Blog

Over the years and updates, the Android operating system has become more sophisticated with a bunch of new features. While this is a positive aspect for the end user, it can make application development more complex, increase the number of errors made by developers and lead to vulnerabilities. This is particularly true for Intent management and inter-process communication mechanisms. In fact, Android offers a set of tools enabling applications to communicate with each other. Among them, intents are the focus of attention since they enable activities, services and broadcasts to be started.

This blog post aims to present the BroadcastReceiver component and see how it can be used in a secure way.

A journey using Android static source code analysis tools

Par Aldric Berthet in mobile

22 février 2023

In a decade, mobile applications became a daily tool simplifying people’s lives worldwide (from accessing bank account to watching movies etc.). This trend has brought to light a new attack surface and vulnerabilities began to arise due to the huge amount of functionalities offered by the mobile OS.

This blog post aims to present and compare open source tools to see their ability to detect complex vulnerabilities.

Initialization vector mishandling

Par Florian Picca in crypto

11 février 2023

To encrypt data, one needs to choose a suitable encryption algorithm and generate a key, but most of the time additional parameters are required. In this blog post, we will focus on the initialization vector (IV), which is a parameter used by the most common symmetric encryption algorithms (AES-CBC, AES-CTR and AES-GCM). The majority of vulnerabilities I encounter during cryptographic reviews come from mishandling of this IV.

In this post we will look at what an IV is, why it is important and how to handle it safely depending on the chosen algorithm.

Mastering the use of Android BroadcastReceiver

A journey using Android static source code analysis tools

Initialization vector mishandling

Catégories