Smart Sheriff Archives - 7ASecurity Blog https://7asecurity.com/blog/ Helping you secure apps and websites Fri, 28 Mar 2025 10:17:55 +0000 en-US hourly 1 https://7asecurity.com/blog/contents/uploads/2019/06/favicon.ico Smart Sheriff Archives - 7ASecurity Blog https://7asecurity.com/blog/ 32 32 Hacking Mandated Apps – Part 8: Password Leak via API! [ MSTG-AUTH-1 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-8-password-leak-via-api-mstg-auth-1/ Wed, 11 Sep 2019 03:14:19 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ] The OWASP Mobile Application Security Verification …

The post Hacking Mandated Apps – Part 8: Password Leak via API! [ MSTG-AUTH-1 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-7-aes-crypto-fail-mstg-crypto-1/ Mon, 09 Sep 2019 03:27:21 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog …

The post Hacking Mandated Apps – Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-6-xor-crypto-fail-mstg-crypto-1/ Fri, 06 Sep 2019 01:40:27 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V3: Cryptography Requirements, as follows: …

The post Hacking Mandated Apps – Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-5-rce-in-webview-mstg-platform-7/ Thu, 05 Sep 2019 00:51:55 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V6: Platform Interaction Requirements, as follows: MSTG‑PLATFORM‑7: If native methods of the app …

The post Hacking Mandated Apps – Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-4-how-not-to-implement-ssl/ Wed, 04 Sep 2019 01:14:00 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG‑NETWORK‑2: The TLS settings are in line with current best practices, or as close as possible if …

The post Hacking Mandated Apps – Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ] https://7asecurity.com/blog/2019/09/hacking-government-mandated-apps-part-3-what-is-ssl/ Tue, 03 Sep 2019 00:19:16 +0000 Previous blog posts you might have missed and maybe you would like to read first for background: Part 1: Intro Part 2: Translating APKs The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG-NETWORK-1: Data is encrypted on the network using …

The post Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 2: Translating APKs https://7asecurity.com/blog/2019/09/hacking-government-mandated-apps-part-2-translating-apks/ Mon, 02 Sep 2019 02:41:26 +0000 If you missed Hacking Mandated Apps – Part 1: Intro please start there for background 🙂 Translating APKs in beautiful exotic languages As explained in the intro, the team did not get access to the sources of the app. We had to first retrieve the APK from a Korean APK download service, decompile the APK and then …

The post Hacking Mandated Apps – Part 2: Translating APKs appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 1: Intro https://7asecurity.com/blog/2019/09/hacking-government-mandated-apps-part-1-intro/ Sun, 01 Sep 2019 06:48:38 +0000 NOTE: This was all coordinated work with human rights activists, vulnerabilities were reported, findings public, and talk (below) given! 🙂 Is monitoring your children something your country’s government asks you to do? Do you feel you need the government’s help to parent your child, technologically? What if I told you there is a country that forced its …

The post Hacking Mandated Apps – Part 1: Intro appeared first on 7ASecurity Blog.

]]>