...stuff I do and things I like...

Conferences

Black Hat EU November, London UK. ARMAGEDDON: HOW YOUR SMARTPHONE CPU BREAKS SOFTWARE-LEVEL SECURITY AND PRIVACY Speaker: Clementine Maurice, Moritz Lipp. DETACH ME NOT - DOS ATTACKS AGAINST 4G CELLULAR USERS WORLDWIDE FROM YOUR DESK Speaker: Bhanu Kotte, Dr. Silke Holtmanns, Siddharth Rao. MOBILE ESPIONAGE IN THE WILD: PEGASUS AND NATION-STATE LEVEL ATTACKS Speaker: Max Bazaliy, Seth Hardy. POCKET-SIZED BADNESS: WHY RANSOMWARE COMES AS A PLOT TWIST IN THE CAT-MOUSE GAME Speaker: Federico Maggi, Stefano Zanero. ROOTING EVERY ANDROID: FROM EXTENSION TO EXPLOITATION Speaker: Di Shen, Jiahong (James) Fang. SIGNING INTO ONE BILLION MOBILE APP ACCOUNTS EFFORTLESSLY WITH OAUTH2.0 Speaker: Ronghai Yang, Wing Cheong Lau. STUMPING THE MOBILE CHIPSET Speaker: Adam Donenfeld. WIFI-BASED IMSI CATCHER Speaker: Piers O'Hanlon, Ravishankar Borgaonkar.

PacSec Tokyo Japan, October. Demystifying the Secure Enclave Processor by Mathew Solnik.

The most interesting read this week was The bumpy road towards iPhone 5c NAND mirroring a paper by Sergei Skorobogatov. In this paper he shows how to implement a NAND mirroring attack against an iPhone 5C. The basic idea behind this attack is erase the PIN failure counter between each set of tries to avoid the artificial brute force delay and to avoid data deletion after N failed PINs. The paper goes into great detail on various problems he encountered while implementing the attack. I highly recommend reading this paper. The picture below is taken from this paper.

Google's Project Zero now has an Android "Prize" for achieving RCE on a Nexus device with only knowing it's email address or phone number. Apparently you can't use a BTS (via @jduck) for this attack. Overall this looks interesting, I wonder if anybody is going to claim the money soon. Announcement: Project Zero Prize.

Links

iCloud, iHack, iSpam

Android Premium SMS Warning Message Manipulation

tool to inspect, dump, modify, search and inject libraries into Android processes.

How My Rogue Android App Could Monitor & Brute-force Your App's Sensitive Metadata

APK Signature Scheme v2

Just One Photo Can Silently Hack Millions Of Androids (@TimStrazz)

Parse the Qualcomm DIAG format and convert 2G, 3G and 4G radio messages to Osmocom GSMTAP for analysis in wireshark and other utilities.

PEGASUS iOS Kernel Vulnerability Explained by Stefan Esser

Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB

VB2016 preview: Mobile Applications: a Backdoor into Internet of Things?

Hiding root with suhide

Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor

Reverse Engineering Xiaomi's Analytics app

A Case of Misplaced Trust: How a Third-Party App Store Abuses Apple's Developer Enterprise Program to Serve Adware

File-Based Encryption in Android 7

Linux Security Summit Videos a lot is Android relevant

Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis (paper)

suhide v0.51 released

Introducing BLESuite and BLE-Replay: Python Tools for Rapid Assessment of Bluetooth Low Energy Peripherals

Samsung Android Security Updates - September

A Survey on Android ELF Malware

Keeping Android safe: Security enhancements in Nougat

Nexus Device Downloads via jduck @ droidsec