Collin R. Mulliner

November 2024
Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

November 2024

Sun

Mon

Tue

Wed

Thu

Fri

Sat

Conferences:
Black Hat Asia March 29, Singapore. ANDROID COMMERCIAL SPYWARE DISEASE AND MEDICATION by Mustafa Saad. ENTERPRISE APPS: BYPASSING THE IOS GATEKEEPER by Avi Bashan & Ohad Bobrov. HEY YOUR PARCEL LOOKS BAD - FUZZING AND EXPLOITING PARCEL-IZATION VULNERABILITIES IN ANDROID by Qidan He. SU-A-CYDER: HOMEBREWING MALWARE FOR IOS LIKE A B0$$! by Chilik Tamir.

I guess it is still too early in the year for conference programs. ShmooCon just concluded, Infiltrate doesn't have any mobile talks, and SyScan didn't post accepted talks yet. This weekend I attended the first BSidesNYC. The conference was pretty good, some expected and some unexpected good talks. The conference venue was pretty nice and spacious. I will go again.

If you are into NFC research checkout: ChameleonMini - A Versatile NFC Card Emulator a new kickstarter project. The guys who run it definitely know what they are doing.

Links:
Updated Android malware steals voice two factor authentication

Phone Hackers: Britain's Secret Surveillance Video by vice

Android-based Smart TVs Hit By Backdoor Spread Via Malicious App (not mobile but close enough)

Create an anonymous Signal phone number w/ Android

Covert Communication in Mobile Applications (paper)

Vulnerability in Blackphone Puts Devices at Risk for Takeover

spectrum monitoring system for GSM providers (a tool)

Nexus Security Bulletin - January 2016 has a bunch of critical stuff

(Un)Trusted Execution Environments (slides)

Parsing iOS Frequent Locations

A Forensic Analysis of Tinder (iOS)

How to Bypass Factory Reset Protection on your Nexus 6P, 5X, 5, & 6 (YouTube video)

[CVE-2015-7292] Amazon Fire Phone kernel stack based buffer overflow

Mediatek/Obi nerfed ALL property space security any user can control any property, even ro ones

CopperheadOS's OpenBSD malloc port uncovered a use-after-free in Android's fancy new over-the-air update sorcery

Added support to crack Android FDE (Samsung DEK) to oclHashcat v2.10! 171kH/s @ 290x, 217.7 kH/s @ 980Ti

DIVA (Damn insecure and vulnerable App) for Android

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis and the slides for it.

Experimental version of QEMU with basic support for ARM TrustZone (security extensions)

How to NOT disable SELinux on Android

15:43 | /security | comments | permanent link | Imprint/Disclaimer

...stuff I do and things I like...

Mobile Security News Update January 2016