Prashant Verma - Mobile Device Exploitation Cookbook

Prashant Verma , Certified Information Systems Security Professional (CISSP) is a Sr. Practice ManagerSecurity Testing at Paladion Networks. Information security has been his interest and research area for the past 10 years. He has been involved with mobile security since 2008. One of his career achievements has been to establish mobile security as a service at Paladion Networks.

He loves to share his knowledge, research, and experience via training, workshops, and guest lectures. He has spoken at premier global security conferences such as OWASP Asia Pacific 2012 in Sydney and RSA Conference Asia Pacific and Japan 2014 in Singapore. He has shared his knowledge via webinars and trainings.

He is primary security consultant for leading financial institutions.

His banking security experience was translated into his co-authored book Security Testing Handbook for Banking Applications , IT Governance Publishing . He has written articles for Hacki9 and Palizine Magazine.

Beyond mobile platforms, he holds expertise in various other areas of InfoSec, such as Security Testing, Security Management and Consulting. He has occasionally, analyzed security incidents and cybercrimes. He has conducted assessments for organizations globally at multiple locations. He is a subject matter expert and his work has earned him a distinguished position with his customers.

He can be contacted at verma.prashantkumar@gmail.com. His Twitter handle is @prashantverma21. He occasionally writes on his personal blog at www.prashantverma21.blogspot.in.

I would like to thank my parents, my wife, my sister, and my colleagues and friends for supporting and encouraging me for this book.

Akshay Dixit is an information security specialist, consultant, speaker, researcher, and entrepreneur. He has been providing consulting services in information security to various government and business establishments, specializing in mobile and web security. Akshay is an active researcher in the field of mobile security. He has developed various commercial and in-house tools and utilities for the security assessment of mobile devices and applications. His current research involves artificial intelligence and mobile device exploitation. He has been invited to several international conferences to give training, talks and workshops. He has written articles for various blogs and magazines on topics such as mobile security, social engineering, and web exploitation.

Akshay co-founded and currently holds the position of Chief Technology Officer at Anzen Technologies, an information security consulting firm specializing in providing end-to-end security services.

Anzen Technologies (http://www.anzentech.com) is a one-stop solution for industry-leading services, solutions and products in the cyber security, IT governance, risk management, and compliance space. Anzen's vision is to instill end-to-end security in organizations, aligned to their business requirements, in order to ensure their lasting success.

I would like to thank my Baba, a scholar, an inspiration, and one of the best storytellers I've met. I thank my parents, my brother, my sister, all the people who think well of and for me, and my wife Parul, a dreamer and a friend.

About the Reviewer

Gregory John Casamento is a software engineer with more than 25 years of experience. He is the maintainer of the GNUstep project. He helped to develop Winamp for the Mac as well as many other highly visible projects.

Open Logic Corporation (is his company). He has worked for AMGEN, AOL, Raytheon, Hughes Aircraft, and many others.

www.PacktPub.com

eBooks, discount offers, and more

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

• Fully searchable across every book published by Packt
• Copy and paste, print, and bookmark content
• On demand and accessible via a web browser

Preface

Mobile attacks are always on the rise. We are adapting ourselves to new and improved Smartphones, gadgets, and their accessories, and with this network of smart things, comes bigger risks. Threat exposure increases and the possibility of data losses increase. Exploitations of mobile devices are significant sources of such attacks. Mobile devices come with different platforms, such as Android and iOS. Each platform has its own feature-set, programming language, and a different set of tools. This means that each platform has different exploitation tricks, different malware, and requires a unique approach in regards to forensics or penetration testing.Device exploitation is a broad subject which is widely discussed, equally explored by both Whitehats and Blackhats. This book takes you through a wide variety of exploitation techniques across popular mobile platforms. The journey starts with an introduction to basic exploits on mobile platforms, malware analysis, and reverse engineering for Android and iOS platforms. You'll learn more about mobile devices, static and dynamic analysis, and other attacks. You'll explore mobile device forensics and learn how to attack mobile application traffic and SSL, followed by penetration testing. The book also takes you through the basic exploit tricks on BlackBerry and Windows platforms. Overall, the book takes you through the four common mobile platforms basic attacks with stress on Android and iOS.