[Techie Tuesdays] How hacking Android changed Subho Halder’s life for better
Mark Zuckerberg has admitted it many times that not thinking mobile-first was one of his biggest mistakes. The fact that smartphones rule our lives is pretty clear. With more applications on mobile and the mindshare they are getting, it is quite evident that this also opens a door for exploitation by malicious applications. This also means that a mobile phone is more susceptible to a malicious attack than a computer and the damage done will be exponential when compared to a computer.
Most hackers in their early days hack for the thrill of it. The idea of overcoming a technological barrier or finding a loophole and going around it is fancied by most kids who have even the slightest knowhow of computers. Subho Halder, Cofounder of Appknox, started looking for loopholes in Android to stalk his girlfriend (she wasn't his girlfriend that time) by making apps and getting her to download them. Using these apps he could read her messages and other data on her phone. He later revealed this to her when they were together. Little did he know that his obsession for finding security loopholes would change his life.
Subho was born and brought up in Kolkata. His father is an aircraft maintenance engineer with Air India. The atmosphere at home promoted scientific thinking. When his father got him a PC, Subho figured out a way to make money by designing wedding websites for people using Yahoo geocities. When his dad got him a TV tuner card, while he was still at school, he started converting VCRs to VCDs by connecting them and started this service to make petty cash. As Subho passed high school, his interest moved towards freelancing. He started learning PhP and other programming languages.
Subho wanted to do his higher education from Sheffield College, London, but his father advised him against it as he didn't want Subho to go away. He finally decided to do his engineering from KIIT, Bhubaneswar, where he joined electronics communication and technology. It was in his second year that Subho decided to jump into robotics. This is when he learnt about interfacing in C and Assembly language. He started participating in several competitions in different IITs and NITs and won several of them.
As time progressed, Subho got interested in security and started writing white papers and sending them to conferences. He submitted a paper on stealing information from phones at the ClubHack conference, Pune. To find a generic way to inject code in applications, Subho developed the AFE (Android Framework for Exploitation) similar to Metasploit for Android. Before AFE there was no tool in the market which could be used to inject code into Android apps. Creating AFE got him instant recognition in security circles and Subho started getting invitations to various conferences around the world.
However, people also started misusing the framework and this led him to stop supporting it. Subho claims the EC Council approached him to include the framework as part of their syllabus but since he had stopped supporting the framework, Subho requested them not to include this in the syllabus.
But it is not only Android where Subho has tried his skills. He has been in the Hall of Fame of several websites ranging from Facebook, Google(twice), Microsoft(thrice), Apple Security Researcher and iOS 7 Advisory list for discovering multiple bugs and vulnerabilities.
To undo the ill effects of AFE, Subho quit his job at TCS and got together with his friends Harshit Agarwal and Prateek Panda to start Appknox. Appknox finds security loopholes in Android applications. The company got incubated at JFDI Incubator, Singapore. Apart from finding security loopholes, Subho has developed the instant messaging extension for Joomla. He has also been fixing issues in the ghost blogging platform of Node.js
At present, Subho is helping with the Androguard project which is a Python tool to play around with Android apks. Talking about our education system, Subho says one of his dreams is to minimise the gap between what is taught in the industry and what is actually used in real life. When asked about the technology of the future, Subho says he is betting on 3D printing and looking forward to a time when human body organs can be 3D printed.