How we tear into that little green man

Presented at AppSec USA 2012, Oct. 25, 2012, 2 p.m. (45 minutes)

Mobile applications are a part of every persons, and every organizations life. The potential for internal compromise is extremely high in relation to mobile applications due the common architecture that relies on a backend server. It is difficult to understand how easy it is to reverse engineer and modify mobile application unless you do it on a daily basis. In turn, it is difficult to realize what vulnerabilities exist within mobile applications, the backend servers accompanying those application, and what compromises can take place. This talk focuses on helping security experts and mobile developers understand how attackers reverse engineer mobile applications, what an attacker has access to, and how easy it is to circumvent local security implementations. Attendees will be shown real world applications, how the applications security was circumvented, and what consequences occurred. This talk will give insight to security professionals and developers how a malicious user will reverse engineer their applications and how to prevent those attacks. Throughout the talk Otertool - a tool to simplify reverse engineering of Android applications - will be demonstrated and made available to attendees.

Presenters:

  • Mathew Rowley - Senior Security Consultant - Matasano security
    Mathew Rowley is a security consultant for Matasano Security with over 6 years experience as a computer security professional. His experience includes reverse engineering, mobile security, web application security assessment, hardware reversing, network security, fuzzing, and application development. Capabilities and Skills - Mobile Application Analysis and Reverse Engineering - Application Development - Protocol and Application Fuzzing - Web Application Penetration Testing - Hardware Reverse Engineering Career Highlights - Presented at Blackhat, Shakacon, Shmoocon, Toorcon, Thotcon, and DC303. - Published some of the first IPv6 host discovery techniques. - Developed a tool for simplifying reverse engineering of Android applications. - Discovered iOS IPv6 vulnerabilities.

Links: