Recent enhancements to the Frida open-source dynamic instrumentation toolkit greatly ease the process of conducting jailed testing. You no longer have to manually package the Frida Gadget in your target app. As long as the app is debuggable, Frida does that for you. This post will walk you through the process of using Frida on a jailed device.
In the course of performing Android application security testing, I suspected that a library called libpac might be vulnerable to exploit. This vulnerability has been assigned CVE-2019-2205. Google deployed a fix and we recommend all users apply it to secure their devices against exploitation.
To improve the guest experience and keep pace with competition, hotels worldwide are deploying digital key technology that allows guests to skip the front desk and use their mobile apps to remotely check in and go directly into their rooms without needing key cards. However, hotel mobile apps have vulnerabilities that can be exploited, as researchers demonstrated at the Black Hat USA 2019 conference.
In early September, radare2 users and developers from around the globe gathered in Barcelona for r2con, an annual conference celebrating the r2 multi-platform, open-source, reverse engineering framework supported by NowSecure. Around 200 attendees enjoyed four days of hacking, teaching, discussing, coding, socializing and having fun.
The NowSecure team is gearing up for an incredible week at Black Hat USA 2019 in Las Vegas. We’re excited to join the 22nd annual top security event to connect on all things mobile app security research, development, tools and trends.
To help you build your agenda and make the most of your time at the conference, we’ve selected several key Black Hat briefings that focus on mobile device security, enterprise mobile appsec, DevSecOps and reverse engineering. We look forward to connecting many of you with our mobile application security experts at the conference through prebooked meetings and visits to Booth #674.
Let’s examine how Android apps programmed using Kotlin could render Security By Obscurity ineffective. Kotlin is a statically-typed, general purpose language which was designed to interoperate fully with Java and the Java Virtual Machine. Android initially supported Kotlin in 2017 and it recently emerged as the preferred language Google recommends for Android app development. Kotlin Android apps offer a great example of why static analysis of binaries is better than static analysis of source code.