Mobile application security researchers and pen testers alike rely on the Radare2 and Frida open-source tools for static analysis and code injection and are familiar with the R2frida plug-in that marries the two. A new OSS tool, ESILSolve, can simplify the process of reverse engineering complex mobile apps. Learn about the many benefits of ESILSolve and how to harness symbolic execution in this tutorial.
iMessage is a widely used secure messaging app and protocol across the Apple ecosystem. Curious about what it would be like to run iMessage on other platforms, we reverse engineered to show how iMessage uses Apple Push Notification (APN) protocol to send and receive messages in conjunction with the system daemon apsd and demonstrate how Apple takes advantage of the fact that it produces the hardware to protect its software.
What should you expect for mobile appsec in 2021? NowSecure mobile application security experts make our top 8 predictions for the new year. Learn more and see how we can help reduce risk for your business.
NowSecure analyzed a mix of 75 Android and iOS holiday mobile apps for security and privacy risks. Overall, the results of our benchmark testing were disappointingly poor. Among the holiday apps we tested, 94% have security issues and 82% leak private data which indicates users should proceed with caution.
As a proud sponsor of the OWASP Mobile Security Project and the Global AppSec conference, NowSecure researchers helped develop and maintain the Radare2 Pay v1.0 Android crack-me app featured in the OWASP Mobile Security Testing Guide (MSTG). Intended to be similar to popular mobile payment applications, the Radare2 Pay app is difficult to crack. It features layers and layers of obfuscation and protection and anti-rooting technology in order to delay attacks.
Before joining the NowSecure research team this year, Grant Douglas worked as a mobile security consultant and has hundreds of mobile app pen tests under his belt. In this Q&A discussion, he shares insight about the differences between an attack and builder mindset, his favorite mobile appsec tools and technologies and his passion for CTF competitions.