Learn, hack!

URL

https://media.blackhat.com/bh-us-10/presentations/Mahaffey_Hering/Blackhat-USA-2010-Mahaffey-Hering-Lookout-App-Genome-slides.pdf

File name

Blackhat-USA-2010-Mahaffey-Hering-Lookout-App-Genome-slides.pdf

File size

7.5 MB

MD5

21282e3d930d13e3b07983c65545868d

SHA1

ed3480064fcc33800217b07dd24d5fb674aca2f0

The mobile app revolution is upon us. Applications on your smartphone know more about you than anyone or anything else in the world. Apps know where you are, who you talk to, and what you're doing on the web; they have access to your financial accounts, can trigger charges to your phone bill, and much more. Have you ever wondered what smartphone apps are actually doing under the hood? We built the largest-ever mobile application security dataset to find out. Mobile apps have grown tremendously both in numbers and capabilities over the past few years with hundreds of thousands of apps and billions of downloads. Such a wealth of data and functionality on each phone and a massive proliferation of apps that can access them are driving a new wave of security implications. Over the course of several months, we gathered both application binaries and meta-data about applications on the most popular smartphone platforms and built tools to analyze the data en masse. The results were surprising. Not only do users have very little insight into what happens in their apps, neither do the developers of the applications themselves. In this talk we're going to share the results of our research, demonstrate a new class of mobile application vulnerability, show how we can quickly find out if anyone in the wild is exploiting it, and discuss the future of mobile application security and mobile malware.