimes, the attacker can even hope to get an access
to memory dumps of sleeping processes.
Consider the unlocked screen and the ability to run anything
as root with no sandbox…
Smart Cards & Devices Forum 2012
8. 2root || !(2root) ? Do!
We shall admit, however, the device gets
rooted or jailbroken without user’s incentive.
In JailbreakMe tools, for instance, it was enough
to point the Mobile Safari at innocent-looking
page [28].
Developers, therefore, shall test their
applications on such devices!
Just to be able to see their applications from
other perspective…
From the perspective of the enemy.
Smart Cards & Devices Forum 2012
9. Experimental Setup
Experiments noted in this presentation
were exercised on:
(rooted) Google Nexus S I9023XXKF1
with Android version 2.3.6, build
GRK39F,
(jailbroken) Apple iPhone 4S – 16 GB
MD235B with iOS v. 5.0.1 (9A406).
Smart Cards & Devices Forum 2012
11. Memento ATA
We shall assume that:
Once having unlimited physical access to the
mobile device,
the attacker can read any plaintext data stored
in its memory.
This also applies to certain encryption keys! [2],
[14], [15], [23], [24].
Despite not being trivial, we shall further
assume this also applies to the content of
the volatile RAM.
Smart Cards & Devices Forum 2012
12. PIN Prints
This can be any direct or indirect function
value that:
once known to the attacker,
can be used for a successful brute force attack
on the PIN,
under the particular attack scenario.
Principally, the same applies to general
passwords, too.
However, we can mitigate the risk by enforcing
strong password policy here.
Smart Cards & Devices Forum 2012
13. Pitfall No. 1
There was RSA private key encrypted by a
derivative of a decimal PIN.
According to PKCS#1 [22], there is a huge
redundancy based on the ASN.1 structure
syntax [8].
Furthermore, there is a terrible amount of
algebraic-based redundancy in the private key
numbers themselves [18].
So, the decimal PIN was in fact packed
together with the encrypted key store.
…as a bonus gift to the attacker!
Smart Cards & Devices Forum 2012
14. Pitfall No. 2
If the PIN is used for OTP generation,
then any OTP itself is a valuable PIN print.
This is true even if the OTP is also based on
some symmetric key.
Or, we have to prove the key cannot be
retrieved by respective techniques like [2], [14],
[15], [23], [24].
Therefore, we shall:
not store OTPs in permanent memory,
wipe OTPs out of the volatile memory as soon
as possible.
Smart Cards & Devices Forum 2012
15. Padding Issues
Consider the HOTP according to RFC 4226.
This is a popular OTP generator based on
HMAC-SHA-1.
Its reference Java implementation [16], however,
contains a security flaw.
OK, it is a reference design in the sense of test
vectors.
On the other hand, the RFC does not warn clearly that
this code shall not be used for real implementations.
Especially on Android, it is probably tempting to simply
copy-paste the code. Do not do that!
Smart Cards & Devices Forum 2012
16. Padding by RFC 4226
result = Integer.toString(otp);
while (result.length() < digits) {
result = "0" + result;
}
return result;
Smart Cards & Devices Forum 2012
17. Behind Those “+” and “=”
With each iteration, there are two new
instances created:
(“+”) java.lang.StringBuffer or
StringBuilder to perform the concatenation,
(“=”) java.lang.String to hold the result.
However, the references to the previous
iteration result and to the concatenation
instance are lost.
Smart Cards & Devices Forum 2012
18. Memory Footprint
With each iteration, we have at least one
copy of the precious OTP left unattended in
the memory.
We do not have a reference to them.
So, we cannot wipe them securely!
Furthermore, there is the unfortunate choice
of using String to hold the result.
This is by standard immutable object, so we
need to invest an extra effort to wipe such
values properly.
Smart Cards & Devices Forum 2012
19. Android Proof-Of-Concept
We have compiled the original HOTP
padding procedure for Gingerbread.
To exhibit the faulty behavior, we have
deliberately shortened the input integer,
so we were able to see the padding in
action.
In particular, we set:
otp = 755224,
digit = 9.
Smart Cards & Devices Forum 2012
23. Note on the Root Account
The following experiments expose (ab)using the
root account on a jailbroken iPhone.
It was, however, verified that everything shown here can
be done under the mobile account as well.
Once a jailbreak environment is already set, the root is not
such important for a malicious application.
Obviously, it is potentially dangerous to install any
“underground” (Cydia, etc.) application side by side with e.g.
sensitive banking application.
Recall, almost all runtime protections are gone!
We shall, on the other hand, constantly bear on mind that a
kind of jailbreak can happen without user’s incentive.
Smart Cards & Devices Forum 2012
24. Weird Pictures Demo
Well, it would not be
fair to use real-life
applications here.
We will use a modest
iPhone joke that was
written especially for
this purpose to exhibit
all those weaknesses
we want to talk about.
Smart Cards & Devices Forum 2012
25. Password: “kubrt”
It’s just the front camera in action…
Smart Cards & Devices Forum 2012
26. Cycript
Delicate combination of JavaScript and Objective-C
interpreter running on iOS [31], [32].
Provides REPL (Read-Eval-Print Loop) interface.
It can attach to an already running process and
start commanding its Objective-C runtime.
It uses MobileSubstrate framework to do that [32].
This requires a jailbreak, but remember what we said
before – it can happen without user’s incentive.
Its original purpose probably was not application
hacking (in security sense).
Anyway, it is an excellent tool for vulnerability research
and demonstration [24].
Smart Cards & Devices Forum 2012
27. Cycript Taste
As an illustration, we show a Cocoa Touch style
alert() function in Cycript.
function cocoAlert(msg) {
var alertView = [[UIAlertView alloc]
initWithTitle:"Alert"
message:(msg!==undefined) ? msg : ""
delegate:null
cancelButtonTitle:"OK"
otherButtonTitles:null];
[alertView show];
[alertView release];
}
Smart Cards & Devices Forum 2012
28. Back to Weird Pictures
How is the login view managed?
What if it is just a modal view controller presented by the
root view controller of the application?
We mean having something like this in e.g. the method
applicationWillResignActive: [33]:
[self.viewController presentViewController:
[WPLoginViewController getDefault]
animated:NO
completion:^{NSLog(@"modal login");}
];
Smart Cards & Devices Forum 2012
29. Consider This (hack1.cy)
function AppVC() {
var window = [UIApp keyWindow];
this.viewController = [window
rootViewController];
}
AppVC.prototype.unlock =
function(animated/*opt*/) {
[this.viewController
dismissModalViewControllerAnimated:animated];
cocoAlert("From cycript with love...");
}
var ac = new AppVC();
ac.unlock();
Smart Cards & Devices Forum 2012
31. Lesson Learned
Do not assume that plain GUI provides any
reasonable data protection.
We shall assume the attacker can get
access to all local plaintext data.
Especially important to consider under the After-
Theft Attack assumption.
If we need to control data access, we shall
encrypt this data [24].
But pay really high attention not to create any useful
PIN prints this way!
Smart Cards & Devices Forum 2012
32. Consider Yet This (hack2.cy)
function LoginVC() {
this.viewController = [WPLoginViewController
getDefault];
}
LoginVC.prototype.showPwd = function() {
var pwd = [[this.viewController passwordField] text];
if (pwd == null)
cocoAlert("Sorry Sir.");
else
cocoAlert("Your password, Sir: "" +
pwd.toString() + """);
}
var lc = new LoginVC();
lc.showPwd();
Smart Cards & Devices Forum 2012
33. # cycript -p WeirdPictures hack2.cy
We shall consider
using one-way
derivatives, if we really
need to keep user
secrets in memory for
some purpose.
Furthermore, it is wise
not to expose anything
like
-(id)passwordField !
Smart Cards & Devices Forum 2012
34. Cocoa Shaken, Not Stirred
So far, we had the code under our
control.
When we understand what is wrong, we
can fix it.
What if the problem is out of reach of
our hands?
For instance, in Cocoa Touch.
Right around the UITextField control.
Smart Cards & Devices Forum 2012
35. UITextField in Weird Pictures
We use this control
view to let users to
type their
password.
Of course, we have
marked it “Secure”.
