by Danny Rosseau | Aug 30, 2019 | Android, Labs, Mobile, Techniques
One of the more common findings we report for Android security reviews is an issue involving hard coded secrets. This blog post will specifically focus on hard coded secrets used for encrypting application data. I’ll try to use a bit of light threat modeling and...
by Danny Rosseau | Aug 22, 2019 | Android, Exploits, IOT, Labs, Mobile, Techniques
When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...
by Jesson Soto Ventura | Aug 19, 2019 | Android, Disclosures, Exploits, Labs, Mobile
A few months ago, I was testing the email functionality on a company’s contact us page, when I sent an email to myself containing: <script> alert(“Hi, It’s almost lunch time”) </script> It actually was close to lunch time, so I wrapped up...
by Brad Dixon | Oct 24, 2017 | Android, Mobile, Techniques, Tools
Performing security assessments of complex systems sometimes requires some technical gymnastics to “man-in-the-middle” (MITM) communications between components. MITM techniques are essential for observing and manipulating communications in ways that a...
by Roman Faynberg | Oct 19, 2016 | Android, Labs, Mobile, Techniques
Recently, we needed to man-in-the-middle TLS traffic coming from an Android Wear application. On a regular Android app, this would be an easy thing to do, but we started to run into trouble pretty quickly on the only Android watch that we had at our disposal, the 1st...