What is MEMSCAN? A Synopsys consultant, Grant Douglas, recently created a utility called MEMSCAN which enables users to dump the memory contents of a given iPhone app. Dumping the memory contents of a process proves to be a useful technique in identifying keys and credentials in memory. Using the utility, users are able to recover keys or secrets that are statically protected within the application but are less protected at runtime. Users can also use the utility to verify that keys and credentials are appropriately disposed of after use.
Last week, I installed a new app from the Google Play store onto an Android device. While the app was downloading and installing, I took a look at a few of the user reviews and found their contents interesting. Four of the top 10 comments were both negative and related to security. The comments have been paraphrased for anonymity purposes:
Posted in Mobile App Security | Comments Off on Striking the balance: App security features and usability
Red teaming is when an independent group tests your system in the same way an attacker would to identify weaknesses that could compromise sensitive data.
Posted in Mobile App Security | Comments Off on Red teaming for a holistic view of security
Proprietary security protocols can lead to a number of security issues. We recommend using standard security protocols as much as possible.
CVE-2014-0073 is a vulnerability in InAppBrowser, one of Apache Cordova’s core plugins, that allows an attacker to perform remote privilege escalation.
Posted in Mobile App Security | Comments Off on Cordova InAppBrowser remote privilege escalation
A colleague asked me about an Android vulnerability called fragment injection because of an article he read  and I think its worth diving into the details of the vulnerability. Fragment injection is a classic example of using reflection in an unsafe way (CWE-470) . As in untrusted data from an Intent is used to determine which class is instantiated within the target Android application.
The GnuTLS certificate verification bug allows attackers to intercept SSL traffic. Learn how the vulnerability works and how to mitigate it.
Learn more about the Apple “goto fail;” vulnerability, including vulnerability details, who it affects, and what you can do about it.
Posted in Mobile App Security | Comments Off on Understanding the Apple ‘goto fail;’ vulnerability
Is Touch ID all it’s cracked up to be? We explore the vulnerabilities of Touch ID, biometrics, and password security, including general considerations.
Is mobile security the “same problem” as web application security? Is it just “different day”? I’ve watched organizations and mobile thought leaders argue perspectives on this question back and forth for years. The answer is, of course, both. Mobile security inherits previous problems and solutions while bringing its own unique ones. Let’s get specific about what’s different and why. I’ll break things down as usual: threats, attack surfaces, vectors, impacts, and then controls. Summarizing: