Abstract

Your mobile is your identity; you are not only connected to friends and family, but you are also connected to your banks, social networks, and various service providers.

The cyber world is plagued with thousands of security issues today. Ever increasing vectors of Spams, XSS, and injection attacks are making the security issues complex. This leads mobile platforms to add more complexity to this.

With the world quickly adopting speedy and convenient way of computing offered by mobiles, security is always traded for convenience.

There are many talks about making and sneaking malicious apps into an app store, and then targeting the victims for fun and profit; but before attacker comes to the fun and profit part, the most difficult hurdle is to install a rouge app on the victims Mobile.

In this talk I will be introducing a new attack methodology – APPLANTING, which the attacker can install an app on the victim’s Android device, without the victims knowledge.

APPLANTING attack combines CSRF & click jacking to transparently install an app on victims’ Android device & successfully become man in the mobile to carry out further damage.