Damn Vulnerable iOS Application - Mobile Security Research Labs | Mobile Security Research Labs

Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This application covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try. This application also contains...

Read More

Vulnerabilities in Android Update Make All Android Devices Vulnerable | Mobile Security Research Labs

Android upgrade mechanism brings to light a whole new set of vulnerabilities pervasively existing in almost all Android versions, which allow a seemingly harmless malicious app (“unprivileged app” in the security term) running on a version of Android to automatically acquire significant capabilities without users’ consent once they upgrade to newer versions! Such capabilities include automatically obtaining all new permissions added by the...

Read More

mSeclabs - Smartphones at risk of malicious code injection through HTML5-based apps | Mobile Security Research Labs

Only a fraction of mobile apps are currently written in HTML5 – but if 50 percent of applications are written in the markup language by 2016, as experts predict, then a whole lot of smartphones could soon be at risk of a new Cross-Device Scripting (XDS) attack that researchers have been investigating.In the paper, “XDS: Cross-Device Scripting Attacks on Smartphones through HTML5-based Apps,” Xing Jin, Tongbo Luo, Derek G. Tsui, and Wenliang Du, researchers with Syracuse University, explore how anyone running vulnerable HTML5-based apps on...

Read More