Presented at ToorCon San Diego 13 (2011)
Oct. 8, 2011, 5 p.m.
Mobile applications are a part of every persons, and every organizations life. The potential for internal compromise is extremely high in relation to mobile applications due the common architecture that relies on a backend server. It is difficult to understand how easy it is to reverse engineer and modify mobile application unless you do it on a daily basis. In turn, it is difficult to realize what vulnerabilities exist within mobile applications, the backend servers accompanying those application, and what compromises can take place. This talk focuses on helping security experts and mobile developers understand how attackers reverse engineer mobile applications, what an attacker has access to, and how easy it is to circumvent local security implementations. Attendees will be shown real world applications, how the applications security was circumvented, and what consequences occurred. This talk will give insight to security professionals and developers how a malicious user will reverse engineer their applications and how to prevent those attacks. Finally, a new tool to simplify reverse engineering of Android applications will be made available to those who attend the talk.
Prior to joining Intrepidus Group, Mathew worked as a network security engineer and security architect within the national division of Comcast. He has extensive programming and development experience including writing applications for the iOS and Android platforms. Mathew has also performed independent research related to IPv6 host discovery, protocol fuzzing, and iOS exploitation. He has also contributed multiple auxiliary modules to the open source metasploit framework. Mathew has been a professional in the security industry for 6 years, and has attained the GSSP-Java, GWAPT, and GREM certifications.