Software Integrity Blog

Author Archive

John Kozyrakis

jkozyrakis

John Kozyrakis is an applied research lead at Synopsys. His primary area of expertise is mobile application security. John works with software architects and developers daily, helping them build security into their applications. He plays a key role in Synopsys' Mobile Software Security Team where he helps define the company's mobile assessment methodology and develops automated tools that uncover security vulnerabilities. John holds MSc degrees in Computer Engineering and Information Security.


Posts by John Kozyrakis:

 

An examination of ineffective certificate pinning implementations

While researching certificate pinning, I stumbled upon a ‘generic’ implementation flaw allowing remote attackers to bypass the protection that certificate pinning can offer to an application. Summary If your Java or Android application uses the checkServerTrusted() or getPeerCertificates() APIs to implement certificate pinning, there is a very good chance that your pinning implementation is completely ineffective.

Continue Reading...

Posted in Mobile App Security | Comments Off on An examination of ineffective certificate pinning implementations

 

Using the SafetyNet API

The SafetyNet attestation API is a Google Play Services API that any developer can use in order to gain a degree of assurance that the device their application is running on is “CTS compatible.” CTS stands for Compatibility Test Suite, which is a suite of tests a device must pass, prior to release, to be allowed to include Google Play Services. Traditionally, it was used by device manufacturers to ensure that their devices met Google’s requirements. The term is now overloaded with more meanings, like ‘the device is in a non-tampered state’ after release. Tampered state has multiple definitions and includes ‘being rooted,’ ‘being monitored’ and ‘being infected with malware’.

Continue Reading...

Posted in Mobile App Security | Comments Off on Using the SafetyNet API

 

Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability

The Samsung Galaxy phone hack was not caused by “one bug.” It was due to a chain of several failures, which makes it difficult to say who is at fault and how the Samsung hack could have been avoided. Don’t jump to conclusions! How did the Samsung Galaxy get hacked? Issue 1: Samsung uses a white-label version of the popular SwiftKey 3rd-party keyboard app as the default keyboard in recent Android devices. In order to do that, it repackages it and installs it into the system partition. This gives the keyboard app “system” privileges.

Continue Reading...

Posted in Mobile App Security, Software Architecture & Design | Comments Off on Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability