Mobile Security (SS 2025)
Table of Content
Content
This course is a seminar-style class which focuses on security aspects of mobile devices. We study the security mechanisms of smartphones and show how to employ them to protect sensitive information. Based on that, we analyze mobile applications regarding security-critical deficiencies, examine platform and application vulnerabilities and discuss how they can be exploited by attackers.- Security Architectures of Android and iOS
- Access protection (PIN, Patterns, ...), Secure Element, OS updates, permissions, sandboxing, ...
- Which mechanisms are provided in order to protect sensitive data?
- How do they work?
- Common security mistakes in mobile applications
- Responsibilities of app developers
- Proper use of access protection for files and data
- Securing communication channels
- Application analysis
- Tools and approaches, vulnerabilities and exploits, handling sensitive data, security-critical mistakes
- Attacking today's smartphones
- Side-channels, Man-in-the-middle, jailbreaking, consequences
- The bigger picture
- What is the attack surface of the hardware?
- How to conduct research in mobile security?
Material
Lecture Slides (Updated Weekly)
The lecture for Mobile Security enables you to acquire knowledge about trending topics in the field of Android and iOS. Attendance is not mandatory but you are encouraged to participate continuously in order to get the "big picture". Slides will be uploaded and linked after each lecture.
| Date | Topic |
|---|---|
| 07.03.2025 | Introduction & Motivation |
| 14.03.2025 | Android Platform Security, Assignment 1 Also see: The Android Platform Security Model |
| 21.03.2025 | Android Application Security I |
| 11.04.2025 | Android Application Security II |
| 09.05.2025 | iOS Platform Security Also see: iOS Security Guide |
| 16.05.2025 | iOS Application Security Also see: Evasi0n Jailbreak: Userspace, Kernel Patches, Source Code |
| 23.05.2025 | Mobile Hardware Security |
| 06.06.2025 | Mobile Network Security |
| 13.06.2025 | Presentation of your Assignment 2 results |
| 20.06.2025 | Mobile Security Research |
| 27.06.2025 | Lecture Exam |
Practicals and Misc
Everything related to the practicals and further material can be found on the assignments page.
Communication
You are expected to join and frequently read the # mobilesec Discord channel. Important information regarding the course will be published there. It is also the place to ask questions that may also affect other students.
Administrative Information
Important Dates
-
14.03.2025: Deadline to register for the lecture and the practicals class.
-
21.03.2025: Assignments: Select a topic for task 2 and write me an e-mail
-
28.03.2025: Assignments - Task 1: Submit your results as described on the slides for task 1.
-
06.06.2025: Assignments - Task 2 : Deadline for sending the deliverable and slides via e-mail to mobilesec@iaik.tugraz.at
-
13.06.2025: Assignments - Task 2 : Final presentations
-
27.06.2025: Lecture: Written exam
Lecture Exams
Each student who wants to obtain a grade for the lecture has to pass an exam. You may select and register for an exam date via TUGRAZonline.
Lecture Dates
| Date | Begin | End | Location | Event | Type | Comment |
|---|---|---|---|---|---|---|
| 2025/04/11 | 10:00 | 12:00 | HS i12 "DynaTrace Hörsaal" | Abhaltung | VO | fix/ |
| 2025/05/09 | 10:00 | 12:00 | HS i12 "DynaTrace Hörsaal" | Abhaltung | VO | fix/ |
| 2025/05/16 | 10:00 | 12:00 | HS i12 "DynaTrace Hörsaal" | Abhaltung | VO | fix/ |
| 2025/05/23 | 10:00 | 12:00 | HS i12 "DynaTrace Hörsaal" | Abhaltung | VO | fix/ |
| 2025/06/06 | 10:00 | 12:00 | HS i12 "DynaTrace Hörsaal" | Abhaltung | VO | fix/ |
| 2025/06/13 | 10:00 | 12:00 | HS i12 "DynaTrace Hörsaal" | Abhaltung | VO | fix/ |
| 2025/06/20 | 10:00 | 12:00 | Seminarraum | Abhaltung | VO | fix/ |
| 2025/06/27 | 10:00 | 12:00 | Seminarraum | Abhaltung | VO | fix/ |
Lecturers
Draschbacher
PhD Candidate