Are you interested in call graph generation for static analysis and machine-driven soundness proof?
If you are interested in becoming a research assistant in our group have a look at the proposal.
Monthly Archives: April 2015
Android Security Acknowledgements 2015
Stephan Huber (Fraunhofer SIT) and Siegfried Rasthofer got acknowledged from the Android Security Team for our Tapjacking Attack:
https://source.android.com/devices/tech/security/overview/acknowledgements.html
Thank you!
CodeInspect @DroidCon
CodeInspect will be presented at the 7th edition of DroidCon in Berlin. Droidcon is a global developer conference series and a network focusing on the best of Android. Our talk “DISMANTLING DROIDS FOR BREAKFAST – THE CURRENT STATE OF APP REVERSE ENGINEERING” is aimed at Software Engineers as well as Security Experts.
Looking forward for an interesting conference with lot’s of “droid-talks”.
Wanted: Research assistant in CROSSING project
We are currently looking for a research assistant who supports us in designing an eclipse plugin to represent Clafer models. These models aim to guide the user on how to use cryptographic components appropriate.
Have a look to the attached proposal and contact us!
OCAP Phase 2 report out
The OCAP has published its Phase 2 report on its security analysis of the TrueCrypt code base. It appears like they discovered no major issues. In the meantime we are making good progress on the creation of our own in-depth security analysis of TrueCrypt for the BSI. We hope to be able to make this one public, too, at some point.
First International Workshop on Agile Secure Software Development
Only two weeks left to submit to our workshop on Agile Secure Software Development. Better get started on your paper now!
An Investigation of the Android/BadAccents Malware
Earlier this year, we reported on the Korean threat we identified in collaboration with McAfee Mobile Research. We have now released a technical report describing in detail the Android/BadAccents malware. Furthermore, we also describe a new tapjacking attack (also reported earlier this year) the malware exploited.
The technical report also describes the fix we submitted to the Android Security Team in January this year. Until now (approximately 4 month later), the official AOSP still doesn’t include the fix, meaning likely all Android versions are still vulnerable. Unfortunately, there is no real protection-mechanism for the user against this attack. A general recommendation from our side is the installation of apps from the official app stores and the usage of anti-virus applications (many AV vendors already detect this malware family).