/Teaching/Mobile Security/Assignments/Task 2 – Suggested Topics

Task 2 – Suggested Topics

Each of the following topics can be done in groups of max. 3 people. If none of these topics sounds appealing to you, propose your own idea and we can see if it fits into the ensemble. All listed projects can also be worked on independently by max. 2 groups per project, unless there are still projects in the pool where nobody is assigned.

Important note: Obviously, the subsequent list provides only a very short abstract of every project. In case something sounds appealing but you do not fully understand what the topic is about, do not hesitate to come to me after the lecture and I will gladly explain it! Also, if you are uncertain how to proceed, please just ask me after the lecture and do not wait until the last week before the deadline!

Hint: For all projects where Android applications have to be reverse-engineered, please use jadx, Apktool or something equivalent. These tools greatly simplify the job.

Topics

Working Title Description
Analysis of Device Migration tool Most smartphone vendors offer (preinstalled) tools to migrate data and apps from the user’s previous device to the newly purchased one. Some of these solutions operate wirelessly, while others require a USB connection between the two devices. The transferred data is highly privacy sensitive, so proper protection of the transfer is of utmost importance.
In this project, you will investigate the security of a data migration tool of your choice (the receiving side needs to come preinstalled by a vendor). You will shed light on the mechanism the tool uses for extracting data from the sending side and how exactly the connection is protected. Using this information, you can then investigate potential attacks, such as extracting data from a victim by spoofing the recipient side, listening in on the data communication or manipulating the data arriving at the recipient. The result of this project is a detailed report of your analyses and findings.
Assigned: Denifl, Ulanbekova
Assigned: 
Reverse-Engineering of Google Play System module update API With Project Mainline, central components of the Android OS can be updated as individual modules supplied through Google Play. While this improves security by facilitating more frequent updates, it also increases the reliance on Google and its proprietary infrastructure. In this project, your task is to reverse-engineer the API Google uses for retrieving system module updates by mounting a MITM attack on a rooted Android device. It might be necessary to also utilise Frida. The result of this project is a detailed report of your findings and a simple API client in a language of your choice.
Assigned: Celec, Picher
Assigned:
Reverse-Engineering of Google Play device migration API When migrating from an iPhone to an Android device, Google offers the possibility to retrieve a list of apps installed on the iPhone and automatically install equivalent apps on the Android device. In this project, you use a rooted device to reverse-engineer the Google Play API endpoint used for this app matching. The goal is to figure out whether the matching is based on a hand-curated database or performed in some automated fashion. The result of this project is a detailed report of your findings.
Assigned: 
Assigned: 
Analysis of Samsung Engineering Mode Samsung devices contain an engineering mode that allows configuring certain aspects of system components and preinstalled apps even on production devices. In this project, you carry out an extensive online research and on-device investigation (including reverse-engineering of system components) to figure out the scope and functionality of this hidden feature. The result of this project is a detailed report documenting your approach and findings.
Assigned: Sarić, Šiljegović
Assigned: 
Solve Android Hacklets Security researcher Yanick Fratantonio assembled Android hacklet challenges on his website here. For assignment 2, your task is to solve as many of these challenges as possible (solve at least 18 + (# of group members) of the 21 challenges for grade 1). The result of this project is a detailed report documenting your solutions for the challenges you solved (include the flags you found for each challenge!). For the presentation, you describe the exploited vulnerabilities and your solution for 3 x (# of group members) hacklets of your choice.
Assigned: Van Husen
Assigned:
Analyse Amazon App Store When developers upload their apps to Amazon App Store, the submitted file is stripped of its original app signature, modified to add Amazon-proprietary code, and finally signed with a new certificate generated by Amazon. In this project, you investigate the extent of the modifications. In particular, you explore how the injected Amazon code influences the app’s data privacy and whether the changes are accurately reflected in the data protection section of individual apps inside Amazon App Store. The result of this project is a detailed report documenting your findings.
Assigned: Bourgois, Dobrouschek, Sanz
Assigned:
Linux: Analysing an Embedded Linux device Many IoT devices run a simple Linux-based operating system. They therefore present a very interesting possibility for studying various security-related concepts that directly translate to larger Linux-based embedded systems such as Android. As part of this project, you analyse an embedded Linux IoT device of your choice to shed light on its internal operation and identify potential security vulnerabilities. The following aspects will have to be covered:

  • How can the Linux system be accessed: Is there any debug interface such as a Serial or JTAG? Is an SSH server running?
  • What basic system-level security is used: How is DAC (Discretionary Access Control) configured? Is MAC (Mandatory Access Control) used as well?
  • What does the startup routine look like?
  • Is there any mechanism for firmware updates? Is it properly protected?
  • Integrated open-source SW/libs/kernel? Recency? Known vulnerabilities?
  • Proprietary software stack: What frameworks were used? Was security considered? Are there any vulnerabilities?

Helpful tools: Ghidra, ssh, strace, gdb

Note: If you choose this topic, please contact me in advance about the IoT device you intend to analyse!
Assigned: Alshazly (Smart Life Android App + Smart Plug + Amazon Echo Dot)
Assigned:
Reverse-Engineering Password Managers Figure out how exactly passwords are stored in popular password manager apps on Android and if there are any security risks. The result of this project is a survey report, including recent results from research papers and your own findings from analysing a set of different password manager apps.
Assigned: Jakob Beck
Assigned:
Reverse-Engineering of Apps built with Titanium SDK Develop a solution for automatically reverse-engineering apps built using Titanium SDK. The result of this project is a detailed report, including information about the Titanium SDK, its build pipeline, executable format, your reverse-engineering approach and documentation for the resulting tool.
Assigned: Jakob Khom
Assigned:
Notification Forwarder (P2P) Develop an iOS/Android application that forwards notifications from a mobile device to your computer. The connection should be peer to peer. Pay special attention to how you secure the connection: How is confidentiality ensured? How are keys exchanged? Where are they stored? Can you prevent replay attacks or MITM attacks?
Your submission should consist of a report discussing your design decisions and the source codes for server and app component.
Assigned: Ashley Foss
Assigned:
Your idea If you have any idea for a project of suitable scope that involves a mobile OS and security aspects, don’t hesitate to contact me about pursuing it as part of this course! Specific contributions to open-source projects are welcomed as well!