...stuff I do and things I like...

Conferences

ekoparty October 21-23, Buenos Aires. ARM disassembling with a twist by Agustin Gianni and Pablo Sole. Exploiting GSM and RF to Pwn you Phone by Manuel Moreno and Francisco Cortes. Faux Disk Encryption: Realities of Secure Storage on Mobile Devices by Drew Suarez and Daniel Mayer. New Age Phreacking: Tacticas y trucos para fraudes en Wholesale by David Batanero.

Hackito Ergo Sum October 29-30, Paris, France. Malicious AVPs: Exploits to the LTE Core by Laurent Ghigonis & Philippe Langlois. Android malware that won't make you fall asleep by By Lukasz Siewierski.

The RIM BlackBerry PRIV looks like a real interesting device. The PRIV seems to focus on security. The website claims a hardend linux kernel, and indeed they seem to run a grsec kernel as you can see in this picture (lower left corner) posted on the Crackberry forum. Some comments about this in this series of tweets.



There is a new security news outlet with focus on the consumer angle it is called The Parallax. It is super new and does not have many articles yet. But I think the consumer focus could be interesting.


Job Section (just because I know about a bunch of stuff)

Intern at Siemens with focus on Mobile Security (Germany)

I know that Button Inc in NYC is looking for mobile developers.

Square is looking to hire multiple security people.

Links

Pangu iOS 9 jailbreak

Cryptfs Password Manager with Android 6 support

Android banking Trojan delivers customized phishing pages straight from the cloud

OpenKeychain Audit (PDF)

The AuditDroid Project is a fully functional and self-contained environment for learning about Android security

Android Vulnerability Test Suite - now detects CVE-2015-6602

Attackers with brief physical access can enable WiFi MITM on Android 6.0

A "shim" for loading native jni files for Android active debugging

Androguard: A simple step by step guide

Interesting Twitter thread about HTC and Security updates for Android including the HTC USA President

Same Sh*t Different Android Browser

Nexus 5X and Nexus 6P review: The true flagships of the Android ecosystem contains a large section disk encryption performance on various Android devices

A Look at Marshmallow Root & Verity Complications

SELinux in Android Lollipop and Marshmallow (PDF)

Current State of Android Privilege Escalation (PDF)

AOSP 4.4.4 ROM for grouper (Nexus7) with DexHunter automatic unpacker built in

Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).

Using Android's tamper detection securely in your app

An Xposed and adbi based module which is capable of hooking both Java and Native methods targeting Android OS.

microG GmsCore is a FLOSS (Free/Libre Open Source Software) framework to allow applications designed for Google Play Services to run on systems, where Play Services is not available.

Nexus Security Bulletin—October 2015

The Nexus 5X And 6P Have Software-Accelerated Encryption, But The Nexus Team Says It's Better Than Hardware Encryption

Reverse Shell Over SMS (Exploiting CVE-2015-5897) (OS X)

Nexus 6P has a hardware fuse that blows irreversibly when bootloader unlocked.

BoringSSL runs Android M and other stuff...

YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs (not actually the FIRST)

Conferences

Black Hat Europe November, Amsterdam NL. ALL YOUR ROOT CHECKS BELONG TO US: THE SAD STATE OF ROOT DETECTION by Azzedine Benameur & Nathan Evans & Yun Shen. ANDROBUGS FRAMEWORK: AN ANDROID APPLICATION SECURITY VULNERABILITY SCANNER by Yu-Cheng Lin. AUTHENTICATOR LEAKAGE THROUGH BACKUP CHANNELS ON ANDROID by Guangdong Bai. FAUX DISK ENCRYPTION: REALITIES OF SECURE STORAGE ON MOBILE DEVICES by Daniel Mayer & Drew Suarez. FUZZING ANDROID: A RECIPE FOR UNCOVERING VULNERABILITIES INSIDE SYSTEM COMPONENTS IN ANDROID by Alexandru Blanda. LTE & IMSI CATCHER MYTHS by Ravishankar Borgaonkar & Altaf Shaik & N. Asokan & Valtteri Niemi & Jean-Pierre Seifert. TRIAGING CRASHES WITH BACKWARD TAINT ANALYSIS FOR ARM ARCHITECTURE by Dongwoo Kim & Sangwho Kim.

