...stuff I do and things I like...

Conferences

33c3 Hamburg, Germany 27-30 December. Downgrading iOS: From past to present by tihmstar. A look into the Mobile Messaging Black Box by Roland Schilling and Frieder Steinmetz. Dissecting modern (3G/4G) cellular modems by LaForge and holger. Geoloation methods in mobile networks by Erik.

Shmoocon Washington D.C. January. A Context-Aware Kernel IPC Firewall for Android - David Wu, Sergey Bratus.

Black Hat ASIA March 2017. FRIED APPLES: JAILBREAK DIY by Alex Hude and Max Bazaliy. MASHABLE: MOBILE APPLICATIONS OF SECRET HANDSHAKES OVER BLUETOOTH LE by Yan Michalevsky. REMOTELY COMPROMISING IOS VIA WI-FI AND ESCAPING THE SANDBOX by Marco Grassi.

I had to skip the November update due to a long overdue vacation. Playing with iOS webviews also did cost some time. Writing this blog becomes more and more time consuming since for some parts I would rather spent time on research than writing about other peoples research. Will see next year if I continue doing this or not. I'm doing this since January 2009 so it has been a few years.

New Conference:

Opcde Conference

Samsung confirms it will render the US Note 7 useless with next update since the owners don't seem to care to return the phones to Samsung even tho they would get a replacement device. This is kind of hilarious.

The scariest costume of all this Halloween is the Galaxy Note 7 recall https://t.co/g29SfWG9bO pic.twitter.com/Zc9Fe6s42X

— The Verge (@verge) October 19, 2016

Browser based iOS 9.3.x jailbreak (64bit only) it has been a while.

Chinese company installed secret backdoor on hundreds of thousands of phones

Here is the BLU R1 blind system command execution via Adups from July of this year - anyone think they care? pic.twitter.com/veUMGD8zSy

— Tim Strazzere (@timstrazz) November 22, 2016

Recently the topic of SMS 2FA came up again. While I agree that SMS is not the most secure version of 2FA it is far far better then not providing any 2FA mechanism for your service.

Seems like the right ordering, but when deployment is 98% < 2% < .5% < .01% complaining about SMS security is pretty silly. https://t.co/5ex3naa5a5

— Alex Stamos (@alexstamos) December 1, 2016

Links

Oxygen 9.0.3 allows to brute force a passcode for any Windows Phone 8 device from its physical dump!

Android system_server Code Loading Bypass

"Root" via dirtyc0w privilege escalation exploit (automation script) / Android (32 bit) Raw

Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems (paper)

JTAGing Mobile Phones (from August)

The limitations of Android N Encryption

The fight against Ghost Push continues

BitUnmap: Attacking Android Ashmem

Saving Data: Reducing the size of App Updates by 65% (looks interesting)

More Than 1 Million Google Accounts Breached by Gooligan

Telstra is switching off their GSM network

Qualcomm has a Bug Bounty now

Nintendo has a Bug Bounty now

Secure Rom extraction on iPhone 6s

Android Security Bulletin - December 2016

HackingTeam back for your Androids, now extra insecure!

SunShine 3.4.18 has been released. Bring Support for Android 7.x.x and latest HTC 10 updates

A detailed security assessment on Android Full Disk Encryption (paper)

BitUnmap: Attacking Android Ashmem

Fuzzing Android OMX (slides)

Anonymous web-based SMS

Mobile Network Codes (MNC) for the international identification plan for public networks and subscriptions (According to Recommendation ITU-T E.212 (09/2016))

Call me maybe: Exploiting iOS WebViews to force automatic FaceTime calls

Android Banking Malware Masquerading as Email App Targets German Banks

Second Chinese Firm in a Week Found Hiding Backdoor in Firmware of Android Devices

Powerful backdoor/rootkit found preinstalled on 3 million Android phones

RAGENTEK ANDROID OTA UPDATE MECHANISM VULNERABLE TO MITM ATTACK

New Reliable Android Kernel Root Exploitation Techniques (slides)

Analysis of iOS.GuiInject Adware Library

Android Security Bulletin - November 2016

HelDroid: Dissect Android Apps Looking for Ransomware Functionalities

Rooting Every Android From Extension To Exploitation by Di Shen (slides)

Mobile Espionage in the Wild Pegasus and Nation-State Level Attacks (slides)

The Android Security Center

Technical Analysis of the Pegasus Exploits on iOS (paper)

Just a place to dump the cdma data I collected while at Defcon 2016

CRiOS: Toward Large-Scale iOS Application Analysis (paper)

Exploring LTE security and protocol exploits with open source software and low-cost software radio by Roger Jover (slides)

Your smartphone is a civil rights issue (TED talk)

Receive SMS Online

Drammer APK

Android wear MiTM

*droid: Assessment and Evaluation of Android Application Analysis Tools (paper)

Using Google Fi on an iPhone

iOS WebView auto dialer bug