Description: Most possibly there is no need to make a long introduction when speaking about the famous FinSpy application, a product of the company FinFisher from Gamma Group. In this case study I will present how I reverse engineered this law-enforcement tool and I also will share the results of the analysis in detail (configuration and installation process, cryptography solutions, control mechanism). Because it is a case study I will present which techniques and tools I used during the analysis. How to analyze an Android application quickly to get a basic view from it and after then how to analyze it deeply, how to patch it, and how to defeat obfuscations and the self-checks. Walking on this way I had some successes and mistakes as well, both are good to share to learn from it. The result of this analysis was quite disappointing because this tool has several serious weaknesses on multiple part of it, which is unacceptable from a law-enforcement spying tool. A test/analysis without proof-of-concept codes are nothing so at the end of the lecture I will present my scripts to demonstrate how to hijack the control of the application perfectly and to show how to loot the collected data from the phone (call logs, SMS, contacts, every what the app has collected on the device).
Attila Marosi
Attila Marosi has always been working in information security field since he started working. As a lieutenant of active duty he worked for years on special information security tasks occuring within the SSNS. Newly he was transferred to the just established GovCERT-Hungary, wich is an additional national level in the internationally known system of CERT offices. He has several international certificates such as CEH, ECSA, OSCP, OSCE. During his free time he also read lections and does some teaching on different levels; on the top of them for white hat hackers. He has presented at many security conferences including Hacker Halted, DeepSEC and Ethical Hacking.
For More Information Please Visit: - https://www.troopers.de/troopers/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.