Wanted: Research Assistant

Eric | April 20, 2015

Are you interested in call graph generation for static analysis and machine-driven soundness proof?

If you are interested in becoming a research assistant in our group have a look at the proposal.

Cross-posted from SEEBlog

Comments
Comments Off on Wanted: Research Assistant
Categories
Research

Android Security Acknowledgements 2015

Eric | April 9, 2015

Stephan Huber (Fraunhofer SIT) and Siegfried Rasthofer got acknowledged from the Android Security Team for our Tapjacking Attack:

https://source.android.com/devices/tech/security/overview/acknowledgements.html

Thank you!

Cross-posted from SEEBlog

Comments
Comments Off on Android Security Acknowledgements 2015
Categories
Research

CodeInspect @DroidCon

Eric | April 8, 2015

CodeInspect will be presented at the 7th edition of DroidCon in Berlin. Droidcon is a global developer conference series and a network focusing on the best of Android. Our talk “DISMANTLING DROIDS FOR BREAKFAST – THE CURRENT STATE OF APP REVERSE ENGINEERING” is aimed at Software Engineers as well as Security Experts.

Looking forward for an interesting conference with lot’s of “droid-talks”.

Cross-posted from SEEBlog

Comments
Comments Off on CodeInspect @DroidCon
Categories
Research

Wanted: Research assistant in CROSSING project

Eric | April 8, 2015

We are currently looking for a research assistant who supports us in designing an eclipse plugin to represent Clafer models. These models aim to guide the user on how to use cryptographic components appropriate.

Have a look to the attached proposal and contact us!

Proposal

Cross-posted from SEEBlog

Comments
Comments Off on Wanted: Research assistant in CROSSING project
Categories
Research

OCAP Phase 2 report out

Eric | April 2, 2015

The OCAP has published its Phase 2 report on its security analysis of the TrueCrypt code base. It appears like they discovered no major issues. In the meantime we are making good progress on the creation of our own in-depth security analysis of TrueCrypt for the BSI. We hope to be able to make this one public, too, at some point.

Cross-posted from SEEBlog

Comments
Comments Off on OCAP Phase 2 report out
Categories
Research

First International Workshop on Agile Secure Software Development

Eric | April 2, 2015

Only two weeks left to submit to our workshop on Agile Secure Software Development. Better get started on your paper now!

Cross-posted from SEEBlog

Comments
Comments Off on First International Workshop on Agile Secure Software Development
Categories
Research

An Investigation of the Android/BadAccents Malware

Eric | April 1, 2015

BadAccents Malware

Earlier this year, we reported on the Korean threat we identified in collaboration with McAfee Mobile Research. We have now released a technical report describing in detail the Android/BadAccents malware. Furthermore, we also describe a new tapjacking attack (also reported earlier this year) the malware exploited.

The technical report also describes the fix we submitted to the Android Security Team in January this year. Until now (approximately 4 month later), the official AOSP still doesn’t include the fix, meaning likely all Android versions are still vulnerable. Unfortunately, there is no real protection-mechanism for the user against this attack. A general recommendation from our side is the installation of apps from the official app stores and the usage of anti-virus applications (many AV vendors already detect this malware family).

Cross-posted from SEEBlog

Comments
Comments Off on An Investigation of the Android/BadAccents Malware
Categories
Research