Mobile Devices

Various techniques can be used to compromise a mobile device:

Reverse Engineering: analysing the compiled app to extract information and its source code can be used to understand the underlying architecture of the mobile application to potentially manipulate the OS.
Sandbox Analysis: iOS & Android apps are isolated via sandbox environments. Attackers can analyse the sandbox environments to try to bypass the access control mechanisms in place.
Spamming: text message spamming is one of the most prevalent ways attackers can try to breach a device, sending mass texts to encourage users to click a malicious link.

Some of the most prevalent vulnerabilities affecting mobile devices are:

Insecure Storage: Android and iOS provide secure storage APIs for developers to use. If developers do not use these APIs successfully, attackers could leverage this. For example, an attacker could use static analysis and reverse engineering to see how applications create keys and store them.
Passcode Vulnerabilities and Biometrics Integrations: Vulnerabilities in integration of authentication services can lead to full device compromise. Attacks like objection biometric bypass can be used to bypasss local authentication. OWASP provide a testing guide here.
Certificate Pinning: Attackers use this to associate a mobile app with a particular digital certificate.

Last updated 27 days ago

Various techniques can be used to compromise a mobile device:

Reverse Engineering: analysing the compiled app to extract information and its source code can be used to understand the underlying architecture of the mobile application to potentially manipulate the OS.
Sandbox Analysis: iOS & Android apps are isolated via sandbox environments. Attackers can analyse the sandbox environments to try to bypass the access control mechanisms in place.
Spamming: text message spamming is one of the most prevalent ways attackers can try to breach a device, sending mass texts to encourage users to click a malicious link.

Some of the most prevalent vulnerabilities affecting mobile devices are:

Insecure Storage: Android and iOS provide secure storage APIs for developers to use. If developers do not use these APIs successfully, attackers could leverage this. For example, an attacker could use static analysis and reverse engineering to see how applications create keys and store them.
Passcode Vulnerabilities and Biometrics Integrations: Vulnerabilities in integration of authentication services can lead to full device compromise. Attacks like objection biometric bypass can be used to bypasss local authentication. OWASP provide a testing guide here.
Certificate Pinning: Attackers use this to associate a mobile app with a particular digital certificate.

Last updated 27 days ago