mobile security Archives

Why Mobile Devices are More Prone to Phishing

I’ve sent a lot of phishing emails. All with good intentions I must add. While reviewing the results, one of the most surprising things that I discovered was that the majority of people who fall for phishing tests (and therefore real phishing attacks) are using mobile devices. In my experience, 60% of those who are successfully deceived are victims of mobile phishing.

These are my conclusions as to why this is true and recommendations on what we can do to help people stay safe online.

[Read more…]

Reading Time: 6 minutes

If you read through the disclosed bug bounty reports on platforms such as hackerone.com it is clear that most bug bounty hunters are targeting web applications and neglecting the mobile application landscape. This is an opportunity that you can take advantage of.

Android app bug bounty — Photo by LOLIONI on Unsplash

I’ve had a lot of success recently looking at mobile apps, specifically android applications. After searching online for decent training material I stumbled upon the Udemy course Android Application Penetration Testing which has proven invaluable. (Disclaimer, I get no financial gain or anything else out of linking to this course, other than more competition in the android bug bounty space.) 4.5 hours of training at 2x regular playback speed and you’re in a good starting position.

Just like web applications, you can find the OWASP Mobile Top 10 very useful for identifying vulnerabilities to look for. My personal favourites are:

[Read more…]

Why More Than Half of Email Phishing Leaks Happen on Mobile Devices

Why Mobile Devices are More Prone to Phishing

Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition)