Breaking “Secure” Mobile Applications


TL;DR : This talk examines the security of products in the mobile space that describe themselves as being secure.

A lot of mobile products like to describe themselves as being secure, offering “secure messaging”, “end-to-end secure communications” and “secure device management” to name but a few of the terms banded around. This talk will challenge just how secure some of these products are, providing practical examples on how to break real world applications, including BYOD, Mobile Device Management applications, secure instant messengers and password lockers.

We also discuss and describe Binary Protections, a recent addition to the OWASP Mobile Top 10, including an overview of some of the commercial and freely available solutions, plus some custom implementations encountered during consultancy engagements. We then go on to demonstrate attacks that can be used to bypass these protections on the iOS and Android platforms, with practical examples.

Location: Track 1 Date: October 16, 2014 Time: 11:30 am - 12:30 pm Dominic Chell