Mobile Security

Course Number 705012 and 705013 | Sommersemester 2021

Content

This course is a seminar-style class which focuses on security aspects of mobile devices. We study the security mechanisms of smartphones and show how to employ them to protect sensitive information. Based on that, we analyze mobile applications regarding security-critical deficiencies, examine platform and application vulnerabilities and discuss how they can be exploited by attackers.

  • Security features of mobile platforms, e.g. Android, iOS, …
    • Access protection (PIN, Patterns, …), Secure Element, OS updates, permissions, sandboxing, …
    • Which mechanisms are provided in order to protect sensitive data?
    • How do they work?
  • Key and data storage on mobile devices
    • Device encryption, key derivation functions, key management, risks
    • Which kind of keys do you manage on your device?
    • In practice, what are the risks you have to cope with?
  • Using mobile devices for identity management
    • Mobile e-signatures, threats
  • Application analysis
    • Tools and approaches, vulnerabilities and exploits, handling sensitive data, security-critical mistakes
  • Attacking today’s smartphones
    • Side-channels, Man-in-the-middle, jailbreaking, consequences
  • Mobile Phone Networks
    • IMSI Catchers, attacking phones, vulnerabilities in communication networks

Material

Lecture Slides

The lecture for Mobile Security enables you to acquire knowledge about trending topics in the field of Android and iOS. Attendance is not mandatory but you are encouraged to participate continuously in order to get the “big picture”.

Date Topic Video
11.03.2021 Introduction & Motivation Video
18.03.2021 Key & Data Storage on Mobile Devices, Assignment 1 Video
25.03.2021 iOS Platform Security
Also see: iOS Security Guide
Video
15.04.2021 iOS Application Security
Also see: iOS of Sauron – How iOS Tracks Everything You Do, Malicious MDM
Video
22.04.2021 Android Platform Security
Also see: Kr00k, KRACK, BleedingTooth, The Android Platform Security Model
Video
29.04.2021 Android Application Security
Also see: Lippizan (1, 2), WhatsApp Backups
Video
06.05.2021 Static & Dynamic Application Analysis Video
20.05.2021 Mobile Network Security
Also see: LTE Ciphercheck, Reporters are looking for IMSI catchers in the UK
Video
10.06.2021 Presentation of your task 2 results Video

Practicals and Misc

Everything related to the practicals and further material can be found on the assignments page.

Communication

For better coordination during the course, you are invited to join the # mobilesec Discord channel. To ensure that you won’t miss any essential information, there will also be old-school updates via email.

Administrative Information

Important Dates

  • 14.03.2021: Deadline to register for the lecture and the practicals class.
  • 21.03.2021: Assignments: Select a topic for task 2 and write me an e-mail
  • 10.04.2021: Assignments – Task 1: Submit your results as described on the slides for task 1.
  • 08.06.2021: Assignments – Task 2 : Deadline for sending the deliverable and slides via e-mail to mobilesec@iaik.tugraz.at
  • 10.06.2021: Assignments – Task 2 : Final presentations
  • June 2021: Lecture: Written exam

Lecture Exams

Basically, each student who wants to obtain a grade for the lecture has to pass an exam. You may select and register for an exam date via TUGRAZonline.

Lecture Dates

Date Begin End Location Event Type Comment
2021/05/20 10:00 12:00 Seminarraum Abhaltung VO fix/
2021/05/20 12:00 13:00 Seminarraum Abhaltung KU fix/
2021/05/27 10:00 12:00 Seminarraum Abhaltung VO fix/
2021/05/27 12:00 13:00 Seminarraum Abhaltung KU fix/
2021/06/10 10:00 12:00 Seminarraum Abhaltung VO fix/
2021/06/10 12:00 13:00 Seminarraum Abhaltung KU fix/
2021/06/17 10:00 12:00 Seminarraum Abhaltung VO fix/
2021/06/17 12:00 13:00 Seminarraum Abhaltung KU fix/
2021/06/24 10:00 12:00 Seminarraum Abhaltung VO fix/
2021/06/24 12:00 13:00 Seminarraum Abhaltung KU fix/

Lecturers

Johannes Feichtner
Johannes
Feichtner

PostDoc

View more