AI of Things Executive Insight Series by Glyn Povah, Director of Product Development at LUCA This content was originally published by the Mobile Ecosystem Forum, we see Glyn Povah the Director of Global Product Development Smart Digits give his insights below: If data is the new...
Richard Benjamins. Artificial Intelligence for warfare or for maintaining peace On July 3, 2019, I attended an event organized by the Spanish Center for National Defense Studies (CESEDEN) and the Polytechnic University of Madrid (UPM) on the impact of AI...
Cascajo Sastre María IoT and Big Data: the parents of carsharing Mobility is one of the main problems of large cities. Every day, millions of citizens are caught in traffic jams. Although it may seem difficult, this reality can be...
Beatriz Sanz Baños IoT, the new ally of renewable energies? Since its arrival, IoT has been pushing society towards a future in which most devices will be connected. Climate change and pollution levels also lead us to a future...
ElevenPaths Whitepaper “Windows Malicious Events Detection With Security Monitoring” This whitepaper gathers the results of the work carried out by Telefonica Chief Data Officer and ElevenPaths Product Unit in order to detect a sucession of events, not necessarily...
ElevenPaths Cybersecurity for Industrial Digitalisation: Keys to a Successful Approach Digital technologies, and in particular what has been agreed to be called IoT (Internet of Things), bring a world of possibilities that organisations of any sector cannot fail to...
How to Make API REST Requests to Tor Hidden Services in an Android APKRafael Ortiz 19 May, 2020 We were building a proof of concept in the Innovation and Laboratory Area as part of the architecture needed to create a Tor hidden service. We also needed a mobile application to interact with that hidden service through a JSON API. As it turns out, there is not a lot of well documented ways to do this seemingly straightforward task. We are sharing our notes here in case anyone else wants to see how to add this support to their application. If you don’t care about the background, go ahead and skip to the “Implementation” part below. Background First, let’s take a look at the different building blocks we’ll need to make calls to a hidden service from our app. We’ll assume you have a basic familiarity with Tor and Android app development. Orbot, NetCipher, and the Guardian Project Orbot is a free application for Android that acts as a Tor proxy for your device. You can think of it as running the Tor service on your phone, the same as you would on any other Linux system. Orbot is developed by the Guardian Project, who create and maintain many privacy oriented apps for Android. They are the team behind the officially endorsed Tor Browser for Android, and the Orfox+Orbot combo that came before it. However, forcing a user to install and launch Orbot before running your app is not a friendly experience. To address this they created NetCipher. NetCipher provides, among other things, an OrbotHelper utility class that lets your app check if Orbot is installed, prompt the user to install it easily, and automatically launch Orbot in the background when your app launches. It’s analogous to how the Tor Browser bundle launches a Tor service in the background. It’s not quite the same, though. The current official Tor Browser for Android does away with NetCipher and Orbot as a requirement, opting to bundle Tor within the application itself. This gives Tor Browser users across different platforms a familiar all-in-on experience. However, since Orbot integration is much simpler than adding a Tor daemon to our app we will use that instead. Volley Library and ProxiedHurlStack On the NetCipher library gitlab page you can see examples provided for many different Android HTTP libraries. The main supported methods are HttpUrlConnection, OkHttp3, HttpClient, and Volley. You can also see sample implementations for each of these techniques. Unfortunately, these examples and the artifacts associated with them for other HTTP clients did not work out of the box. Most of them haven’t really been touched in at least a year, and it appears the standard method of implementing Tor has gone from NetCipher+Orbot (analogous to proxying your local FireFox install through Tor) to an integrated Tor service in the APK itself (analogous to the Tor Browser bundle). After some trial and error, it turned out you don’t really need the info.guardianproject.netcipher:netcipher-volley artifact to get Tor working in your app. If you look at the StrongHurlStack.java source you can see it’s pretty straightforward to reimplement. We also came across this stackoverflow post describing the same concept. The example doesn’t