But, is it enough?
Smart Cards & Devices Forum 2012
36. Consider This Gdb Script
set variable $sel = (void*)sel_getUid("text")
set variable $cla = (void*)objc_getClass("UITextField")
set variable $addr = (void*)(((unsigned
long)class_getMethodImplementation($cla, $sel)) & 0xFFFFFFFE)
break *($addr+118)
commands
printf "from: 0x%lxn", $lr
if ($lr != 0x0)
x/i $lr
end
printf "return: 0x%lxn", $r0
if ($r0 != 0x0)
x/a $r0
call (unsigned char*)CFStringGetCStringPtr($r0, (unsigned
long)CFStringGetSystemEncoding())
end
c
end
saved as /var/root/tfexp.gdb
Smart Cards & Devices Forum 2012
37. Notes on the Gdb Script
Loaded by the gdb source command.
We use the original Xcode gdb running right on the iOS
device [17].
We attach to the existing process of WeirdPictures.
Well, there may be ASLR [25].
So, we abuse the wonderful Objective-C runtime to query
for the -[UITextFiled text] implementation.
We then setup a breakpoint at the end of this method.
This offset can change, we have verified it for iOS v. 5.0.1
(9A406) and v. 5.1 (9B176).
This way, we can monitor who is querying our precious
passwordField and what is the result.
Smart Cards & Devices Forum 2012
38. Loading into Gdb
(gdb) source /var/root/tfexp.gdb
Breakpoint 1 at 0x324d508a
(gdb) info breakpoints
Num Type Disp Enb Address What
1 breakpoint keep y 0x324d508a <-[UITextField text]+118>
printf "from: 0x%lxn", $lr
x/i $lr
printf "return: 0x%lxn", $r0
x/a $r0
call (unsigned char*)CFStringGetCStringPtr($r0,
(unsigned long)CFStringGetSystemEncoding())
c
(gdb) c
Continuing.
Smart Cards & Devices Forum 2012
39. What a Surprise…
As the user starts typing on the virtual keyboard, we can see:
…
Breakpoint 1, 0x324d508a in -[UITextField text] ()
from: 0x3242bb91
0x3242bb91 <-[UITextField _updateAutosizeStyleIfNeeded]+69>…
return: 0x14d750
0x14d750: 0x3f4712c8 <OBJC_CLASS_$___NSCFString>
$2 = (unsigned char *) 0x0
Breakpoint 1, 0x324d508a in -[UITextField text] ()
from: 0x3242bb91
0x3242bb91 <-[UITextField _updateAutosizeStyleIfNeeded]+69>…
return: 0x12f860
0x12f860: 0x3f4712c8 <OBJC_CLASS_$___NSCFString>
$3 = (unsigned char *) 0x35c2c1 "k"
Smart Cards & Devices Forum 2012
42. What The Hell…?!
Apparently, we are not the only one
who is interested in the
passwordField value.
For some reason, UIKit framework (of
Cocoa Touch) continuously monitors this
value, too.
Furthermore, it was observed that this
activity leads to a considerable memory
footprint.
Smart Cards & Devices Forum 2012
43. Then, We Start Getting the Idea
We shall also turn off the
automatic font adjusting.
This rule would remain
silently hidden if we did
not experiment with the
gdb and jailbreak!
However, one question still
remains.
Is this enough, or could
there be a similar issue
somewhere else???
Or, we may already need
the “Adjust to Fit” flag
set…
Smart Cards & Devices Forum 2012
44. Spraying The Secret
Various parts of our secret string were identified in
dumps of the process memory.
Of course, we have eliminated other potential sources for
the experiment.
Anyway, the values were found not only at the addresses
noted in the previous gdb listing.
Probably there is some further processing that finally
“sprays” these values around the memory heap.
Again - did we already stop the whole leakage or just sealed
up one particular hole?
Actually, we have already seen further automatic gathering
made for the -[UITextField _text]…
Smart Cards & Devices Forum 2012
46. Memento ATA Again
Regarding the After-Theft Attack, this can be
really dangerous.
