Mobile

Marketers agree: screen size is a top priority for anyone shopping for their next cell phone but my new consumer survey challenges this conventional wisdom.

Nearly everyone loves mobile apps that can perform local searches, get directions, or find the nearest decent restaurant. But what’s not so obvious is that these local apps can have hidden bandwidth costs — meaning that, in some cases, they can run up your phone bill in ways you might not expect.

Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Last week Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users. This post discuss the vulnerabilities

Session Juggler allows to log into any websites on an untrusted terminal on any modern browser by using a simple bookmarklet and a smartphone. The site credentials are never transmited to the untrusted. With Session Juggler users never enter their long term credential on the untrusted terminal. Instead, users log in to a web site using a smartphone app and then...

WebDroid the first framework specifically dedicated to build secure embedded WebApp. This framework is build on the insights we gleaned from the security analysis of 30 embedded devices web interfaces for which we found over than 50 vulnerabilities.

We show that phone features makes Tap-jacking easier. We explain how to exploit router web interface to steal WiFi network WPA key and location. Finally we demonstrate how to exploit the frame scrolling attack to attack Facebook frame busting defense and leak private information from Yahoo mobile webmail.