...stuff I do and things I like...

Conferences

Black Hat EU November: ARMAGEDDON: HOW YOUR SMARTPHONE CPU BREAKS SOFTWARE-LEVEL SECURITY AND PRIVACY by Clementine Maurice and Moritz Lipp. DETACH ME NOT - DOS ATTACKS AGAINST 4G CELLULAR USERS WORLDWIDE FROM YOUR DESK by Bhanu Kotte, Siddharth Rao and Silke Dr Holtmanns. POCKET-SIZED BADNESS: WHY RANSOMWARE COMES AS A PLOT TWIST IN THE CAT-MOUSE GAME by Federico Maggi and Stefano Zanero. STUMPING THE MOBILE CHIPSET by Adam Donenfeld.

DerbyCon September: Beyond The ?Cript: Practical iOS Reverse Engineering by Michael Allen. AWSh*t. Pay-as-you-go Mobile Penetration Testing by Nathan Clark. Breaking Android Apps for Fun and Profit by Bill Sempf.

AppSec USA November: QARK: Android App Exploit and SCA Tool by Tushar Dalvi and Tony Trummer. SecureMe - Droid: Android Security Application by Vishal Asthana and Abhineet Jayaraj. OWASP Reverse Engineering and Code Modification Prevention Project (Mobile) by Dave Bott and Jonathan Carter. ShadowOS: Modifying the Android OS for Mobile Application Testing by Ray Kelly.

Apple now has a bug bounty program. Details were presented at Black Hat in Ivan Krstic's talk BEHIND THE SCENES OF IOS SECURITY. Also see Starting this fall, Apple will pay up to $200,000 for iOS and iCloud bugs (via Ars).

Motorola confirms that it will not commit to monthly security patches. This is pretty bad since I actually liked their Pure Edition devices (devices that basically are just AOSP).

Protecting Android with more Linux kernel defenses. They added some features from Grsecurity. This makes me happy.

Google's Android has gotten so out of control that $55 billion Salesforce had to take drastic measures, basically Salesforce in the close future will only support specific Samsung Galaxy and Nexus devices. This is an interesting way to deal with the very diverse Android ecosystem.

Pegasus Spyware / Trident for iOS was based on 3 vulnerabilities unsurprisingly a WebKit memory corruption, a Kernel info leak, and a kernel memory corruption. The spyware was capable of accessing text messages, iMessages, calls, emails, logs, and more from apps including Gmail, Facebook, Skype, WhatsApp, Viber, Facetime, Calendar, Line, Mail.Ru, WeChat, Surespot, Tango, Telegram, and others. (Source: Lookout Technical Report).

Oversec.io seems to implement our idea of mobile OTR on top of any messenger app. Oversec still looks very beta and I haven't tried it out. If anybody has tried it I would like to hear about it.

Pictures of the month:
(source: @raviborgaonkari)

(source: @marcwrogers)

Links

Technical Analysis of Pegasus Spyware (pdf)

Chainfire suhide tries to hide your Android root access

Android: protecting the kernel (slides)

Wie das BKA Telegram-Accounts von Terrorverdaechtigen knackt (German)

Hackers accessed Telegram messaging accounts in Iran - researchers (same as a above but in English)

Stumping the Mobile Chipset (Qualrooter) (slides)

Analysis of multiple vulnerabilities in different open source BTS products

gpapi (node lib for talking to Play Store)

Demystifying the Secure Enclave Processor (paper)

CopperheadOS ART no longer attempts to use executable code from /data/dalvik-cache, only boot.art

The slide and exploit of: A Way of Breaking Chrome's Sandbox in Android

Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-day Root Exploits (slides)

iOS 10 - Kernel Heap Revisited (slides)

Hacking Soft Tokens (Android) (slides)

Understanding Dalvik Static Fields part 2 of 2

Attacking BaseStations (slides)

GODLESS Mobile Malware Uses Multiple Exploits to Root Devices (android)

Android Binder Firewall (slides / paper / source)

ARM is bought by SoftBank

iREVERSE ENGINEERING AND EXPLOITING SAMSUNG'S SHANNON BASEBAND (tools)

LTE security, protocol exploits and location tracking experimentation with low-cost software radio (paper)

BtleJuice: The Bluetooth Smart MitM Framework (slides)

CuckooDroid: Automated Android Malware Analysis

Stagefright: An Android Exploitation Case Study (slides from usenix WOOT)

Tracking the Trackers: The most advanced rogue systems exploiting the SS7 Network today

SS7 Security : Putting the pieces together

ARMv8 Shellcodes from A to Z (paper)