Showing 25 results for: Mobile ×

Jailbreak Detection Methods

This post concludes our three-part series about mobile security. Today's post will outline some options for detecting jailbroken devices, should you choose to do so. Yesterday, we asked whether blocking an app's execution on jailbroken devices was worth it. Earlier...

Executing Apps on Jailbroken Devices

This post is part two of a three-part series about mobile security. Today's post will discuss the execution of apps on jailbroken devices. Yesterday, we described some vulnerabilities in iOS web browsers. Tomorrow, we'll explore detecting jailbroken devices. “App cannot...

Exploring and Exploiting iOS Web Browsers

Today we begin a three-post series about mobile security. We start with a discussion of vulnerabilities in iOS web browsers. Later this week we'll cover apps executing on jailbroken devices and the detection of jailbroken devices. While the release and...

Touchlogging Part 3 - Final Thoughts

This is the third and final part on the subject of Touchlogging. I do recommend reading part one and part two before reading this final part. The previous parts described the technical details of the touchlogging attacks. In this part,...

Touchlogging Part 2 - Android

This is part two in my Touchlogging series, you can find part one here. In part one, I wrote a little bit about the background and how to intercept touch events on jailbroken iOS. This part will focus on Android....

Touchlogging Part 1 - iOS

Although there have been numerous articles posted, I thought I would write about my recent presentation at the RSA Conference on the subject of touchlogging. Since many people have asked, I got the term touchlogging from this paper. I do...

Custom Native Library Loader for Android

If you read my co-worker Neal Hindocha's recent post "Debugging Android Libraries using IDA" you notice he mentioned using a "custom library loader". We had used this on a recent mobile penetration test to have complete control over some home...

Debugging Android Libraries using IDA

During a recent test, I encountered a native JNI library used by an Android application. I needed to understand this library and what it did, so the first step was to load the library in IDA to see what it...

Wardrive, Raspberry Pi Style!

I purchased a Raspberry Pi a few weeks back. I found that I could power it, a WiFi card and a GPS from my 12000mah Li-Ion battery pack for about 12 hours. What a great way to explore with out...

Abusing the Android Debug Bridge

The android debug bridge (or ADB for short) is a valuable tool, it is what allows smart phone tinkerers unobstructed access to their device for customization. This said, the debug bridge has a major caveat of being too easily left...

Blackberry OS 10 BlackLists Batman and PoohBear

A Blackberry oriented website in the UK was the first to notice an interesting new feature in the most recent developer release of the Blackberry 10 OS. They found what looks like a list of one hundred and six blacklisted...

Smart Phone + Mail Server = Location Tracking

My last two posts have touched on the privacy perspective in relation to mobile applications. This post continues on with that privacy theme, however looking at the smart phone itself and how the constant polling to a mail server can...

FinSpy Mobile - Configuration and Insight

A couple of weeks ago, Citizen Lab announced the discovery of the mobile component to the previously discovered FinFisher Toolkit (Reference Here). In this reveal, they talk about the many mobile variants, and a number of components included in each....