Overview
Explore a groundbreaking attack methodology called APPLANTING in this Black Hat EU 2013 conference talk. Delve into the world of mobile security vulnerabilities as Ajit Hatti demonstrates how attackers can install malicious apps on Android devices without user knowledge. Learn about the combination of CSRF and clickjacking techniques used to become a "man in the mobile" and carry out further damage. Examine the complexities of mobile platform security, the trade-offs between convenience and safety, and the challenges faced by app stores in preventing such attacks. Gain insights into authentication issues, the concept of phones as personal identities, and potential vectors for exploitation. Understand the implications of this attack on user privacy, data security, and the broader cybersecurity landscape.
Syllabus
Introduction
Disclaimers
Brief Introduction
Null Khan
Two questions
Why I wrote this paper
Authentication
Phone is your Identity
Playground
App ID
What can we do
Install by Script
Install by Rogue
Facebook
App Store
Play Store
Is it useful
Other vectors
The problem
The challenge
App foking
Googles headache
Password compromise
Captain Cool
Google Play
Taught by
Black Hat