...stuff I do and things I like...

Conferences

Black Hat USA July 22-27 Las Vegas. BROADPWN: REMOTELY COMPROMISING ANDROID AND IOS VIA A BUG IN BROADCOM'S WI-FI CHIPSETS by Nitay Artenstein. (Program not complete)

SyScan360 May 30-31 Seattle. Exploit iOS 9.x Userland with LLDB JIT by Wei Wang. The wounded android WIFI driver New attack surface in cfg80211 by Hao Chen.

MOSEC June, Shanghai. Revisiting the Kernel Security Enhancements in iOS 10 AND Pwning Apple Watch. (Program still not complete)

Recordings for the first OsmoCon are available here. OsmoCon is, of course, a conference about the OsmoCom projects!

Android O news: will prompt for pin/passcode before enabling developer options, further Android O changes device identifiers and how to access them.

If you are interested in mobile backing Trojans you should follow Lukas Stefanko:

[Research] Lately discovered another Mobile Banking Trojan on #GooglePlay with up to 5,000 installs. #Malwarehttps://t.co/rcgmGr2Kgo pic.twitter.com/wW4lNsoCAn

— Lukas Stefanko (@LukasStefanko) April 19, 2017

Somebody released the source code of FlexiSpy (mobile phone spyware) to the public. The release notes are here: readme.txt. The download is here: FlexiSpyOmni.zip, collection of all data is here: Source code and binaries of FlexiSpy from the Flexidie dump and a writeup of the dump is here: FlexSpy Application Analysis. I bet we will see more details in the coming weeks!

Does Blackberry give out review samples for the KEYone? I would really like one and give it a try (would post full review here of course!).


All Nokia phones ever made.

"With this code quality, I don't think that's a good move" -- @esizkur on Chinese baseband explo{rat,oit}ion #youkillityoueatit pic.twitter.com/nkhuR1KPs2

— Morgan Marquis-Boire (@headhntr) April 6, 2017

Yo Ralf where the slides at?


Links

ss7 assessment tool

ss7 map testing tool

Fried Apples (slides)

The Galaxy S8's facial scanner can, unsurprisingly, be tricked with a photo (Biometrics are convenience not security)

jtrace - augmented, Android aware strace

Mobile Telephony Threats in Asia (slides)

Sunshine update

Security updates in iOS 10.3.1 a lot of webkit and kernel bugs

Pegasus for Android (paper)

3G/4G Intranet Scanning (slides)

Know your community - Stefan Esser

Protection Profile for Mobile Device Fundamentals

CVE-2017-2416 Remote code execution triggered by malformed GIF in ImageIO framework, affecting most iOS/macOS apps (blog post)

Easy 4G/LTE IMSI Catchers for Non-Programmers (paper)

More Android Anti-Debugging Fun

Analysis of the Facebook.app for iOS [v. 87.0] (blog post)

Over The Air: Exploiting Broadcom's Wi-Fi Stack (Part 1)

Over The Air: Exploiting Broadcom's Wi-Fi Stack (Part 2)

Slides for the Android Security Symposium 2017

FemotoCell Hacking (slides)

iOS Kernel Integrity Protection bypass via Tick (FPU) Tock (IRQ)

DexGuard vs. ProGuard (WARNING: post is by a app protection company)

Bose headphones secretly data-mine users if they have the app installed on their phone!

Cellular Provider Record Retention Periods

AndroidKernelExploitationPlayground

Attack TrustZone with Rowhammer (slides)

libmobiledevice 2.0

A surprise encounter with a telco APT (slides)

The Shadow over Android Heap exploitation assistance for Android's libc allocator (slides)

Vulnerability Exploitation and Mitigation in Android (slides by Google)

Stetho: A debug bridge for Android applications

Why Banker Bob (still) Can't Get TLS Right: A Security Analysis of TLS in Leading UK Banking Apps (blog post + paper)

Calling JNI Functions with Java Object Arguments from the Command Line (blog post)

Logic Bug Hunting in Chrome on Android (slides)

Redex and Android byteCode optimizer

AppMon is an automated framework for monitoring and tampering system API calls of native apps on macOS, iOS and Android

Android Security Bulletin - April 2017

Android Vendor Test Suite (VTS)

Mobile Security Research - 2017 Q1

Forensics Investigation of Android Phone using Andriller

Using Frida on Android without root

Introducing 'gnirehtet', a reverse tethering tool for Android

Man sues Confide: I wouldn't have spent $7/month if I'd known it was flawed

Who owns your runtime?