[OWASP-Switzerland] June 12th 2012 - OWASP Switzerland Meeting

Sven Vetsch sven.vetsch at owasp.org
Thu Jun 7 10:41:06 UTC 2012

Hi Everyone,
next Tuesday it's again time for an OWASP Switzerland Meeting.

* When:
June 12th 2012 (Next Tuesday!!!)
Starting at 17:30

* What:
Reversing Android Apps

Depending on the interests of the attendees, Tobias will talk more or
less about the topics described in the following abstract:

This talk shows the possibilities of reversing Android applications.
After an introduction about Android issues in the past, Tobias Ospelt
explains how he managed to download several thousand Android
applications from the Google Market, and which security issues are
present in various apps. Developers tend to use cryptography in the
wrong way, and extracting sensitive information from the mobile
application often is really easy. Apps can be decompiled, altered and
recompiled, which means that for most apps it is very easy to steal code
or to include malware. Some of the apps use obfuscation to disguise the
code, but for example encryption keys (e.g. used to send encrypted data
to a server) can easily be extracted. Small game developers, as well as
big companies and other Android developers are not aware of the risk or
do not care about the fact that their code can be decompiled to java and
disassembled to smali code. This is how a lot of protection mechanisms
can be circumvented, such as licensing (cracking a Game) or corporate
solutions (enforcing policies on the mobile). The talk shows how easy
everybody can reverse android apps and how encryption keys can be
extracted, even when the code is obfuscated.

* Where:
Rheinfelder Bierhalle
Niederdorfstrasse 76
8001 Zürich

Please *don't* use the main entrance. There's a small door to the right
which leads to a room upstairs.

* Who:
As usual, all of our meetings are open to everyone and it's free of charge.

* Agenda

17:30 - 17:40 | Welcome and Intro
              | by Sven Vetsch
              | OWASP Switzerland
17:45 - 18:30 | Reversing Android Apps
              | by Tobias Ospelt
18:30 - ??:?? | As usual DEFCON Switzerland joins for beer and food

Some information about Tobias: Originally coming from the financial
sector Tobias Ospelt obtained his MSc. in Engineering with
specialization in information security in 2010. During his studies he
worked as a research associate for the Zurich University of Applied
Sciences (ZHAW) on research projects as well as a teaching assistant.
Subsequently he was hired as penetration tester by a Swiss company
focussing on information security. In the beginning of 2012 he founded
Ospelt Security and is working as a freelancer for Swiss clients as well
as international clients since then. Not only professionally but also
privately he is working on various projects in the field of information
security. Furthermore he is a regular speaker and attendee at many
different information security conferences. His technical research can
be found on his blog floyd.ch.

Hope to see you all there!



Sven Vetsch
Leader OWASP Switzerland

More information about the Owasp-Switzerland mailing list