Vaccinating Android

Presented at BSidesLV 2014, Aug. 6, 2014, 2 p.m. (60 minutes)

Number of mobile applications is rising and Android still holds large market share. As these numbers of applications grow, we need better tools to understand how applications work and to analyze them. There is always a question if we can trust mobile applications to do only that they are allowed to do and if they are really secure when transmitting our personal information to different servers. In the presentation some runtime techniques will be discussed and a tool will be released that offers two approaches to analyze Android applications. Basic principle of first approach is injecting small piece of code into APK and then connect to it and use Java Reflection to runtime modify value, call methods, instantiate classes and create own scripts to automate work. The second approach offers much the same functionality, but can be used without modifying an application. It uses Dynamic Dalvik Instrumentation to inject code at runtime so that modifying of APK's isn't necessary. Tool is Java based and simple to use, but offers quite few new possibilities for security engineers and pentesters.

Presenters:

• Danijel Grah
• Milan Gabor - CEO - Viris
  Milan Gabor is a Founder and CEO of Viris, Slovenian company specialized in information security. He is security professional, pen-tester and researcher. Milan is a distinguished and popular speaker on information security. He has previously been invited to speak at various events at different IT conferences in Slovenia and loves to talk to IT students at different Universities. He also leads teaches ethical hacking. He is always on a hunt for new and uncovered things and he really loves and enjoys his job. Danijel Grah has a Bachelor degree in Computer Science at the University of Ljubljana, Slovenia. He is a Security Consultant at Viris for some time and is involved in penetration testing, security reviews, programming, consulting and research. He has deep understanding into threats, vulnerabilities and trends. He likes to practice Information Security in everyday life. Danijel is devoted to his work, open minded, enjoys new challenges and he never stops studying.

Links:

• https://bsideslv2014.sched.com/event/1u3YD4N/vaccinating-android
• https://infocon.org/cons/Security BSides/BSides Las Vegas/BSides Las Vegas 2014/vaccinating android milan gabor danijel grah.mp4

Similar Presentations:

• DeepSec 2014 „Do you want to know more?“ / Creating a kewl and simple Cheating Platform on Android
• BruCON 0x0A (2018) / Hunting Android Malware: A novel runtime technique for identifying malicious applications
• TROOPERS18 (2018) / Hunting Android Malware: A novel runtime technique for identifying malicious applications