iMessage is a widely used secure messaging app and protocol across the Apple ecosystem. Curious about what it would be like to run iMessage on other platforms, we reverse engineered to show how iMessage uses Apple Push Notification (APN) protocol to send and receive messages in conjunction with the system daemon apsd and demonstrate how Apple takes advantage of the fact that it produces the hardware to protect its software.
As a proud sponsor of the OWASP Mobile Security Project and the Global AppSec conference, NowSecure researchers helped develop and maintain the Radare2 Pay v1.0 Android crack-me app featured in the OWASP Mobile Security Testing Guide (MSTG). Intended to be similar to popular mobile payment applications, the Radare2 Pay app is difficult to crack. It features layers and layers of obfuscation and protection and anti-rooting technology in order to delay attacks.
Before joining the NowSecure research team this year, Grant Douglas worked as a mobile security consultant and has hundreds of mobile app pen tests under his belt. In this Q&A discussion, he shares insight about the differences between an attack and builder mindset, his favorite mobile appsec tools and technologies and his passion for CTF competitions.
NowSecure Mobile Security Researcher Dawn Isabel has been an avid contributor to bug bounties over the years and has earned many accolades. Before joining the expert research team at NowSecure, Isabel amassed well-rounded experience at IOActive, Hewlett Packard Enterprise, the University of Michigan and Ford Motor Company. We recently spoke with
Isabel about testing the security of iOS and Apple Watch apps, the bug bounty community, and the tools she uses most.
Recent enhancements to the Frida open-source dynamic instrumentation toolkit greatly ease the process of conducting jailed testing. You no longer have to manually package the Frida Gadget in your target app. As long as the app is debuggable, Frida does that for you. This post will walk you through the process of using Frida on a jailed device.
Many people have heard about mobile man-in-the-middle (MiTM) attacks but aren’t sure just exactly what they are or how they happen. Learn more including the development and security issues that can leave apps vulnerable to MiTM attacks, tips for testing and the layers of network defense that can help you avoid these issues.