Presentation Material
Abstract
Video’s for the talk are given below
In the present world scenario, there is one more thing than our computers which need to be secure. They could sometime contain more sensitive information, which you don’t want anyone else to see. Mobile Phone security is a fast growing field in terms of security. With the entry of Android into the cellphone market, the security has been overcritical and malwares are being developed at an exponential rate.
In this talk, you will learn about the security of the Android OS, How to create a Malware for fun and profit and your brains would finally be filled with how to conduct a mobile application Penetration Testing. Be ready for the demos.!
Will be starting off with the Android basics, the OS and the Android Security model. After that, he will be diving into Android Applications and Dalvik Virtual Machine. Then he will be talking about the most important part of this presentation “Reverse Engineering” and “How to make our own malware” . The sent details to the server would include the IMEI, IMSI no of the device, Call and SMS Logs, and even some of the files from the SD Card. Ofcourse, there is a lot more possible . He is also be speaking about how to bypass the Anti Viruses for this platform, and where and how to spread. In the end, he would be concluding with a demo on How to conduct a successful mobile application Penetration Test.
AI Generated Summary
The talk focused on security vulnerabilities in Facebook’s notification system, specifically the “one link” feature that allows users to access their accounts directly from SMS notifications. The researcher found that this link can be used to bypass Facebook’s security measures, including username and password protection, checkpoint verification, and geolocation restrictions. The link, which is generated by Facebook, contains a secret key and the user’s Facebook ID, allowing an attacker to access the account without needing to know the password.
The researcher identified four types of links that can be used to access Facebook accounts, including a shortened URL feature that uses a 14-digit random character string. By brute-forcing this string, an attacker can gain access to millions of accounts. The researcher demonstrated the vulnerability using a test account and showed how an attacker can access an account’s messages, privacy settings, and account settings without being tracked by Facebook.
The practical implications of this vulnerability are significant, as it allows an attacker to access a user’s account without their knowledge or consent. The researcher noted that Facebook changes the secret key every two weeks, but this does not prevent an attacker from using the link to access an account during that time period. Overall, the talk highlighted the need for Facebook to improve the security of its notification system to prevent such vulnerabilities.