Sec. Dev. & Rock'n'Roll

Talking about Security

Hendrik Pilz

Who am I?

I'm between Security and Developers


It really matters...

Hello Barbie hacked

Picture: Mike Licht CC BY 2.0

Smart doorbell may give Hackers access to WiFi credentials
Babyphone hacked, Baby ranted

Babyphone hacked, Baby ranted

Watch this!

115 batshit stupid things you can put on the internet in as fast as I can go by Dan Tentler

What I want to say

Security people like breaking things (hacking)

Developers like building things (hacking)

Hack yourself first!

What Mobile Devs should know

24.7% of apps include at least one high-risk security flaw

35% of mobile communications are unencrypted

Source: NowSecure Mobile Security Report

What Mobile Devs should know

Even Mobile Security apps have security issues:
(In-) Security of Security Applications

Source: TeamSIK / Fraunhofer SIT

What you can do

Take care of security

Check and contribute: OWASP Mobile Security Project

Reverse your own apps to see what others might see
e.g. with AndroGuard, dex2jar, JD-GUI

Monitor your apps network traffic
e.g. with Wireshark

What you can do

Think twice before you copy'n'paste from StackOverflow

Creating an empty implementation of X509TrustManager did the trick

What you can do

Have a security contact person in your team

Respond to vulnerabilities reported by 3rd parties

By the way

Typosquatting programming language package managers

Recommended Presentations @ Droidcon

Reverse Engineering is not just for Hackers!
by Jon Reeve (Thursday 14:45 to 15:30 @ Stage 1)

May I?
by Sonja Kesic (Thursday 14:45 to 15:30 @ Stage 2)

Building simple and secure Account Systems on Android
by Steven Soneff (Friday 11:45 to 12:30 @ Stage 1)

Security at your Fingertips - A Dive into Marshmallow's new Fingerprint and Keystore APIs
by Frederik Schweiger (Friday 16:45 to 17:30 @ Stage 1)

Thank you!


This presentation is available at