Magnet Virtual Summit // Dude, Where Are My (Encryption) Keys?! A Reverse Engineer’s Take On Secure Messaging For Mobile
Would you consider buying a new car that had no keys, invisible locks, and only a written commitment from the dealership that the car is only going to respond to you and can’t be stolen by any random person walking by?
Yet in the world of secure messaging, this exact scenario plays out every day: the general public are expected to make informed decisions on what apps they should be trusting their private data with. They must decide based on marketing jargon, download counts and customer reviews, and the media. Security, and by extension secure messaging, are at the forefront of our minds more than any time in history. This talk explores just how reliable these sources are from the perspective of a reverse engineer. From the impressive, to the laughable, to the downright creepy – popular secure chat apps will be put under the microscope.
Reverse engineering is a subject many forensics professionals know about, but seldom think to apply to their forensic examinations. We will also present on a real-world example where reverse engineering proved indispensable in refuting an alibi for a homicide file.
Watch This Session To Learn:
- How popular apps like Wickr Me, Threema, and Signal and others measure up against their marketing claims.
- How Frida, a freely available toolkit for dynamic binary instrumentation (DBI), can be used when static analysis fails.
- How reverse engineering can be useful for interpreting data not supported for decoding by a forensic tool.