Speaker at CSS Serminar, Seoul National University of Science and Technology, Oct 28 2012
- 1. Smart Phone Overview 2012 30% 2014 40%
2. Smart Phone Overview 3. Mobile Service Trend 4. Financial
Services - Smart Banking - Mobile Card - Smart Wallet - MTS(Mobile
Trading Service) - Mobile Payment 5. Financial Services 6. 19 907
5,910 1,058 1,721 3,736 7,697 2008 2009 2010 2011 ( ) : : Financial
Services 7. Threats & Vulnerabilities 8. Android
-Spyware/SMSReplicator Android-Trojan/SmsSend Android-Spyware/Snake
GPS . GPS Spy TapSnake Android-Spyware/Ewalls WinCE/TredDial
WinCE/Duts Windows Mobile , Ike worm , ( ) Virus & Malware 9.
Phishing 10. YTN, , ! (2011.6) (Android WebKit browser) IOS PDF
Jail Break OS , 0-day , Linux Jailbreak Me 3.0 (2011.7) 0-day
exploits 11. Google Wallet Vulnerability 12. APP , , APP () ,
E-mail , SMS, Integrity of App 13. Integrity of App - ( , , ) - -
(Native Library) - - 14. Android Security Testing 15. Mobile Web
Service , () ( ) , 16. Native App Mobile Web Hybrid App (Device ,
UI ) OS OS Native App , VS HTML ( , ) Device, OS (n ) , , , Mobile
Web Service 17. Hybrid App Architecture Native (iOS/ Android)
Hybrid App Framework WebView Device API HTML + JavaScript + etc Web
Native Native 18. Hybrid App 19. Android Security Testing - Android
Architecture 20. Android Security Testing - Multitasking -
Sandbox(Rooting) - Permission - Codesign - Market, P2P - Code Audit
21. Android Security Testing - APK Decompile - Dynamic Debug - APK
Repackage - Dynamic Analysis(File, Traffic) - Server side
vulnerability 22. APK Decompile Tools : Apktools, dex2jar, JD-GUI,
DDMS Extracting *.apk from Android 23. # *.apk *.zip, zip file
extract # dex2jar c:classes.dex # jd-gui, open classes_dex2jar 24.
ex) c:>apktool.bat d d [FileName.apk] [Folder] 25.
AndroidManifest.xml 26. Resources 27. Dynamic Debug & APK
Repackage # c:>apktool.bat d d [FileName.apk] [Folder] #
AndroidManifest.xml - android:debuggable = "true" #
c:>apktool.bat b d [Folder] Tools : Apktools, Sign-apk, Netbeans
28. # c:Sign.bat # install 29. # DDMS - Process 30. Netbeans [New
Project] [java] [Java Project with Existing Source] 31. Add Source
path 32. Jar file load(Android ver check) ex) Android 2.3.3 API 10
33. DDMS , Process click - Netbeans [Debug] [Attach Debugger]
Debugger : JAVA Debugger, Host : 127.0.0.1, Port : 8700 34. Debug
Mode 35. Dynamic Analysis(File) Tools : DDMS, SQLite Expert 36.
Dynamic Analysis(Traffic) - Capture the air packet(Omnipeek,
Airodump) - Arp Spoofing - Wireless Lancard Soft AP - WEB(Proxy)
37. Tools : Wireshark 38. Proxy : Paros 39. Threats &
Vulnerabilities 40. NFC(Near Field Communication) Set of
communication protocols based on RFID standards including ISO 14443
Operating range less than 4 cm 41. NFC Architecture 42. App
Vulnerability u App Vulnerability Cloud Game Market u Finding
Vulnerability 0-day exploit u Books & Papers iOS Hackers
Handbook Hacking Exposed Web Applications Penetration Testing
Android Application Kunjan Shah Penetration Testing iPhone / iPad
Application Kunjan Shah 43. End
