The Bank Job - Mobile Edition. Remote Exploitation of the Cordova Framework for Android

No ratings

Presented at AppSecIsrael 2014 by

Apache Cordova is a popular cross-platform framework for mobile development. In this talk we present a series of vulnerabilities which we found in the framework for Android. These vulnerabilities enable a remote drive-by download attack against many Cordova-based applications and, as the framework is used in over 10% of all finance applications on the Android platform, your bank could be at risk! The talk will include a live demonstration of the attack.