June 10, 2014 at 12:08InfoTex Academy launches Transparent Security contest
InfoTeX Academy announces the launch of the Transparent Security contest in the framework of the Competition format, which is aimed at developing software code that implements a repackage mechanism for iOS applications and static code control. The competition will last until November 10, applications for participation are accepted today after registration in your account on the project website.
Thanks for the picture AdExchanger!
Many of us today use smartphones and tablets, because it is so convenient to book a hotel or plane ticket through the application, pay for a mobile phone, use mobile online banking or pay for coffee. Speaking of coffee! Probably many have also heard of Daniel Wood 's study.Starbucks iOS application vulnerabilities, according to which customer usernames, email addresses, passwords and location data are made accessible through special crash analytics software in log files.
How many more applications do not store data in an obvious way and / or promise to protect it, which actually does not turn out to be? We offer to understand this issue in more detail in the framework of the competition.
The participants of the Transparent Security contest are invited to select the following 5 from the Apple application store as test applications:
1) AnywayAnyday
2) RBKMoney
3) ViaProtect
4) AppMe Chat Messenger
5) McAfee Security
It is further proposed to develop an application that embeds instructions (hooks) that allow you to analyze the parameters of functions and methods from local to network, as well as verify (confirm / deny) the reliability of the mechanisms used by test applications to protect data and the fact of the existence of these mechanisms, for example, encrypt passwords or store them in the clear.
Testing of applications submitted to the competition is carried out by the organizer. For participation in the competition, three prizes are expected, which are distributed according to the largest number of criteria satisfying the conditions of the problem. Winners must provide source code that can be retested. Each prize will be awarded with financial reward.the maximum size of which is up to 300,000 rubles .
More details about additional requirements, evaluation criteria and conditions of implementation can be found below:
Requirements- the application must implement the functionality of inserting into the binary executable code a series of “analyzing” instructions regarding the selected methods for each application and cover the largest number of devices and OS versions (iOS 4 - iOS 7.0.3), optionally a simulator. The analyzing instructions should write the parameters of the audited method / function (see below) in the log file, replace with test ones (selected by the participant and described in the readme), which are also stored in the log file after the original values; it is recommended to use the user document directory as the location of the log file; It is also necessary to provide for the possible export of the log file from the device for analysis to Desktop. As test applications, 5 applications are selected from the Apple application store (see below).
Terms of sale- the source code, which allows the use of third-party libraries, is compiled by a regular IDE compiler (MS Visual Studio, Xcode 4.6+, GCC 4.8) for each OS. OS is selected by the participant. The modified application runs on the iOS 4+ platform, Jailbreak. The modified application runs on a Jailbreak device (iPhone / iPad).
Criteria for evaluation- the participants submit a technical description and compiled files to the competition. A modified iOS application should not use more than 10% of the resources compared to the original; The utility for modifying an iOS application should not use more than 500 MB of RAM. Testing is carried out on the side of the Organizers, the results are recorded and published in the overall standings (test system parameters - Win7, Intel Core i7 3Ghz, 8Gb RAM). Evaluation will be performed for the specified OS versions (iOS 4+) and for each type of device (iPhone, iPad). As a result, the weighted average value of all indicators is taken, while the least used amount of resources, support for OS versions are implied. Evaluation of the implementation parameters of each of the participants is available publicly.
Methods / functions for analysis (applicable for each application):
1) Methods for saving and loading data / files to files and / or databases (local)
2) Methods for saving and loading data to / from backup files
3) Methods of data protection ( encryption / decryption), for example, messages (when sending and receiving), interaction with a protected address book (creating, deleting, changing a contact record), protecting passwords or other sensitive information
4) Methods of sending messages and receiving information about a contact
5) Methods used in execution login-activity (entering a username, password, pin-codes, etc.)
are waiting for your applications! Website - academy.infotecs.ru
Thanks for the picture AdExchanger!
Many of us today use smartphones and tablets, because it is so convenient to book a hotel or plane ticket through the application, pay for a mobile phone, use mobile online banking or pay for coffee. Speaking of coffee! Probably many have also heard of Daniel Wood 's study.Starbucks iOS application vulnerabilities, according to which customer usernames, email addresses, passwords and location data are made accessible through special crash analytics software in log files.
How many more applications do not store data in an obvious way and / or promise to protect it, which actually does not turn out to be? We offer to understand this issue in more detail in the framework of the competition.
The participants of the Transparent Security contest are invited to select the following 5 from the Apple application store as test applications:
1) AnywayAnyday
2) RBKMoney
3) ViaProtect
4) AppMe Chat Messenger
5) McAfee Security
It is further proposed to develop an application that embeds instructions (hooks) that allow you to analyze the parameters of functions and methods from local to network, as well as verify (confirm / deny) the reliability of the mechanisms used by test applications to protect data and the fact of the existence of these mechanisms, for example, encrypt passwords or store them in the clear.
Testing of applications submitted to the competition is carried out by the organizer. For participation in the competition, three prizes are expected, which are distributed according to the largest number of criteria satisfying the conditions of the problem. Winners must provide source code that can be retested. Each prize will be awarded with financial reward.the maximum size of which is up to 300,000 rubles .
More details about additional requirements, evaluation criteria and conditions of implementation can be found below:
Requirements- the application must implement the functionality of inserting into the binary executable code a series of “analyzing” instructions regarding the selected methods for each application and cover the largest number of devices and OS versions (iOS 4 - iOS 7.0.3), optionally a simulator. The analyzing instructions should write the parameters of the audited method / function (see below) in the log file, replace with test ones (selected by the participant and described in the readme), which are also stored in the log file after the original values; it is recommended to use the user document directory as the location of the log file; It is also necessary to provide for the possible export of the log file from the device for analysis to Desktop. As test applications, 5 applications are selected from the Apple application store (see below).
Terms of sale- the source code, which allows the use of third-party libraries, is compiled by a regular IDE compiler (MS Visual Studio, Xcode 4.6+, GCC 4.8) for each OS. OS is selected by the participant. The modified application runs on the iOS 4+ platform, Jailbreak. The modified application runs on a Jailbreak device (iPhone / iPad).
Criteria for evaluation- the participants submit a technical description and compiled files to the competition. A modified iOS application should not use more than 10% of the resources compared to the original; The utility for modifying an iOS application should not use more than 500 MB of RAM. Testing is carried out on the side of the Organizers, the results are recorded and published in the overall standings (test system parameters - Win7, Intel Core i7 3Ghz, 8Gb RAM). Evaluation will be performed for the specified OS versions (iOS 4+) and for each type of device (iPhone, iPad). As a result, the weighted average value of all indicators is taken, while the least used amount of resources, support for OS versions are implied. Evaluation of the implementation parameters of each of the participants is available publicly.
Methods / functions for analysis (applicable for each application):
1) Methods for saving and loading data / files to files and / or databases (local)
2) Methods for saving and loading data to / from backup files
3) Methods of data protection ( encryption / decryption), for example, messages (when sending and receiving), interaction with a protected address book (creating, deleting, changing a contact record), protecting passwords or other sensitive information
4) Methods of sending messages and receiving information about a contact
5) Methods used in execution login-activity (entering a username, password, pin-codes, etc.)
are waiting for your applications! Website - academy.infotecs.ru