Google provides Android developers a nice shrink-wrapped package of tools for writing and testing Android applications without actually purchasing a device. All hackers get from Papa Google is the source code for those fancy tools and an urge to break things. This is an ideal recipe for disaster to occur. In this presentation, Scott Dunlop and IOActive will present research from the evil eye view of perspective of a hacker. Scott will demonstrate how to combine the Android Emulator, associated SDK, JDWP and Baksmali to dissect, instrument and tamper with Android applications for fun and profit. As with all great talks, this one includes a live demonstration of dissecting an Antivirus application from the Marketplace.
Mr. Dunlop is a Senior Security Consultant at IOActive, experienced in application assessment and consultation. At IOActive he performs penetration testing, identifies system vulnerabilities, and designs custom security solutions for clients in software development, telecommunications, financial services, and professional services. Previous public works include MOSREF, a secure remote execution framework for penetration testers, and Wasp Lisp, a compact, portable Lisp implementation with strong concurrency features.