include an SSLSocketFactory like the StrongHurlStack does, but we can rely on Tor to provide the end-to-end encryption and identity assurance that SSL would. SSL for Tor hidden services is redundant. Implementation We will assume you already have an API accessible as a hidden service at somesite.onion. The dependencies you need to add to your app level build.gradle file are the following: dependencies { implementation 'com.android.volley:volley:1.1.1 implementation 'info.guardianproject.netcipher:netcipher:2.1.0} Be sure to change the versions to the latest available at the time of implementation. Next, create a ProxiedHurlStack.java file and class as described in both the NetCipher examples and the stackoverflow post and add it to your project. package your.app.here;import com.android.volley.toolbox.HurlStack;import java.io.IOException;import java.net.HttpURLConnection;import java.net.InetSocketAddress;import java.net.Proxy;import java.net.URL;public class ProxiedHurlStack extends HurlStack { @Override protected HttpUrlConnection createConnection(URL url) throws IOException { Proxy proxy = new Proxy( Proxy.Type.SOCKS, InetSocketAddress.createUnresolved("127.0.0.1", 9050) ); return (HttpURLConnection) url.openConnection(proxy); }} Now in our MainActivity.java file we can import all the relevant libraries. package your.app.here;import com.android.volley.Request;import com.android.volley.RequestQueue;import com.android.volley.Response;import com.android.volley.VolleyError;import com.android.volley.toolbox.JsonObjectRequest;import com.android.volley.toolbox.Volley;import org.json.JSONObject;import info.guardianproject.netcipher.proxy.OrbotHelper; Next, we call init( and installOrbot() from our onCreate() method to spin up Orbot in the background. If Orbot is already installed, init() will return true and prompt Orbot to connect to the Tor network. If Orbot is not already installed, init() will return false and the user will be taken to the Play Store and prompted to install Orbot. When installation finishes the app will tell Orbot to create a connection to the Tor network. @Overrideprotected void onCreate(Bundle savedInstanceState) { // ... other actions here ... if (!OrbotHelper.get(this).init()) { OrbotHelper.get(this).installOrbot(this); }} Now we can build a JSON request to our hidden service. You would add this next part wherever you send requests to your API. JSONObject jsonBody = new JSONObject("{\"your payload\": \"goes here\"}");RequestQueue queue = Volley.newRequestQueue(this, new ProxiedHurlStack());String url = "http://somesite.onion/your/api/endpoint/here";JsonObjectRequest jsonRequest = new JsonObjectRequest( Request.Method.POST, url, jsonBody, new Response.Listener<JSONObject>() { @Override public void onResponse(JSONObject response) { // do something with the response } }, new Response.ErrorListener() { @Override public void onErrorResponse(VolleyError error) { // do something with the error } });queue.add(jsonRequest); And that’s it! Now you can test your app and see API calls being made to your hidden service. CapaciCard Is Already Working on iPhoneBusiness Continuity Plan: From Paper to Action
Carlos Ávila IoTM Mobile Applications and The Relevance Of Their Security Almost a year ago in the article “Internet of Health“ I described how incredible is the amount of applications and devices that the medical industry has deployed and will...
ElevenPaths DevSecOps: 7 Key Factors for Implementing Security in Devops DevSecOps, also known as SecDevOps, is a software development philosophy that advocates the adoption of security throughout the software development lifecycle (SDLC). DevSecOps is more than just a specific...
Antonio Gil Moyano Security in video call applications: Microsoft Teams, Zoom and Google Meet There is no doubt that instant messaging programmes have become an essential communication tool in our personal and professional lives. There is also no doubt that video calling applications,...
ElevenPaths Cyber Security Weekly Briefing June 5-11 Microsoft’s monthly bulletin Microsoft has released its June security bulletin, which fixes 50 vulnerabilities, including remote code execution (RCE) flaws, denial of service issues, privilege escalation and memory corruption issues....
ElevenPaths When I grow up I want to be… Engineer “What do you want to be when you grow up? A classic. So simple, yet so complex, and curiously so often asked when we are just kids… when perhaps...
Innovation and Laboratory Area in ElevenPaths We Are Taking Part in The Arsenal Black Hat USA 2021: Hybrid Pandemic Mode On Once again, the ElevenPaths Innovation and Lab team is taking part in the Black Hat USA 2021 Arsenal in Las Vegas to share a new open-source tool with the...
