Defeating the Secrets of OTP Apps for Android

Despite the increasing number of cases of data theft (such as Equifax), the classic password is still in many places the sole security feature for user authentication.

However, numerous possibilities for extending this now anachronistic form of access control already exist. One such option is the use of one-time passwords (OTP). These passwords are increasingly used for additional authentication (in addition to user name and password) of the respective user to service providers on the Internet and the applications that generate these are therefore referred to as so-called two-factor authentication apps (2FA apps).

The paper of Philip Polleit and myself investigates 16 such 2FA apps for the Android operating system and focuses on the extent to which these applications can offer a similar level of protection when compared to classical hardware tokens (e.g., YubiKey, SecurID-Authenticator). The paper was presented at this years IMF conference in Hamburg.

Continue reading “Defeating the Secrets of OTP Apps for Android”

Neues Buch: Mobile Hacking

Mitte 2015 kam der dpunkt.verlag auf mich zu und fragte mich, ob ich nicht Lust hätte ein Buch zum Thema “hacking mobiler apps” zu schreiben. Die Idee, ein Buch über das Thema zu schreiben, mit dem ich große Teile meines täglichen Berufsleben zu tun habe, fand ich sehr interessant, gerade auch weil es dieses Mal auf Deutsch sein sollte (was, wie ich später herausfand, deutlich schwerer ist als auf Englisch).

Nach einigen Diskussionen mit dem Verlag und zahlreichen Reviewern, entstand eine recht umfangreiche Gliederung des Buches, die für alle Seiten akzeptabel war. Ein gutes Jahr – und hunderte Stunden – später (Mai 2016) ist das Buch fertig und steht nun zum Vorbestellen auf den Seiten von Amazon und dem dpunkt.verlag bereit.

Continue reading “Neues Buch: Mobile Hacking”

First Book: (Mastering) Python Forensics

Beginning of 2015 PackPub came to Johann and me and ask us if we would like to write a book about Python-based forensic investigations. The idea of writing a book was really interesting for both of us, so we started to work on an agenda and outline. After several discussions with the publisher we created an outline that was acceptable for all of us and less than a year later (since October 2015) the book is available on Amazon and PackPub.

Continue reading “First Book: (Mastering) Python Forensics”

Android meets Company – Is this really a good Combination?

Smartphones and tablet computers are no longer indispensable from the corporate life. Now, they don´t serve for communication purposes only but are often used for the processing of business related documents and even for access to sensitive corporate resources. This evolution demonstrates that mobile devices will be the future within every organization.

Continue reading “Android meets Company – Is this really a good Combination?”