Tencent recently published a paper titled “AppAgent: Multimodal Agents as Smartphone User” that uses LLM model to intelligently navigate mobile UI screens and perform various actions. This includes

Forensic analysis is the ability to analyze events and circumstances after an important incident occurs. Typically, an analyst will have physical access to the evidence. This could be mobile devices, routers, server computers, etc. Mobile forensics is about analyzing phones (Android, iOS, etc) for potential breach of compromise. Typically, an organization will deploy MDM along with MTD to get visibility into the device’s security posture. However, there are OS limitations that restrict such solutions to obtain critical security signals that might indicate compromise. With device forensics, we can obtain these signals. More importantly, we can retrospectively go back and analyze past events which help us build a timeline of events that would paint a good picture about the history and circumstances of events.

Telegram Phishing Campaign Analysis

This is a two part series. Stay tuned for Part 2.

Over the years, I have been involved in developing agent applications for iOS & Android that run on the user’s device to do many things. From mobile device managment to threat defense agent apps. These applications are complicated. They are resource intensive, hard to maintain & harder to distribute. Some enterprise customers are willing to look past these “inconveniences” as endpoint security is vital for their day-to-day operations. Consumers on the other hand have different sets of expectations. Primarily, ease of use & privacy. Most tech-savvy (normies included;)) individuals don’t like to install an app that “Scans” their device. Trust is expensive and I have paid the price in many ways trying to explain away the problem and trying to convince users of the benefit. It doesn’t always work.

Detecting mobile compromise is not easy. Mobile OSs put heavy restrictions on what can be done by an app or analysis tool. Even though the intention is good, it limits the available options for blue team engineers to evaluate and protect the device. Over the years sophisticated tools like MagikHide, LibertyOS, HideJB, etc have found ways of masking root & jailbreak making detection even harder.

In this post, I will give introduction to Pwned Report. A side project I have been working on that scans your device for vulnerability or suspected compromise. More than ever, people are aware attackers can take over their devices using sophisticated methods. But, it’s mere suspicion for most. Phrases like my phone going haywire, some app is eating my data, my battery is not lasting long, etc are potential signs of compromise either by malware or an unauthorized party.