According to the official documentation:
“…[iOS] keeps suspended apps in memory for
as long as possible, removing them only when
the amount of free memory gets low…” [33]
From the user perspective, however, the
application is simply done.
Smart Cards & Devices Forum 2012
47. Risk Assessment
What if an attacker steals a device with such a
suspended process?
It is a question of being able to dump RAM without cycling
the power.
We cannot claim that there is always a chance to get
these data.
However, we either cannot claim it will not happen.
Clearly, end users shall not jailbreak their devices with
sensitive applications.
As this can help the attacker considerably.
Developers, on the other hand, shall test their own
application with a jailbreak!
As this helps them to see things in a different light…
Smart Cards & Devices Forum 2012
48. What Shall We Do With Drunken
Framework?
Obviously, it is not wise to try to improve the UIKit
framework itself.
We cannot be sure we have patched all holes.
Furthermore, there can be serious compatibility issues.
Simple workaround is to avoid using
UITextField at all and devise our own control
view instead.
Sometimes, however, we want to use UITextField for
compatible look-and-feel, etc.
Then, the cryptography is here to help…
Smart Cards & Devices Forum 2012
49. Encrypted Keyboard Idea
Devise custom keyboard that for each character
typed generates its cryptogram.
The UITextField does no longer operate with plaintext.
It is being fed by “crypto-chars” instead.
When finished, we retrieve the crypto-char text,
decrypt it, and wipe out the ephemeral key used.
The heap can still be polluted.
But this is just a gibberish text, since the key is already
gone.
Smart Cards & Devices Forum 2012
50. Clear Idea, But…
The implementation presents some interesting
problems:
We are talking about some kind of a stream cipher [18].
So, how to solve the keystream synchronization?
How to cope with potential keystream reuse?
How to generate the keystream fast enough?
OK, this deserves a separate lecture.
Please see:
Dvořák, P. and Rosa, T.: How the Brave Permutation
Rescued a Naughty Keyboard,
at Mobile DevCamp 2012, http://www.mdevcamp.cz/
Smart Cards & Devices Forum 2012
52. Overview
We first show the Screen Lock Bypass
(SLB) application at work.
This is an interesting forensics/hacking
technique in itself.
We then conclude by noting a possible way
of an effective malware cross-infection.
The observation is trivial. Its impact, however,
can really be dramatic.
Especially in the area of two-factor
authentication applications.
Smart Cards & Devices Forum 2012
53. Version Alert
The following part of this presentation
was researched in November 2011.
It was the time of Android Market and the
Gingerbread was quite recent version.
It is the era of Google Play and Ice
Cream Sandwich, now.
The ideas and concepts presented here,
however, still apply.
Smart Cards & Devices Forum 2012
54. Screen Lock Bypass (SLB)
Developed by Thomas Cannon [29], popularized by
Andrew Hoog [15], and freely available on the
Android Market (now Google Play).
Its official purpose is to help users who accidentally
forgot their screen lock gesture or PIN.
Anybody who knows the login name/password for the
Gmail account associated with the particular Android
device can use this application to try to unlock the screen.
The success ration may not be 100 %, but it is quite high
anyway.
In particular, we did not encounter any problem during
several trials we have made for this presentation.
Smart Cards & Devices Forum 2012
55. The Dark Side
As was already noted in [15], this
application may be used not only by
the legitimate device owner.
Just anybody, who knows the respective
Gmail credentials can give it a try.
Obviously, the Gmail credentials seems
to be quite “magic”.
And that is just the beginning…
Smart Cards & Devices Forum 2012
56. The Screen (Un)Lock At Work
Let us
assume that
the device
display is
locked by a
PIN that we
somehow
cannot
recall…
Smart Cards & Devices Forum 2012
57. Gmail Account Sidekick
Let us assume we somehow can recall the
associated Gmail account login
name/password…
So, we do the following (from any PC/Mac)
1. go to http://market.android.com
2. use the name/pwd to log in – note the same
credentials apply here as for that Gmail account
3. find the “Screen Lock Bypass” application and
let it install to the associated Android device
Smart Cards & Devices Forum 2012
61. Telephone Number – Who Cares?
We should emphasize it is unnecessary to
know the telephone number of the target
Android device.
