Software Integrity Blog

Author Archive

Grant Douglas

gdouglas

Grant Douglas is an associate principal security consultant at Synopsys. His primary area of expertise is in mobile security and tooling. He has worked on internal SAST and DAST tools and also produced external mobile tools which are used within the industry, including memscan, which was featured in ‘The Mobile Application Hacker's Handbook’ and ‘Learning iOS Forensics.’ Grant enjoys writing code, reading, and travel during his free time.


Posts by Grant Douglas:

 

How does the TeenSafe data leak present a classic false sense of security?

Security researcher Robert Wiggins recently uncovered a serious security issue in the TeenSafe “secure” monitoring product for Android and iOS platforms. The app allows users (typically parents) to monitor devices (typically their children’s) to view location, text messages, calls, browsing history, and more. TeenSafe claims the technology can and will help protect your child. There […]

Continue Reading...

Posted in Cloud Security, Data Breach, Software Architecture and Design | Comments Off on How does the TeenSafe data leak present a classic false sense of security?

 

Brace yourselves: Application transport security is coming

HTTP is a plaintext protocol. As such, it creates inherent security and privacy concerns when used by applications. Apple, for instance has (finally) decided to start treating the secure alternative, HTTPS, as the de facto Web protocol for iOS mobile apps. At WWDC16, Apple pointed out that enabling HTTPS doesn’t necessarily mean that you’re secure. […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on Brace yourselves: Application transport security is coming

 

Integrating Touch ID into your iOS applications

What is Touch ID? Touch ID is Apple’s fingerprint technology for iOS mobile devices. It allows consumers to unlock their phones and make purchases conveniently using their fingerprint(s). As of iOS version 8.0, Apple opened up Touch ID to developers by making APIs available for use in the SDK. Biometric opinions This post assumes you […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on Integrating Touch ID into your iOS applications

 

What is MEMSCAN and how to use it

What is MEMSCAN? A Synopsys consultant, Grant Douglas, recently created a utility called MEMSCAN which enables users to dump the memory contents of a given iPhone app. Dumping the memory contents of a process proves to be a useful technique in identifying keys and credentials in memory. Using the utility, users are able to recover […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design | Comments Off on What is MEMSCAN and how to use it