what attackers know about your mobile apps that you don’t: banking & fintech
TRANSCRIPT
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information.3
4
▪▪
–––
▪▪
▪▪▪
▪▪▪
25% Haveat least 1 high risk flaw
35% Haveun-encrypted data transmission
63% iOS AppsOpting out of ATS exposing network risks
more likely to leak account credentials
BizApps 3X
Source: NowSecure Software and Research Data 2016-2017
1% Android Appsproperly use Google SafetyNet Attestation API
50% Android Appsdynamically load code missed by static analysis
7
8
▪▪▪▪▪▪
▪▪▪▪▪▪▪▪▪▪▪▪▪
▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪
9
▪▪▪▪▪▪Cross origin resource sharing▪▪▪▪
▪▪▪▪
▪▪▪▪▪▪▪
▪▪▪▪▪▪▪▪▪
▪▪▪▪▪▪▪▪
iOSAPPS
Dynamic code and assetsMITM attacks
Take the the attacker POV to test across app, compiler, data at rest, data in transit, OS, HW & SW during and after running the mobile app
iOS FRAMEWORKS
iOS NATIVE LIBRARIES
iOS Mach/XNU KERNEL
iOS HAL
HARDWARE
10
Buffer overflows
Race conditions
Forensic artifacts
Malware
Contact hijacking
TARGETAPP
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information.
12
.java files compiler .class files
dx tool
.dex filesAPK builder.apk files
Jar signer .so files resources
13
14
15
Host Target
bootstrapper
Write bootstrapper code into memory of Target process
16
Host Target
bootstrapper
bootstrapper-thread
Hijack existing thread in Target to execute bootstrapper
17
Host Target
bootstrapper
bootstrapper-thread
frida-agent.so
Bootstrapper loads frida-agent into Target’s memory space
18
Host Target
bootstrapper
bootstrapper-thread
frida-agent.soComm. Chan
Agent opens bi-directional channel between Debugger and Debuggee
19
Host Target
bootstrapper
bootstrapper-thread
frida-agent.soComm. Chan
JavaScript
Agent sets up its own thread, accepting instrumentation scripts from Debugger
Instrumentation scripts
20
Host Target
bootstrapper
bootstrapper-thread
frida-agent.soComm. Chan
JavaScript
Instrumentation scripts
Instrumentation “probes” target specific APIs and code logic of interest
21
Host Target
bootstrapper
bootstrapper-thread
frida-agent.soComm. Chan
JavaScript
Instrumentation scripts
probe results
Probe results streamed to debugger and parsed/redirected
22
iOSAPPS
iOS FRAMEWORKS
iOS NATIVE LIBRARIES
iOS Mach/XNU KERNEL
iOS HAL
HARDWARE
23
TARGETAPP
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information.25
●
●
●
26
27
Twitter ▪▪
E-mail ▪▪
Web ▪