We either do not need to know any other a-
priori identification of the device.
This is because of Android Market offering
us the list of associated devices
automatically.
All we have to do is to choose a device from the
list.
Smart Cards & Devices Forum 2012
63. Meanwhile On the Device
While the
application is
being installed,
there is no user
interaction
required at the
mobile device
side at all.
The name of the
application
flashes briefly in
the status bar,
leaving on just a
tiny symbol of a
successful
installation.
Smart Cards & Devices Forum 2012
64. Recall, OTA = Over The Air
Note the SLB application was installed through a
service channel that Google uses to silently
manage Android devices worldwide.
This permanent data path is kept automatically by each
Android device linked to the Android Market portal.
That means, we do not need to tweak the mobile phone in
any way to start downloading.
It may be resting on a table as well as in somebody’s
pocket – just in any place with GSM/UMTS service
coverage.
The display does not have to be turned on before the
installation starts.
Well, this all really is a silent service…
Smart Cards & Devices Forum 2012
65. Hands-Off Application Startup
So, we have downloaded the (pirate)
application on the Android device.
The question is, however, how to
make this code run?
Obviously, we cannot do that manually,
since the screen is locked.
Unfortunately, the Android OS provides
several reliable ways on how to do that.
Smart Cards & Devices Forum 2012
66. Android Broadcast Receiver
This is an application component [26]
responsible for inter-process communication
based on broadcast Intent mechanism.
Usually, developers use a BrodcastReceiver
derivatives to hook up for asynchronous system
events like:
android.provider.Telephony.SMS_RECEIVED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PHONE_STATE
etc.
Smart Cards & Devices Forum 2012
67. Broadcast Receiver Setup
To register a BroadcastReceiver
component, it suffices to list it in the
respective AndroidManifest.xml.
This xml file is stored in the application package
and it gets processed automatically during the
application installation [26].
Therefore, no single code instruction of our
application needs to be run to hook up for a
particular broadcast Intent.
Smart Cards & Devices Forum 2012
68. Registration Example
Remember – it is all done in a package
configuration file.
We do not need to run our code to register
for a broadcast Intent.
…
<receiver android:name=".SniffReceiver">
<intent-filter android:priority="256">
<action
android:name="android.provider.Telephony.SMS_RECEIVED"/>
</intent-filter>
</receiver>
…
Smart Cards & Devices Forum 2012
69. Once Upon A Broadcast…
When the particular broadcast is fired, the
Android operating system invokes those
registered receivers.
This way our onReceive() method gets
called and – yes, we have got it – our
application code is up and running!
Actually, it is a bit complicated when it comes to
the order of calling these receivers and possible
event cancellation, but this is not important for
use here.
Smart Cards & Devices Forum 2012
70. Back To SLB
The Screen Lock Bypass, in particular,
registers to the following broadcasts:
android.intent.action.PACKAGE_ADDED
Triggers when a new package is installed.
android.intent.action.BOOT_COMPLETED
Triggers after finishing OS boot and startup
procedures.
Smart Cards & Devices Forum 2012
71. Two Ways to Unlock
According to the aforementioned events,
there are basically two ways on how to
trigger SLB activity.
1. To install just another application package from
the Android Market in the same way as we did
for SLB itself.
2. To switch off/on the device, hence triggering the
BOOT_COMPLETED.
We have verified both ways worked well in
our experimental setup.
Smart Cards & Devices Forum 2012
72. Going the First Way
It really does not matter what application we choose.
Important is just the final event that triggers our onReceive().
Smart Cards & Devices Forum 2012
75. Having Triggered SLB
Secondary
installation
triggered
PACKAGE_ADDED.
This in turn
starts the SLB
trap.
Suddenly, the
screen lock
disappears…
Smart Cards & Devices Forum 2012
76. Possibly
Well, we can
also enjoy
playing Fruit
Ninja.
But we do
not have to.
Just for
fun…
Smart Cards & Devices Forum 2012
77. Remember… (regarding SLB)
We have downloaded an application package on
the Android device.
We have granted any user permissions we needed
to that package.
We have run a code of that package.
We did not need to directly operate with the mobile
device in any way.
