I²Cx Mobile

I²Cx Mobile is a mobile cybersecurity training platform under development. It allows to discover all the Web application vulnerabilities of the OWASP top 10. Through the I²Cx Platform card, it is also possible to connect to this interface and thus demonstrate the Android application vulnerabilities related to smart devices.

A wide range of vulnerabilities

Incorrect use of a platform

Non-use or bad implementation of Android Intents, iOS TouchID or Keychain…

Insecure communication

Unencrypted, unauthenticated communications (handshake, incorrect SSL versions, failure to protect personal data (GDPR)

Wrong cryptographic configurations

Weak encryption algorithms, poorly respected cryptographic standards

Insecure deserialization

Buffer overflow, formatted strings, code execution on mobile devices

Reverse engineering

Low complexity code and no obfuscation methods

Database injection

Leakage of unencrypted sensitive data, local SQLite (log, application memory, decompiled code)

Insecure authentication

Wrong sessions handling

Authorization defects

Lack of user authorization, personal data theft, deletion of entire system, or control of the smart device

Code forgery

Malicious clones, adding backdoors to intercept data and communicate with servers

External feature

Poor management of security controls and enabling access to debugging logs