Hijacking Mobile Devices

Mobile device usage is pervasive. According to The Guardian, mobile browsing overtook desktop browsing in October 2016. Beyond the browser, mobile applications are used for everything from social networking to banking. Researchers share new mobile vulnerabilities including payment application weaknesses, and tools for diagnosing Android app security at Black Hat Asia 2018.

All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems reveals how mobile transactions can be hijacked without detection, allowing adversaries access to sensitive payment details and funds. Zhe Zhou, professor at Fudan University highlights security design flaws found in Allpay and Samsung Pay that enable attackers to manipulate payment tokens and make purchases without discovery. Adversaries take advantage of weak wireless signals and other server gaps to harvest tokens and conduct cryptic financial transactions.

Growth in mobile device usage, particularly for sensitive transactions has developed into increased mobile attack vectors. Androsia - A Step Ahead in Securing Sensitive In-Memory Android Application Data is an open-source tool designed to locate and remove sensitive objects, previously stored in the app memory. API developers hold responsibility for building destroy features into their designs, presenting a risk if the step is missed. Androsia eliminates dependence on safe design and restores default values.

Removing sensitive data from memory alleviates opportunities for compromise, Prison Break Season 6: Defeating the Mitigations Adopted by Android OEMs tackles an additional mobile security issue related to Android OEMs and the systems implemented to secure them. OEM applications make up a large share of the Android market, researchers Jun Yao and Tong Lin detail the enhanced security features and bypasses previously undiscovered. Despite kernel protections and added OEM defenses, exploitable vulnerabilities, particularly  on Samsung, HUAWEI, OPPO and vivo platforms exist.

Efforts to mitigate exploitations typically begin with kernel level hardening. KSMA: Breaking Android Kernel isolation and Rooting with ARM MMU Features explores new Android 8.0 release and routes to rooting devices. KSMA stands for Kernel Space Mirroring Attack; This technique when combined can grant kernel memory overwriting and root Android 8.0 devices. Other discovered manipulations will be exposed including a method for compromising Qualcomm Android devices.

Reinforcing Kernel security is important to preventing breach and data manipulation, early detection and up-to-date analysis systems help fortify strong security designs and strategies, plus compensate for gaps in technological developments. Mobile Security Framework (MobSF) automates security testing, performing dynamic and static analysis on multiple platforms. Both binaries and zipped source code plus Android, iOS and Windows mobile applications can be pentested for improper configurations, and other exploitable weaknesses with this open-source tool.


Black Hat Asia returns to Marina Bay Sands in Singapore, March 20-23, 2018 with multiple hands-on technical Trainings, immediately followed by two-days of the latest research, tools and solutions at Briefings, Arsenal, and the Business Hall. With a Briefings pass, attend all Briefings on March 22-23, and see live, Arsenal open-source tool demonstrations including those featured above. Network with researchers, the open-source community and prominent InfoSec companies in the Business Hall to expand your toolkit and network.

Sustaining Partners