...stuff I do and things I like...

Conferences

Black Hat USA Las Vegas, July 26-27. ALL YOUR SMS & CONTACTS BELONG TO ADUPS & OTHERS by Angelos Stavrou, Azzedine Benameur, Ryan Johnson. NEW ADVENTURES IN SPYING 3G AND 4G USERS: LOCATE, TRACK & MONITOR by Altaf Shaik, Andrew Martin, Jean-Pierre Seifert, Lucca Hirschi, Ravishankar Borgaonkar, Shinjo Park. SS7 ATTACKER HEAVEN TURNS INTO RIOT: HOW TO MAKE NATION-STATE AND INTELLIGENCE ATTACKERS' LIVES MUCH HARDER ON MOBILE NETWORKS by Martin Kacer, Philippe Langlois. FIGHTING TARGETED MALWARE IN THE MOBILE ECOSYSTEM by Andrew Blaich, Megan Ruthven. GHOST TELEPHONIST LINK HIJACK EXPLOITATIONS IN 4G LTE CS FALLBACK by Haoqi Shan, Jun Li, Lin Huang, Qing Yang, Yuwei Zheng. HONEY, I SHRUNK THE ATTACK SURFACE – ADVENTURES IN ANDROID SECURITY HARDENING by Nick Kralevich. DEFEATING SAMSUNG KNOX WITH ZERO PRIVILEGE by Di Shen. BLUE PILL FOR YOUR PHONE by Oleksandr Bazhaniuk, Yuriy Bulygin. CLOAK & DAGGER: FROM TWO PERMISSIONS TO COMPLETE CONTROL OF THE UI FEEDBACK LOOP by Chenxiong Qian, Simon Pak Ho Chung, Wenke Lee, Yanick Fratantonio.

Defcon Las Vegas. Jailbreaking Apple Watch by Max Bazaliy. Inside the "Meet Desai" Attack: Defending Distributed Targets from Distributed Attacks by CINCVolFLT (Trey Forgety). macOS/iOS Kernel Debugging and Heap Feng Shui by Min(Spark) Zheng & Xiangyu Liu. Using GPS Spoofing to Control Time by David "Karit" Robinson. Phone System Testing and Other Fun Tricks by "Snide" Owen. Unboxing Android: Everything You Wanted To Know About Android Packers by Avi Bashan & Slava Makkaveev. Ghost in the Droid: Possessing Android Applications with ParaSpectre by chaosdata. Ghost Telephonist' Impersonates You Through LTE CSFB by Yuwei Zheng & Lin Huang. Bypassing Android Password Manager Apps Without Root by Stephan Huber & Siegfried Rasthofer. Man in the NFC by Haoqi Shan & Jian Yuan.

USENIX Workshop on Offensive Technologies (WOOT) Vancouver Canada, 14-15 August. Shattered Trust: When Replacement Smartphone Components Attack by Omer Shwartz, Amir Cohen, Asaf Shabtai, and Yossi Oren. White-Stingray: Evaluating IMSI Catchers Detection Applications by Shinjo Park and Altaf Shaik, Ravishankar Borgaonkar, Andrew Marti, Jean-Pierre Seifert. fastboot oem vuln by Roee Hay.

Black Hat and Defcon have a really good number of mobile related talks this year.

It was a busy month and July will be even busier. I'll be at GSMA DSG, Black Hat and Defcon July and Usenix WOOT in mid August

OEM just told Google a bug I submitted isn't a bug. It is a FULL permement secureboot bypass.

— Jon Sawyer (@jcase) July 6, 2017

Picture of month:

Liang Chen is demostrating iOS 11.0 beta 2 jailbreak on iPhone 7. pic.twitter.com/wA7U9AQ32E

— vangelis (@vangelis_at_POC) June 23, 2017

There is a lot happening in the Android boot loader world at the moment. I guess this is what happens when the devices get more and more locked down - people go after the root of trust.

Links:

Emulation and Exploration of BCM WiFi Frame Parsing using LuaQEMU

New attack can now decrypt satellite phone calls in "real time"

Library injection for debuggable Android apps

Attack TrustZone with Rowhammer

All slides from MOSEC 2017

Researchers Build Firewall to Deflect SS7 Attacks

Android Security Bulletin - July 2017

mobile CTF by HackerOne

Secure Mobile Application Development

ANDROID O AND DEX 38: DALVIK OPCODES FOR DYNAMIC INVOCATION

IMSecure - Attacking VoLTE (and other Stuff)

Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP

Thieves caught hours after stealing GPS tracking devices from tech company

How the Osmocom GSM stack is funded

OWASP list of the most important security tools for Android and iOS

For $500, this site promises the power to track a phone and intercept its texts

A recopilatory of useful android tools

Privacy Threats through Ultrasonic Side Channels on Mobile Devices (paper)

Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone (paper)

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations (paper)

Dvmap: the first Android malware with code injection

JNI method enumeration in ELF files

root shell on Moto G4 & G5 with a Secure Boot and Device Locking Bypass

Breaking Samsung Galaxy Secure Boot through Downloaded mode (paper)

A very minimalist smali emulator that could be used to "decrypt" obfuscated strings

anti vm on android

Back That App Up: Gaining Root on the Lenovo Vibe

PoCs for Android July bulletin: CVE-2017-8260 CVE-2017-0705 CVE-2017-8259

Secure initialization of TEEs: when secure boot falls short

Reverse Engineering Samsung S6 SBOOT - Part II

No permission required for SMS verification in Android O