Presentation is loading. Please wait.

Presentation is loading. Please wait.

Adding Trojans to Apps Slides and projects at samsclass.info.

Published byGwen Lindsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Adding Trojans to Apps Slides and projects at samsclass.info."— Presentation transcript:

1 Adding Trojans to Apps Slides and projects at samsclass.info

2

3 Broken SSL Repeating Old Work Slides and projects at samsclass.info

4 CERT's Test in 2014 23,667 vulnerable apps All warned in 2014 by CERT Slides and projects at samsclass.info

5 Still Vulnerable Slides and projects at samsclass.info

6 Simple SSL Test Route Android traffic through Burp Proxy Don't install the PortSwigger root certificate This is a MITM attack The default browser detects it Slides and projects at samsclass.info

7 DEMO: PicsArt (100 Million) Slides and projects at samsclass.info

8 DEMO: InstaChat(100 Million) Slides and projects at samsclass.info

9 DEMO: OKCupid – FIXED! Slides and projects at samsclass.info

10 DEMO: Safeway (1 Million) Slides and projects at samsclass.info

11 Broken SSL Medical Apps Slides and projects at samsclass.info

12 CERT found 265 Vulnerable Medical Apps Slides and projects at samsclass.info

13 HIPAA Slides and projects at samsclass.info

14 My Repeat of CERT Tests Slides and projects at samsclass.info

15 DEMO: GenieMD Slides and projects at samsclass.info

16 DEMO: LowestMed corporate Slides and projects at samsclass.info

17 LowestMed Response Phone call to President of CCSF threatening a lawsuit After I contacted their lawyer, he told me that there is no PII in the app beyond this point, so it is not a covered entity under HIPAA Slides and projects at samsclass.info

18 Broken SSL Testing New Apps Slides and projects at samsclass.info

19 Responsible Disclosure I need to give these guys time to respond, so most of them are still confidential I can discuss one, because they fixed it really fast! Slides and projects at samsclass.info

20 Blue Cross Blue Shield of North Carolina Slides and projects at samsclass.info

21 Leaked Blue Cross Credentials Also leaked Facebook, Twitter, and YouTube credentials Slides and projects at samsclass.info

22 Fixed in Two Days New version refuses to use invalid SSL certificates Slides and projects at samsclass.info

23 Security Products Slides and projects at samsclass.info

24 AIG MobileGuard Security app required for insurance coverage Removed from Google Play after my reports Slides and projects at samsclass.info

25 Already Trojaned Slides and projects at samsclass.info

26 Local Storage of Sensitive Data Slides and projects at samsclass.info Security Question Security Answer PIN

27 DEMO: MobileSuperHero (10,000) Logs the PIN Last update 12-13-12 Slides and projects at samsclass.info

28 DEMO: Virgin Mobile Rescue (100,000) Logs the PIN Last update 7-22-13 Must uninstall Mobile Superhero to use it Slides and projects at samsclass.info

29 DEMO: Rebound (50) Logs the PIN Last update 7-16-13 Slides and projects at samsclass.info

30 DEMO: Rebound Mobile Security (50) Logs the PIN Last updated 11-7-2013 Slides and projects at samsclass.info

Download ppt "Adding Trojans to Apps Slides and projects at samsclass.info."

Similar presentations

Work wants to be social: 5 lessons from SlideShare Rashmi Sinha.

Work wants to be social: 5 lessons from SlideShare Rashmi Sinha.
Why Eve & Mallory Love Android

Why Eve & Mallory Love Android
An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities Vasant Tendulkar NC State University William.

An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities Vasant Tendulkar NC State University William.
MOOC on M4D 2013 I NTRODUCTION TO THE A NDROID P LATFORM Ashish Agrawal Indian Institute of Technology Kanpur.

MOOC on M4D 2013 I NTRODUCTION TO THE A NDROID P LATFORM Ashish Agrawal Indian Institute of Technology Kanpur.
By: Lucas Clarkson.  “could potentially launch a ‘root exploit’ attack to take control of your phone” - Dr. Xuxian Jiang  Ads use GPS, call logs, phone.

By: Lucas Clarkson.  “could potentially launch a ‘root exploit’ attack to take control of your phone” - Dr. Xuxian Jiang  Ads use GPS, call logs, phone.
Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.
SAFETYCHECK Eric Hatch | David Allen |Bailee Lucas| Austin Rhodes.

SAFETYCHECK Eric Hatch | David Allen |Bailee Lucas| Austin Rhodes.
© GlobalSign. A GMO Internet Inc group company. Authentication. Security. Trust. A tutorial on how you can host multiple SSL Certificates on a single IP.

© GlobalSign. A GMO Internet Inc group company. Authentication. Security. Trust. A tutorial on how you can host multiple SSL Certificates on a single IP.
Securing Vehicular Communications CSCE 790 Wireless Networking - Spring’08 Presented: April 15, 2008 University of South Carolina Sharaf J. Malebary.

Securing Vehicular Communications CSCE 790 Wireless Networking - Spring’08 Presented: April 15, 2008 University of South Carolina Sharaf J. Malebary.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
SSL From Your Smartphone Support for Android Smartphones www.sharetech.com.twwww.sharetech.com.tw / www.higuard.comwww.higuard.com.

SSL From Your Smartphone Support for Android Smartphones /
Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC.

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC.
Confidential Company Internal396/155 18-LXE 108 186 Uen PA2Xperia Transfer Mobile 1.1 - Communication Material2014-01-311Company Internal396/155 18-LXE.

Confidential Company Internal396/ LXE Uen PA2Xperia Transfer Mobile Communication Material Company Internal396/ LXE.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
Viruses and their Cures Catherine Agnew CEDu 581 – Oconomowoc.

Viruses and their Cures Catherine Agnew CEDu 581 – Oconomowoc.
Is Your Mobile App Secure. DEF CON 23 Wall of Sheep Sat

Is Your Mobile App Secure. DEF CON 23 Wall of Sheep Sat
Zscaler New Interface and Reporting From Saturday 8 th June 2013.

Zscaler New Interface and Reporting From Saturday 8 th June 2013.
1 Thomas Lippert Senior Product Manager - Mobile What’s new in SMC 5.0.

1 Thomas Lippert Senior Product Manager - Mobile What’s new in SMC 5.0.
An Empirical Study of Visual Security Cues to Prevent the SSLstripping Attack Dongwan Shin and Rodrigo Lopes In Proc. 27 th Annual Computer Security Applications.

An Empirical Study of Visual Security Cues to Prevent the SSLstripping Attack Dongwan Shin and Rodrigo Lopes In Proc. 27 th Annual Computer Security Applications.
COMPUTER SECURITY BEST PRACTICES. SECURE YOUR STUFF!  Physically secure your workstation by locking your screen when away  Secure any small, easy to.

COMPUTER SECURITY BEST PRACTICES. SECURE YOUR STUFF!  Physically secure your workstation by locking your screen when away  Secure any small, easy to.

Similar presentations

Ads by Google