Collin R. Mulliner

November 2024
Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Conferences
upcoming: 32C3 (December), ShmooCon (January)

CFPs
SyScan 360

$10 Android Phone Walmart has a $10 Android phone. It is an LG device with Android 4.4 specs. I agree with Patrick McCanna on Smartphones @ featurephone prices will be a significant milestone towards monetizing mobile hacking. These prices really mean everybody is going to have a smartphone. Like everybody. I ordered two of those to play with.

Mobile pwn2own: two interesting results. (1) baseband of a Samsung S6 Edge, the payload was able to redirect incoming calls. This was done by my buddies Nico Golde and Daniel Komaromy. Here a picture of their setup. Story by various sites: 1, 2 (German), 3. (2) drive by APK install on Nexus 6 without user interaction by Guang Gong. tweets: 1 2 (with picture).

LTE Security: pretty interesting talk and paper about LTE design and implementation vulnerabilities. slides white paper. Blogpost by the same people: Practical attacks against 4G (LTE) access network protocols. One thing I didn't notice is how cheap LTE research is already. Their setup is just over $1000, which seems rather cheap for LTE.

Jobs
We at Square are looking for engineers, jobs should be super interesting for those who read this blog!

the GSMA is looking for a Cyber Security Director

Links
FakeDebuggerd.D, AFAIK the first Android Trojan infecting system binaries just like traditional virus (in Chinese)

tiny USB drive sized Qualcomm LTE base station

Samsung Mobile Security Blog I didn't know this existed

32c3 again has a GSM network

Remote Code Execution as System User on Android 5 Samsung Devices abusing WifiCredService (Hotspot 2.0)

Hey @sprint @sprintcare, what's up with sprint installing MDM profile on a new iPhone 6s at the store? sprint seems to install MDM profiles on to iPhones at the store, more investigation needed!

A vulnerability known as Wormhole affects the Baidu Moplus SDK and potentially exposes more than 100 Million users to cyber attacks.

VTS for Android vulnerability scanner for Android that is constantly updated!

Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge Google P0 takes a look at the S6 and finds 11 high impact issues.

The Zerodium 1 Million $ iOS 0day bounty was claimed on Nov. 2

ZipFury: Yet another Zip arbitrary file write with system privileges (Samsung Android)

SafetyNet doesn't detect a device as rooted if using the new system-less SuperSU

Characterizing SEAndroid Policies in the Wild (paper)

SEAL: SEAndroid Analytics Library for live device analysis (tool)

Long Term Exploitation - LTE security (slides)

Nexus 6P has two levels of bootloader unlocking

Xposed now for Android 6.0

Copperhead CTO: Nexus Phones Already More Secure Than BlackBerry Priv

AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.

android app capable of "self-compilation, mutation and viral spreading" (paper) and code

When providing a native mobile app ruins the security of your existing web solution(slides)

Why Does My Android Phone Have eFuses And Why Should I Care About Them?

AFL on Android

As Of Android 6.0, OEMs Will Be Required To Provide Secure Factory Reset On Their Devices (If They Haven't Already)

Nexus Security Bulletin November 2015

Remote attestation for TEEs and Verified Boot will be possible on Android N

the Ubuntu phone as security issues

ARMageddon: Last-Level Cache Attacks on Mobile Devices (paper)

GOOGLE AOSP EMAIL APP HTML INJECTION

The Terminator to Android Hardening Services (slides)

Android developer hotlinks an image on some guy's server, DDoS's it. He has no idea who to contact. (reddit)

ARMv8 has unprivileged cache flush instructions. (slides)

Mount Android phones on Linux with adb. No root required.

BlackBerry's PaX / grsecurity configuration

MalwAirDrop: Compromising iDevices via AirDrop (slides)

Android now has Signal too

don't jailbreak your iPhone (or else forensics)

... encrypted com app security scorecard ...

01:56 | /security | comments | permanent link | Imprint/Disclaimer


Name:
URL/Email:	[http://... or mailto:you@wherever] (optional)
Title:	(optional)
Comments:
Save my Name and URL/Email for next time (cookies required)

...stuff I do and things I like...

Mobile Security News Update November 2015