During BlackHat EU 2017, myself and Collin Mulliner presented on Android SafetyNet Attestation. The presentation covered what SafetyNet is, why would Android developers use attestation, some of the checks it does and certain weaknesses it currently has. I have blogged on this topic several times. So, here are the slides. Let me know if you have any questions, would be happy to answer. »
Two weeks ago I presented (once more) on the topic of pinning, this time focusing on bugs seen in real-world Android applications implementing pinning. The presentation also covered CVE-2016-2402 in some detail, Android’s Network Security Configuration and a few other relevant topics. The conference was Android Security Symposium - a great security event, hosted in an awesome venue within Vienna University of Technology. So, here are the slides and here is the video. »
As you might have guessed from previous posts on the topic, I’ve been researching certificate pinning implementations in mobile apps for the last couple of years. Two months ago I presented a talk on certificate pinning at OWASP AppSecEU16 conference in Rome, Italy. The conference was pretty fun, met so many interesting people. So, here are the slides and the video. The official abstract: Pinning Certificates (“Cert Pinning”) trends perennially, coming to the fore with each new SSL hack. »