Furthermore, we even did not need to know the telephone
number.
The only thing we needed was an internet access
and a valid login name/password for the associated
Gmail account!
Smart Cards & Devices Forum 2012
78. Working The Other Way
By simply switching
off/on the device,
we can trigger
BOOT_COMPLETED.
This again runs a
SLB code.
Again, the screen
lock disappears
happily…
Smart Cards & Devices Forum 2012
79. Recall Again
The only thing we needed was an internet
access and a valid login name/password
for the associated Gmail account!
Well, this time we used the power off/on switch.
The attacker, however:
1. Can use the former approach using a dummy package
installation.
2. Can just wait until users “recycle” their devices by
themselves.
Smart Cards & Devices Forum 2012
80. Access Rights Revisited
The Android operating system relies mainly on
user-granted permissions [26].
During the application installation, the user is asked
whether to allow or deny permissions required by
the particular AndroidManifest.xml [26].
Well, this model itself is quite questionable as users may
not be fully aware of the possible impact.
Furthermore, it is especially non-trivial to discover the risk
of various permission synergy effects.
Anyway, this is not the topic we want to address here.
Smart Cards & Devices Forum 2012
81. User-Granted Permissions Limits
We should note that there are some privileges that
cannot be granted even by explicit user
confirmation.
For instance, it is not possible to directly grant root access
to the underlying Embedded Linux core.
With user-granted privileges, we can, however, run a
possible root exploit…
On the other hand, the power of user-granted
permissions is still considerable.
For instance, permissions needed by an SMS sniffer can
be fully granted this way.
Smart Cards & Devices Forum 2012
82. Let Us Experiment
To see permission granting process at work,
we can try installing SLB directly from the
Android Market application running on the
particular Android device.
Well, this does not make a sense, but we do this
for another purpose.
We want to demonstrate how the user-granted
permission mechanism works.
Smart Cards & Devices Forum 2012
84. As Bad As It Looks
Well, but when we installed SLB through the
web interface, we did not need to grant
these permissions. Or did we?
We did, but that time it was granted through the
web interface instead (cf. the former
screenshots).
Does it really mean…?!
Unfortunately, yes.
Provided we have respective Gmail credentials,
we can choose any application form the Market,
give it any user-granted permission, send it to
the victim’s device, and run it!
Smart Cards & Devices Forum 2012
85. Cross-Infection Highway
Time to time, users log to their e-mail accounts from
“ordinary” computers, too.
What about if that PC/Mac is infected by a malware that
steals Gmail login credentials?
The conclusion is immediate – such a malware can
instantly spread to the associated Android device.
Compromised Gmail account implies compromised
associated Android device.
There is no need for any further user cooperation!
This all in fact effectively breaks those popular SMS-based
two-factor authentication schemes…
Smart Cards & Devices Forum 2012
86. How About iOS
We have seen one particular way of possible cross-
infection on one particular platform.
There will hardly be only one such example.
Consider, for instance, an infected computer that is
synced via USB with an iOS device.
Furthermore, consider those exploits behind jailbreaking
applications [28] and their forensic payloads [24].
Yet, we are only talking about those public ones…
Apparently, it is hard to believe that such iOS device can
always withstand refined attempts for malware spreading.
Smart Cards & Devices Forum 2012
87. Conclusion
Was not this all happening to PCs in 90’s?
Did not we lose the game?
PCs are considered insecure environment, now.
However, this is an unavoidable evolution.
There is a yearning for mobile applications that
we can hardly resist.
If we only could wait some time…
But we cannot.
The war has already begun.
