Reverse Engineering Mobile Apps

Presentation from BSides Las Vegas 2019 demonstrates the successful exploitation of transit system mobile apps.

Presentation by Priyank Nigam at BSides Las Vegas 2019

There are an alarming number of security flaws in most major cities’ mass transit apps. In this presentation you will see how easy it is to successfully exploit these apps. The results of successful exploitation can range from the relatively harmless “”stealing”” (or forging) of e-tickets to the critical exposure of customer PII information and account takeovers.

You’ll learn about the analysis of client-side obfuscation measures such as encrypted HTTP body and encrypted application storage (flat files/SQliteDb/Custom mobile SDK-based encryption) in mobile applications, which can be instrumental in uncovering security vulnerabilities.

Presentation highlights:

  • Intro to Mobile Security
  • Mobile App Static Analysis
  • Server-Side Vulns
  • Vendor Disclosures
  • Mitigations

Priyank nigam

About the author, Priyank Nigam

Senior Security Consultant

Priyank Nigam (OSCP, OSWP, GCFE) is a Senior Security Consultant at Bishop Fox. He focuses on source code reviews, web and mobile application penetration testing, and network security. As a researcher, he is interested in all things offensive security, reverse engineering, mobile security, Internet of Things.
More by Priyank

Extend Your Knowledge

Check out these related resources.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.