1. (Allen Own)

2. Who Am I (Allen Own) allenown@devco.re DEVCORE ! HITCON CHROOT NISRA 100

3. ! ! EC-Council Certied Ethical Hacker Computer Hacking Forensic Investigator

4. 4

5.

6.

7. http://www.ickr.com/photos/seychelles88/361496560/

8. Feature Phone

9. Personal Digital Assistant (PDA)

10. Smartphone PDA

11. 3G

12. CPU2GHz GPUPowerVR / Adreno 1GB ~ 3GB 3GHSDPA WiMaxLTE BluetoothWi-Fi IRNFC ! GPS

13. CPU2GHz GPUPowerVR / Adreno 1GB ~ 3GB 3GHSDPA WiMaxLTE BluetoothWi-Fi IRNFC ! GPS

14.

15. Apple iOS Google Android Windows Phone

16. iPhone 2007 Apple !

17. Apple App Store

18. Apple App Store App Store 90 50,000,000,000

19. Android

20. Android Google 2007 2008 G1 2011 ! Google

21. 27

22. Google Play

23. Google Play Google Market Google Play 2010 100 (2013 7 ) 50,000,000,000

24.

25. Windows Phone

26. Windows Phone 8 WP8 Windows Mobile Xbox Live

27. Windows Phone Store

28. Windows Phone Store XAMLC#VB.NET ! 20

29. Android RIM http://www.comscore.com/Press_Events/ Press_Releases/2011/4/ comScore_Reports_February_2011_U.S._Mobile_Sub scriber_Market_Share/(language)/eng-US

30.

31. Apple iPad Google Android Microsoft Windows

32.

33. Apple iPad

34. Android

35. Windows

36.

37.

38. Personal Information Management (PIM)

39. http://www.flickr.com/photos/vsy/4996102088/

40. http://www.flickr.com/photos/marypcb/4930362870/

41. http://www.flickr.com/photos/purpleslog/183842413/

42. http://www.flickr.com/photos/dedi/3388471972/

43. http://www.flickr.com/photos/helenzhang/4814946755/

44.

45. https://www.mint.com/

46. 2012 DIGICERT 6 http://www.ithome.com.tw/itadm/article.php?c=66928 http://www.btimes.com.my/Current_News/BTIMES/articles/digicert/Article/

47.

48.

49. !

50. http://www.flickr.com/photos/monacho/3420112384

51. https://basecamp.com/mobile

52. iPhone VoIP

53.

54. App 200 http://iservice.libertytimes.com.tw/3c/news.php?no=12190&type=5 App http://news.networkmagazine.com.tw/classification/security/ 2013/12/26/62134/ PChome http://www.appledaily.com.tw/realtimenews/article/new/ 20140210/341223/

55. 4 http://www.informationsecurity.com.tw/article/article_detail.aspx? tv=71&aid=7649 5 http://udn.com/NEWS/BREAKINGNEWS/ BREAKINGNEWS6/8528942.shtmL HP90% Apple iOS http://news.networkmagazine.com.tw/classification/security/ 2013/11/19/60303/

56. SamsungMotorolaLGASUS Netflix http://www.computerworld.com/s/article/9246764/ Pre_installed_malware_found_on_new_Android_phones

57. 2013 19.04% Android http://blog.trendmicro.com/trendlabs-security-intelligence/looking-forward-into-2014-what-2013s-mobile-threats-mean-moving-forward/

58. 90% Apple iOS (HP)2,000 50600 iOS9/10 http://news.networkmagazine.com.tw/classication/security/2013/11/19/60303/

59. 90% Apple iOS HP97% 86% (SQL Injection) HP86% (Cross-Site Scripting, XSS) http://news.networkmagazine.com.tw/classication/security/2013/11/19/60303/

60.

61. CPU2GHz GPUPowerVR / Adreno 1GB ~ 3GB 3GHSDPA WiMaxLTE BluetoothWi-Fi IRNFC ! GPS

62. -> -> -> GPS -> -> ->

63.

64. 0-Day Botnet

65.

66.

67. 3G !

68.

69.

70. Android Architecture

71. Android Architecture

72. Kernel CVE-2012-0056 gain privileges by modify process memory (/proc/pid/mem) CVE-2013-2094 gain privileges via a crafted perf_event_open system call CVE-2013-1773 gain privileges or cause a denial of service (system crash) via buffer overflow in the VFAT

73. Android Architecture

74. [WebKit] Use-After-Free Remote Code Execution ref: http://packetstormsecurity.com/les/cve/CVE-2010-1807

75. Android Architecture

76. Android Master Key Debacle ref: http://nakedsecurity.sophos.com/2013/07/10/anatomy-of-a-security-hole-googles-android-master-key-debacle-explained/

77. 802.1X Password Exploit ref: http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html

78. Android Architecture

79. ADB-Savvy Thieves

80. Android Architecture

81. Insecure Data Storage App App Shared Preferences File Database Content Provider External Storage (ex. SDCard)

82. Skype ref: http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype- for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/

83. # ls -l /data/data/com.skype.merlin_mecha/files/shared.xml -rw-rw-rw- app_152 app_152 56136 2011-04-13 00:07 shared.xml # grep Default /data/data/com.skype.merlin_mecha/files/shared.xml jcaseap ! # ls -l /data/data/com.skype.merlin_mecha/files/jcaseap -rw-rw-rw- app_152 app_152 331776 2011-04-13 00:08 main.db -rw-rw-rw- app_152 app_152 119528 2011-04-13 00:08 main.db-journal -rw-rw-rw- app_152 app_152 40960 2011-04-11 14:05 keyval.db -rw-rw-rw- app_152 app_152 3522 2011-04-12 23:39 config.xml drwxrwxrwx app_152 app_152 2011-04-11 14:05 voicemail -rw-rw-rw- app_152 app_152 0 2011-04-11 14:05 config.lck -rw-rw-rw- app_152 app_152 61440 2011-04-13 00:08 bistats.db drwxrwxrwx app_152 app_152 2011-04-12 21:49 chatsync -rw-rw-rw- app_152 app_152 12824 2011-04-11 14:05 keyval.db-journal -rw-rw-rw- app_152 app_152 33344 2011-04-13 00:08 bistats.db-journal

84. Client Side Injection App App

85. Demo Facebook

86.

87. SDLC

88. Security Development Life Cycle (SDLC)

89. Black-Box Test White-Box Test Code Review

90. App SQL Injection

91. Android

92. Q & A