Главная
Study mode:
on
1
Intro
2
GEOLOCATION IN MOBILE APPS incorporating geolocation is the norm
3
How is GEOLOCATION ACCOMPLISHED (IOS)? using the Core Location Manager
4
GEOLOCATION (1)OS LEVEL PROTECTIONS os-level alerts
5
GEO CAN 'LEAK' IF THE APPLICATION IS BUGGY ...bad for users!
6
THEY KNOW YOUR LOCATION
7
COMMON CLASSES OF GEO BUGZ can compromise a user's physical location
8
INSECURE NETWORK COMMS
9
OVER PRECISE LOCATION
10
USER INTERFACE
11
EXAMPLE OF GEO BUGS buggy apps that compromised a user's physical location
12
STARBUCKS overpriced coffee, plus a shot of geo tracking
13
WHISPER the safest place on the internet - NOPE
14
TINDER precise geo of nearby users, allowed tracking
15
ANGRY BIRDS ... they are watching you play
16
GRINDR'S PREVIOUS ISSUES Those who cannot learn from history are doomed to repeat it
17
LACK OF SSL PINNING the app does not pin its certs
18
REPORTING OF PRECISE GEO
19
LOCATION SPOOFING can spoof your location as much as you want
20
WIDE-OPEN APIS unauthenticated, unlimited access to APIS
21
'BROKEN' UI LEVEL LOGIC what you see/say isn't what you get
22
DISCLAIMER our goal was to help Grindr under the issues
23
TRILATERATION determine absolute location from relative distances
24
USER LOCATION so lets map some users
25
IDENTIFYING USERS it'd be trivial to reveal anonymous user's identities
26
GRINDR RESPONSE foxes & current issues
27
QUESTIONS & ANSWERS feel free to contact us any time!
Description:
Explore a case study on geolocation vulnerabilities in mobile apps, focusing on a popular social dating application. Delve into various OWASP mobile risks, including weak server-side controls, insufficient transport layer protection, and unintended data leakage. Learn about MitM attacks revealing user locations, trilateration techniques for tracking users worldwide, and the real-world consequences of these security flaws. Discover best practices for developing location-aware apps, including precision limiting of geolocation data, rate limiting APIs, and restricting user location changes. Gain insights into the intersection of physical world and software security, with examples from embedded systems, social networks, and consumer devices.

When Geo Goes Wrong - A Case Study of Geolocation Vulnerabilities in Mobile Apps

OWASP Foundation
Add to list
#Information Security (InfoSec) #Cybersecurity #Mobile Security #Network Security #Web Security #API Security
1 of 27

Intro