Dr. Andreas Kurtz

Security & Privacy Researcher

NESO Security Labs GmbH

Biography

Andreas Kurtz studied Medical Computer Science at Heidelberg University and graduated in 2007 with distinction. Since then he has been working as a full time professional in the information security industry. In 2011 he co-founded NESO Security Labs - a security research and consulting company based in Heilbronn, Germany - together with Tobias Klein (author of “A Bug Hunter’s Diary”). On a regular basis, he is conducting security assessments and penetration tests for large-scale enterprises as well as public authorities and is delivering application security lectures and trainings.

Alongside his industry activities, Andreas is also engaged in the academic field. In 2016 he received his PhD degree in Computer Science (Information Security) from the Friedrich-Alexander-University Erlangen-Nürnberg. During his recent research activities on the security and privacy of mobile applications, particularly on Apple’s iOS platform, he uncovered a wide range of vulnerabilities in Apple’s iOS, in iOS system apps, as well as in popular third-party apps (e.g., WhatsApp Messenger, iPin, Telekom, etc.) including their web service interfaces. On a regular basis, Andreas is presenting his research results in various magazines and journals as well as on both academic and industry conferences (OWASP, DeepSec, Shakacon, Privacy Enhancing Technologies Symposium, etc.)

Interests

Application Security
Mobile Security & Privacy
Pentesting

Education

PhD in Information Security, 2016

Friedrich-Alexander University Erlangen-Nuernberg
Dip. in Medical Computer Science, 2007

Heidelberg University

Selected Publications

Fingerprinting Mobile Devices Using Personalized Configurations

Recently, Apple removed access to various device hardware identifiers that were frequently misused by iOS third-party apps to track users. We are, therefore, now studying the extent to which users of smartphones can still be uniquely identified simply through their personalized device configurations. Using Apple’s iOS as an example, we show how a device fingerprint can be computed using 29 different configuration features. These features can be queried from arbitrary thirdparty apps via the official SDK. Experimental evaluations based on almost 13,000 fingerprints from approximately 8,000 different real-world devices show that (1) all fingerprints are unique and distinguishable; and (2) utilizing a supervised learning approach allows returning users or their devices to be recognized with a total accuracy of 97% over time.

Andreas Kurtz, Hugo Gascon, Tobias Becker, Konrad Rieck, Felix Freiling

In PoPETS Journal

Details PDF Code

Recent Publications

More Publications

Fingerprinting Mobile Devices Using Personalized Configurations
Details PDF Code
Katz und Maus: iOS-Jailbreaks: Wie sich Entwickler gegen Angreifer behaupten können
Details PDF
Schilde runter: iOS-Jailbreaks: Funktionsweise und Risiken
Details PDF
DiOS: Dynamic Privacy Analysis of iOS Applications
Details PDF Video Code Project
SNOOP-IT: Dynamische Analyse und Manipulation von Apple iOS Apps
Details PDF Video Project

Recent Posts

iOS 8 Touch ID Authentication API

Fri, Oct 24, 2014 ios, app, security

or the False Sense of Security of Dropbox’s Passcode Protection Since the release of iOS 8, the Touch ID fingerprint sensor can now also be used in third-party apps. The Local Authentication framework provides an API via which users can conveniently deploy their biometric fingerprint to authenticate themselves in both apps from the App Store and enterprise apps. In the medium term, we anticipate that more and more apps will switch to the fingerprint method of user authentication.

Malicious iOS Apps

Thu, Sep 18, 2014 ios, malware

A comparison before and after iOS 8 was released As part of one of our recent research projects, we evaluated how malicious third-party apps could affect user privacy, despite the various security controls and the solid security architecture of the iOS platform. Therefore, we reviewed the iOS app sandbox model for weaknesses – and, indeed, made some finds. Some of these defects, which Markus Troßbach and I disclosed to Apple a while back, have been addressed with yesterday’s release of iOS 8 (CVE-2014-4361, CVE-2014-4362).

What Apple Missed to Fix in iOS 7.1.1

Wed, Apr 23, 2014 ios, security

A few weeks ago, I noticed that email attachments within the iOS 7 MobileMail.app are not protected by Apple’s data protection mechanisms. Clearly, this is contrary to Apple’s claims that data protection “provides an additional layer of protection for (..) email messages attachments”. I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments.

Contact

mail@andreas-kurtz.de
For encrypted email, please use my PGP key (fingerprint: 7ACF F1B8 1FA8 E457).
NESO Security Labs GmbH, Weipertstr. 8 - 10, 74076 Heilbronn, Germany.