...stuff I do and things I like...

Conferences:

DeepSec Cracking And Analyzing Apple iCloud Protocols: iCloud Backups, Find My iPhone, Document Storage: Vladimir Katalov (ElcomSoft Co. Ltd.), Bypassing Security Controls with Mobile Devices: Georgia Weidman (Bulb Security LLC), Using memory, filesystems, and runtime to app pen iOS and Android: Andre Gironda, Mobile Fail: Cracking Open "Secure" Android Containers: Chris John Riley (c22.cc), Building the first Android IDS on Network Level: Jaime Sánche

Hack in the Box - Kuala Lumpur Tales from iOS 6 Exploitation and iOS 7 Security Changes: Stefan Esser, Cracking and Analyzing Apple's iCloud Protocols: Vladimir Katalov, Android DDI: Dynamic Dalvik Instrumentation of Android Applications and Framework: Collin Mulliner

BreackPoint Ruxcon A TALE OF TWO ANDROIDS: Jon Oberheide, ADVANCED IOS KERNEL DEBUGGING FOR EXPLOIT DEVELOPERS: Stefan Esser

BruCON Jake Valletta - CobraDroid, David Perez/Jose Pico - Geolocation of GSM mobile devices, even if they do not want to be found., Stephan Chenette - Building Custom Android Malware for Penetration Testing

Hackers2Hackers Android: Game of Obfuscation: Bremer & Chiossi, At ARMs length yet so far away: Brad Spengler

Links:

A very rudimentary Android DEX file parser
An In-Depth Introduction to the Android Permission Model
darm - Efficient ARMv7 Disassembler

Android PRNG Stuff:

So I guess everybody knows about the Android PRNG issue. See Some SecureRandom Thoughts Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist OpenSSL PRNG Is Not Really Fork-safe Upcoming paper at CCS'13: Soo Hyeon Kim (The Attached Institute of ETRI and KOREA Unisversity), Daewan Han (The Attached Institute of ETRI), Dong Hoon Lee (KOREA University) Predictability of Android OpenSSL's Pseudo Random Number Generator (those guys also got credited with reporting some issues about Android's OpenSSL PRNG usage). So they know about this for some time since the submission deadline for CCS was early in May. I wonder if the bitcoin heist could have been avoided if they notified the devs of the Android bitcoin wallet apps instead of Google.

Conferences:

SyScan 360 Tales from iOS 6 Exploitation and iOS 7 Security Changes by Stefan Esser; Mr. Big-dumb or Mr. Big-data: How smart is your mobile security intelligent system by Wayne Yan; Android Forensic Analysis Deep Dive by Bradley Schatz; Detecting Advanced Android Malware by Data Flow Analysis Engine by pLL and Zu Hao

HITB does not have a program yet.

I'm going to speak at HITB in Kuala Lumpur in October. My talk will be about Dynamic Dalvik Instrumentation. I will release all my code after the talk.

CfP

30c3 in Hamburg Germany (awesome location!)

Black Hat USA slides are available here.

News

Android secure random numbers are not random enough (bitcoin hack)

Android malware via ad network

BlackBerry explores a sale of the company

Hacking Transcend WiFi SD Cards

This recycling bin is following you

Make sure to check out the first release of POC||GTFO