...stuff I do and things I like...

This is an early update for February. Two reasons, I have stuff to write about right now, second I'm going to be super busy in February.

This year I attended ShmooCon for the first time. I liked it a lot and plan to go again. I didn't know ShmooCon was running for 10 years already. They seem to have a good grip on the conference and don't let it explode in size.

Conferences

CanSecWest one of my favorite cons (maybe my #1). Talks: No Apology Required: Deconstructing Blackberry10 - Zach Lanier, Ben Nei ; Duo Security & Accuvant. Outsmarting Bluetooth Smart - Mike Ryan ; iSEC Partners. The Real Deal of Android Device Security: the Third Party - Colin Mulliner, Jon Oberheide ; Northwestern University, Duo Security.

Troopers (Heidelberg, Germany). There is one mobile talk in the main conference but there in addition they have TelSecDay (invite only) that focuses on Telecommunication security. The main conference talk is: Modern smartphone forensics: Apple iOS: from logical and physical acquisition to iCloud backups, document storage and keychain; encrypted BlackBerry backups (BB 10 and Olympia Service) by Vladimir Katalov.

nullcon (Goa, India) has a mobile talk this year: Modern smartphone forensics: Apple iCloud, encrypted BlackBerry backups, Windows Phone 8 cloud backup - by Vladimir Katalov.

SyScan 2014 looks super awesome this year. Josh "Monk" Thomas : "How to train your Snapdragon: Exploring Power Regulation Frameworks on Android". Dr Thaddeus (The) Grugq : "Click and Dragger: Denial and Deception on Android Smartphones". Alex Plaskett & Nick Walker "Navigating a sea of Pwn? : Windows Phone 8 AppSec".

Black Hat Asia THE INNER WORKINGS OF MOBILE CROSS-PLATFORM TECHNOLOGIES by Simon Roses Femerling.

HITB Amsterdam Shellcodes for ARM: Your Pills Don't Work on Me, x86 by SVETLANA GAIVORONSKI and IVAN PETROV.

RootedCON (Spain) talks: Raul Siles - iOS: Regreso al futuro, Pau Oliva - Bypassing wifi pay-walls with Android. Some talks look like they are mobile talks too :) (my Spanish is kinda bad)

Links

iOS SSL kill switch

Oldboot: the first bootkit on Android

Android/ARM Elf Infector Proof Of Concept

[GERMANY ONLY]Get as many Big Macs as you like for free thanks to JB (lol)

The Google Play Store App Has A Hidden Debug Menu, And Here's How Rooted Users Can Access It
(somebody should write a hack to get this using my DDI tools so you don't have to install Xposed).

Python implementation of passcode hashing algorithm used on the Samsung Galaxy S4 GT-I9505 4.2.2

Android vulnerability allows data to be stolen from VPN connections

Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications an academic paper. I was also briefly looking into dynamic code loading that a number of android apps are doing.

Android Emulator Detection by Observing Low-level Caching Behavior

There are a lot of interesting talks in the next month. I'm working on (and finished) some interesting projects that I can hopefully talk about soon.

Our Android book is finalized and thus should be available in April.

The Defcon CFP is already open so make sure you submit your talks early. Also checkout Area 41 a fine security conference in Switzerland, the CFP is still open.

This year I'm co-chairing ARES an academic security conference. Please consider submitting your papers.

If you are interested in NFC (Near Field Communication) check out the current draft of the Web NFC API. The standard defines how a "web page" can interact with NFC devices.