iMessage is a widely used secure messaging app and protocol across the Apple ecosystem. Curious about what it would be like to run iMessage on other platforms, we reverse engineered to show how iMessage uses Apple Push Notification (APN) protocol to send and receive messages in conjunction with the system daemon apsd and demonstrate how Apple takes advantage of the fact that it produces the hardware to protect its software.
As a proud sponsor of the OWASP Mobile Security Project and the Global AppSec conference, NowSecure researchers helped develop and maintain the Radare2 Pay v1.0 Android crack-me app featured in the OWASP Mobile Security Testing Guide (MSTG). Intended to be similar to popular mobile payment applications, the Radare2 Pay app is difficult to crack. It features layers and layers of obfuscation and protection and anti-rooting technology in order to delay attacks.
NowSecure Mobile Security Researcher Dawn Isabel has been an avid contributor to bug bounties over the years and has earned many accolades. Before joining the expert research team at NowSecure, Isabel amassed well-rounded experience at IOActive, Hewlett Packard Enterprise, the University of Michigan and Ford Motor Company. We recently spoke with
Isabel about testing the security of iOS and Apple Watch apps, the bug bounty community, and the tools she uses most.
In the course of performing Android application security testing, I suspected that a library called libpac might be vulnerable to exploit. This vulnerability has been assigned CVE-2019-2205. Google deployed a fix and we recommend all users apply it to secure their devices against exploitation.
To improve the guest experience and keep pace with competition, hotels worldwide are deploying digital key technology that allows guests to skip the front desk and use their mobile apps to remotely check in and go directly into their rooms without needing key cards. However, hotel mobile apps have vulnerabilities that can be exploited, as researchers demonstrated at the Black Hat USA 2019 conference.
In early September, radare2 users and developers from around the globe gathered in Barcelona for r2con, an annual conference celebrating the r2 multi-platform, open-source, reverse engineering framework supported by NowSecure. Around 200 attendees enjoyed four days of hacking, teaching, discussing, coding, socializing and having fun.