Inside Android's SafetyNet Attestation Colin Mulliner

Channel:
United States All Hacking Cons
Subscribers:
6,000
Published on ● Video Link: https://www.youtube.com/watch?v=o_miJpK556o


Duration: 1:06:08
17 views
0

There are many reasons for protecting your mobile applications against modification and tampering. Until recently you had to use third party tools or implemented your own app integrity checks and device rooting checks. Today you can use Android's SafetyNet Attestation infrastructure to ensure the integrity of your application and the user's device. Unfortunately, SafetyNet Attestation is not well documented by Google. This talk provides a deep dive into SafetyNet Attestation. We show what level of attestation SafetyNet provides and what it can't do. The talk is based on the lessons learned from implementing SafetyNet Attestation for an app with a large install base. We turned SafetyNet upside down to find its flaws and shortcomings. This talk will provide you with everything you need to know about Android's SafetyNet Attestation and will help you to implement and use it in your app.


Presenters:
Collin Mulliner   as Colin Mulliner

44 con 2017 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-10-06How to Explain Post Quantum Cryptography to a Middle School Student Klaus Schmeh
2021-10-06So You Want to Hack Radios Marc Newlin and Matt Knight
2021-10-06See no evil, hear no evil Matt Wixey
2021-10-06Secrets Of The Motherboard Shit My Chipset Says Graham Sutherland
2021-10-06Reverse Engineering Windows Malware 101 Workshop Amanda Rousseau Workshop
2021-10-06Red Team Revenge Attacking Microsoft ATA Nikhil Mittal
2021-10-06Persisting with Microsoft Office Abusing Extensibility Options William Knowles
2021-10-06The Internet of Us Don A Bailey
2021-10-06The Black Art of Wireless Post Exploitation Gabriel Ryan
2021-10-06Subgraph OS Hardening a Linux Desktop David Mirza Ahmad
2021-10-06Inside Android's SafetyNet Attestation Colin Mulliner
2021-10-06Lessons Learned Hunting IoT Malware Olivier Bilodeau
2021-10-06A Hands On Introduction To Software Defined Radio Didier Stevens Workshop
2021-10-06ARM Assembly and Shellcode Basics Saumil Shah Workshop
2021-10-06BaRMIe Poking Java's Back Door Nicky Bloor
2021-10-06Biting the Apple that feeds you Alex Plaskett and James Loureiro
2021-10-06Breaking Historical Ciphers with Modern Algorithms Klaus Schmeh
2021-10-06Checking BIOS protections offline with just the firmware updates Yuriy Bulygin
2021-10-06Chkrootkit Eating APTs for breakfast since 1997 Nelson Murilo
2021-10-06Cisco ASA Episode 2 Striking back Internals and Mitigations Cedric Halbronn
2021-10-06Cracking HiTag2 Crypto Kevin Sheldrake Workshop


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
protection
network
scam
fraud
malware
secure
identity
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Colin Mulliner
android
saftynet