Smart Cards & Devices Forum 2012
88. Thank You For Attention
Tomáš Rosa, Ph.D.
http://crypto.hyperlink.cz
Smart Cards & Devices Forum 2012
89. References I
1. Bachman, J.: iOS Applications Reverse Engineering, Swiss Cyber Storm, 2011
2. Bédrune, J.-B. and Sigwald, J.: iPhone Data Protection in Depth, HITB Amsterdam,
2011
3. Blazakis, D.: The Apple Sandbox, Black Hat DC, 2011
4. Breeuwsma, M.-F., de Jongh, M., Klaver, C., van der Knijff, R., and Roeloffs, M.:
Forensic Data Recovery from Flash Memory, Small Scale Digital Device Forensics
Journal, Vol. 1, No. 1, June 2007
5. Breeuwsma, M.-F.: Forensic Imaging of Embedded Systems Using JTAG (boundary-
scan), Digital Investigation 3, pp. 32 - 42, 2006
6. Chin, E., Felt, A.-P., Greenwood, K., and Wagner, D.: Analyzing Inter-Application
Communication in Android, MobiSys’11, 2011
7. Dhanjani, N.: New Age Application Attacks Against Apple's iOS (and
Countermeasures), Black Hat Barcelona, 2011
8. Dubuisson, O.: ASN.1 - Communication Between Heterogeneous Systems, Morgan
Kaufmann Academic Press, 2001
9. Enck, W., Octeau, D., McDaniel, P., and Chaudhuri, S.: A Study of Android Application
Security, Proc. of the 20th USENIX Security Symposium, 2011
10. Fairbanks, K.-D., Lee, C.-P., and Owen III, H.-L.: Forensics Implications of Ext4, Proc.
of the Sixth Annual Workshop on Cyber Security and Information Intelligence
Research, ACM, 2010
Smart Cards & Devices Forum 2012
90. References II
11. Felt, A.-P., Finifter, M., Chin, E., Hanna, S., and Wagner, D.: A Survey of Mobile
Malware in the Wild, SPSM'11, 2011
12. Halbronn, C. and Sigwald, J.: iPhone Security Model & Vulnerabilities, HITB KL, 2010
13. Hay, R. and Amit, Y.: Android Browser Cross-Application Scripting, CVE-2011-2357,
IBM Rational Application Security Research Group, 2011
14. Heider, J. and Boll, M.: Lost iPhone? Lost Passwords!, Fraunhofer SIT Report, cf. also
[23], 2011
15. Hoog, A.: Android Forensics – Investigation, Analysis and Mobile Security for Google
Android, Elsevier, 2011
16. HOTP: An HMAC-Based One-Time Password Algorithm, RFC 4226, 2005
17. Jaden and Pod2G: How To: Install GNU Debugger (GDB) On The iOS 5 Firmware
Generation, iJailbreak, February 24, 2012, http://www.ijailbreak.com/cydia/how-to-
install-gnu-debugger-gdb-on-ios-5/
18. Menezes, A.-J., van Oorschot, P.-C., and Vanstone, S.-A.: Handbook of Applied
Cryptography, CRC Press, 1996
19. Miller, C. and Iozzo, V.: Fun and Games with Mac OS X and iPhone Payloads, Black
Hat Europe, 2009
20. Miller, C. and Zovi, D.-A.-D.: The Mac Hacker's Handbook, Wiley Publishing, Inc., 2009
Smart Cards & Devices Forum 2012
91. References III
21. Oudot, L.: Planting and Extracting Sensitive Data Form Your iPhone's Subconscious,
HITB Amsterdam, 2011
22. PKCS #1 v2.1: RSA Cryptography Standard, RSA Laboratories, June 14, 2002
23. Toomey, P.: "Researchers Steal iPhone Passwords In 6 Minutes" - True, But Not the
Whole Story, Security Blog, http://labs.neohapsis.com/2011/02/28/researchers-steal-
iphone-passwords-in-6-minutes-true-but-not-the-whole-story/ , 2011
24. Zdziarski, J.: Hacking and Securing iOS Applications, O'Reilly Media, 2012
25. Zovi, D.-A.-D.: Apple iOS 4 Security Evaluation, Black Hat USA, 2011
Smart Cards & Devices Forum 2012
92. References IV
26. http://developer.android.com
27. http://developer.apple.com
28. http://theiphonewiki.com
29. http://thomascannon.net/blog/2011/02/android-lock-screen-bypass/
30. http://www.bbc.co.uk/news/technology-15635408
31. http://www.cycript.org
32. http://www.iphonedevwiki.net
33. iOS App Programming Guide, Apple Developer Guide, Apple Inc., 2011
Smart Cards & Devices Forum 2012