Conferences:Black Hat Asia March 29, Singapore. ANDROID COMMERCIAL SPYWARE DISEASE AND MEDICATION by Mustafa Saad. ENTERPRISE APPS: BYPASSING THE IOS GATEKEEPER by Avi Bashan & Ohad Bobrov. HEY YOUR PARCEL LOOKS BAD - FUZZING AND EXPLOITING PARCEL-IZATION VULNERABILITIES IN ANDROID by Qidan He. SU-A-CYDER: HOMEBREWING MALWARE FOR IOS LIKE A B0$$! by Chilik Tamir.
I guess it is still too early in the year for conference programs. ShmooCon just concluded, Infiltrate doesn't have any mobile talks, and SyScan didn't post accepted talks yet. This weekend I attended the first BSidesNYC. The conference was pretty good, some expected and some unexpected good talks. The conference venue was pretty nice and spacious. I will go again.
If you are into NFC research checkout: ChameleonMini - A Versatile NFC Card Emulator a new kickstarter project. The guys who run it definitely know what they are doing.
Links:Updated Android malware steals voice two factor authentication
Phone Hackers: Britain's Secret Surveillance Video by vice
Android-based Smart TVs Hit By Backdoor Spread Via Malicious App (not mobile but close enough)
Create an anonymous Signal phone number w/ Android
Covert Communication in Mobile Applications (paper)
Vulnerability in Blackphone Puts Devices at Risk for Takeover
spectrum monitoring system for GSM providers (a tool)
Nexus Security Bulletin - January 2016 has a bunch of critical stuff
(Un)Trusted Execution Environments (slides)
Parsing iOS Frequent Locations
A Forensic Analysis of Tinder (iOS)
How to Bypass Factory Reset Protection on your Nexus 6P, 5X, 5, & 6 (YouTube video)
[CVE-2015-7292] Amazon Fire Phone kernel stack based buffer overflow
Mediatek/Obi nerfed ALL property space security any user can control any property, even ro ones
CopperheadOS's OpenBSD malloc port uncovered a use-after-free in Android's fancy new over-the-air update sorcery
Added support to crack Android FDE (Samsung DEK) to oclHashcat v2.10! 171kH/s @ 290x, 217.7 kH/s @ 980Ti
DIVA (Damn insecure and vulnerable App) for Android
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis and the slides for it.
Experimental version of QEMU with basic support for ARM TrustZone (security extensions)
How to NOT disable SELinux on Android
your comment...