YoVDO

Secrets in Soft Token - A Security Study of HID Global Soft Token

Offered By: Cooper via YouTube

Tags

Hack.lu Courses Cybersecurity Courses Cryptography Courses Vulnerability Assessment Courses Brute-Force Attacks Courses Android Security Courses Mobile Application Security Courses

Course Description

Overview

Explore a security study of the Android version of HID Global Soft Token application in this 36-minute conference talk from Hack.lu 2016. Delve into the mechanisms used to protect key functional processes like generating encryption and OTP keys. Uncover two vulnerabilities affecting the application, including cryptographic weaknesses that could allow attackers to retrieve resources, clone configurations, and potentially discover a victim's PIN through brute force attacks. Follow along as security researcher Mouad Abouhali from Airbus Group Innovations breaks down the study objectives, methodology, and solutions, covering topics such as string analysis, Java reflection, code reading, and encryption tasks.

Syllabus

Introduction
Study Objectives
Security Mechanism
Methodology
Strings
Java Reflection
Reading the code
Encryption task
Solution


Taught by

Cooper

Related Courses

Android Penetration Testing
YouTube
OWASP TOP 10 Mobile - Riesgos de las aplicación móviles
Udemy
Android Penetration Testing
Udemy
Automated Third-Party Library Detection for Android Applications - Are We There Yet?
Association for Computing Machinery (ACM) via YouTube
Exploiting Android Messengers with WebRTC
nullcon via YouTube