Reverse Engineering Mobile Apps
Presentation from BSides Las Vegas 2019 demonstrates the successful exploitation of transit system mobile apps.
Presentation by Priyank Nigam at BSides Las Vegas 2019
There are an alarming number of security flaws in most major cities’ mass transit apps. In this presentation you will see how easy it is to successfully exploit these apps. The results of successful exploitation can range from the relatively harmless “”stealing”” (or forging) of e-tickets to the critical exposure of customer PII information and account takeovers.
You’ll learn about the analysis of client-side obfuscation measures such as encrypted HTTP body and encrypted application storage (flat files/SQliteDb/Custom mobile SDK-based encryption) in mobile applications, which can be instrumental in uncovering security vulnerabilities.
- Intro to Mobile Security
- Mobile App Static Analysis
- Server-Side Vulns
- Vendor Disclosures