Secret Conference October 9th, NYC. Talks by Jon Callas and Dan Ford from Silent Circle / Blackphone.

Ruxcon October 24-25 Melbourne, Aus. TEAM PANGU on DESIGN, IMPLEMENTATION AND BYPASS OF THE CHAIN-OF-TRUST MODEL OF IOS. MARK DOWD on MALWAIRDROP: COMPROMISING IDEVICES VIA AIRDROP. JOSHUA KERNELSMITH SMITH on HIGH-DEF FUZZING: EXPLORING VULNERABILITIES IN HDMI-CEC. BABIL GOLAM SARWAR on HACK NFC ACCESS CARDS & STEAL CREDIT CARD DATA WITH ANDROID FOR FUN &PROFIT. COLBY MOORE on SPREAD SPECTRUM SATCOM HACKING: ATTACKING THE GLOBALSTAR SDS.

ToorCon San Diego October 24-25, San Diego, CA. The Phr3$h Pr1nc3 0f Bellk0r3 on Fuzzing GSM for fun and profit.

SyScan360i October 21-22 Beijing China. Fuzzing Android System Service by Binder Call to Escalate Privilege by Guang Gong.

PacSec November, Tokyo JP. BlueToot / BlueProx - when Bluetooth met NFC by Adam Laurie.

ZeroNights 25-26 November, Russia. Extracting the painful (Blue)tooth by Matteo Beccaro and Matteo Collura.

HP / ZDI will not run Mobile Pwn2Own at PacSec (in Japan) due to export restrictions. Source Dragos Ruiu. This is unfortunate.

Personal note: Since September I'm working for Square doing mobile security engineering. This blog will only be temporarily affected by the job switch as I get settled I will return to more then one post per month.

Links

Motorola Marketed The Moto E 2015 On Promise Of Updates, Is Now Apparently Ending Them After 219 Days

ANDROID PAY: PROXY NO MORE Super interesting post on the insides of Android Pay and Google Wallet

iOS 9 code vulnerability lets hackers steal thousands of dollars worth of in-app purchases

XcodeGhost Source

AndFix is a library that offer hot-fix for Android App. some parts looks very very similar to PatchDroid. I have to look closer at this.

Announcing Android Vulnerability Test Suite

PoC code for 32 bit Android OS - ping pong root

Android 5.x Lockscreen Bypass (CVE-2015-3860)

Defeating SSL Pinning in Coin's Android Application

Assessing Android Applications Using Command-Line Fu (slides)

The Latest on Stagefright: CVE-2015-1538 Exploit is Now Available for Testing Purposes

SunShine - The #1 Bootloader Unlock tool For Your HTC or Motorola Smartphone! not new but not too many people know about this

DexHunter General Automatic Unpacking Tool for Android Dex Files

SafetyNet Helper wraps the Google Play Services SafetyNet.API and verifies Safety Net API response with the Android Device Verification API.

SafetyNet: Google's tamper detection interesting insights in the on-device parts of SafetyNet.

Zimperium zLabs is Raising the Volume: New Vulnerability Processing MP3/MP4 Media.

baksmali 2.1

The Nexus 5X And 6P Have Software-Accelerated Encryption, But The Nexus Team Says It's Better Than Hardware Encryption

Android Now Shows Your Device's "Android Security Patch Level" In Marshmallow

The road to efficient Android fuzzing

An IDA Pro based Dex Dumper plugin

Kernel Vulnerabilities in the Samsung S4

Mobile Security Challenge Organized by Alibaba

Ruminations on App CVEs

Spoofing and intercepting SIM commands through STK framework (Android 5.1 and below) (CVE-2015-3843)

DexHook is a small xposed module for hooking BaseDexClassLoader and capturing dynamically loaded jars/dex files without interfering with the normal run of the application.

Android M Begins Locking Down Floating Apps, Requires Users To Grant Special Permission To Draw On Other Apps

Hack Brief: Upgrade to iOS 9 to Avoid a Bluetooth iPhone Attack

Android Security Symposium - all slides online

Unbillable: Exploiting Android In App Purchases by Alfredo Ramirez at Derbycon 2015 I haven't watched this yet.

The problems with JNI obfuscation in the Android Operating System by Rick Ramgattie at Derbycon 2015 Haven't watched this yet.