iMessage is a widely used secure messaging app and protocol across the Apple ecosystem. Curious about what it would be like to run iMessage on other platforms, we reverse engineered to show how iMessage uses Apple Push Notification (APN) protocol to send and receive messages in conjunction with the system daemon apsd and demonstrate how Apple takes advantage of the fact that it produces the hardware to protect its software.
Before joining the NowSecure research team this year, Grant Douglas worked as a mobile security consultant and has hundreds of mobile app pen tests under his belt. In this Q&A discussion, he shares insight about the differences between an attack and builder mindset, his favorite mobile appsec tools and technologies and his passion for CTF competitions.
NowSecure announces the release of NowSecure Workstation 6.0. The turnkey hardware and software kit that empowers analysts to quickly conduct deep mobile application security assessments of Android and iOS apps and generate customized reports with actionable results users can trust. Traditional mobile app penetration testing can consume at least two weeks of manual effort and requires ample expertise and an abundance of open-source tools. NowSecure Workstation reduces testing time from weeks to mere hours, driving dramatic 10x productivity gains and scalability.
On a mission to save the world from unsafe mobile apps, NowSecure is excited to announce a new partnership with Cybrary to enable more people – anyone, anywhere – to upskill and deliver more secure mobile apps. The launch of Cybrary’s first mobile app security learning course marks a significant step towards closing the knowledge gap and building security into mobile apps by design. The best part? It’s free! Read on to get a synopsis of the course.
Recent enhancements to the Frida open-source dynamic instrumentation toolkit greatly ease the process of conducting jailed testing. You no longer have to manually package the Frida Gadget in your target app. As long as the app is debuggable, Frida does that for you. This post will walk you through the process of using Frida on a jailed device.
Many people have heard about mobile man-in-the-middle (MiTM) attacks but aren’t sure just exactly what they are or how they happen. Learn more including the development and security issues that can leave apps vulnerable to MiTM attacks, tips for testing and the layers of network defense that can help you avoid these issues.