...stuff I do and things I like...

Friday, May 06 2016

Mobile Security News Update May 2016

Conferences
    Black Hat USA Las Vegas. DEMYSTIFYING THE SECURE ENCLAVE PROCESSOR by Tarjei Mandt and Mathew Solnik. ADAPTIVE KERNEL LIVE PATCHING: AN OPEN COLLABORATIVE EFFORT TO AMELIORATE ANDROID N-DAY ROOT EXPLOITS by Tao Wei and Yulong Zhang. CAN YOU TRUST ME NOW? AN EXPLORATION INTO THE MOBILE THREAT LANDSCAPE by Josh Thomas. SAMSUNG PAY: TOKENIZED NUMBERS, FLAWS AND ISSUES by Salvador Mendoza.

    AppSec EU Rome. Don't Touch Me That Way. by David Lindner and Jack Mannino. Automated Mobile Application Security Assessment with MobSF by Ajin Abraham. Why Hackers Are Winning The Mobile Malware Battle - Bypassing Malware Analysis Techniques by Yair Amit.

    Hack in The Box Amsterdam, NL. SANDJACKING: PROFITING FROM IOS MALWARE by Chilik Tamir. FORCING A TARGETED LTE CELLPHONE INTO AN EAVESDROPPING NETWORK by Lin Huang. ADAPTIVE ANDROID KERNEL LIVE PATCHING by Tim Xia and Yulong Zhang. COMMSEC TRACK: INSPECKAGE - ANDROID PACKAGE INSPECTOR by Antonio Martins.

    Area41 When providing a native mobile application ruins the security of your existing Web solution by Jeremy Matos. IMSecure - Attacking VoLTE and other Stuff by Hendrik Schmidt & Brian Butterly. Reversing Internet of Things from Mobile Applications by Axelle Apvrille.

    Recon Montreal, CA. Breaking Band by Nico Golde and Daniel Komaromy. Hardware-Assisted Rootkits and Instrumentation: ARM Edition by Matt Spisak

This was a long break, I was covered in work and had other things to do. But I'm not giving up this blog. Sadly I missed a bunch of conferences earlier this year. Especially CanSecWest and Troopers/TelSecDay. TelSecDay looked really awesome this year! Sad to have missed it.

Work with me and other awesome people at Square we are looking for a bunch of different mobile security related people. Android and iOS!

For those who are interested in TrustZone or TrustZone implementations check out: War of the Worlds - Hijacking the Linux Kernel from QSEE This blog has a lot of awesome research on TrustZone and Qualcomm's implementation.

60 Minutes: shows how easily your phone can be hacked. As I said earlier on Twitter, this is as good as it gets on TV. All of the people on the show are pros (know all of them personally!). Of course if you are an expert yourself you will complain about anything shown on TV ;-)

Dilbert gets it:


Related to the iPhone will be bricked if the clock is set back too far.



Links