...stuff I do and things I like...

Conferences

Defcon QARK: Android App Exploit and SCA Tool Tony Trummer and Tushar Dalvi (this is the only talk that was added after my last post)

Breakpoint 22-23 October, Melbourne, Australia. TEAM PANGU: DESIGN, IMPLEMENTATION AND BYPASS OF THE CHAIN-OF-TRUST MODEL OF IOS; JORDI VAN DEN BREEKEL: RELAYING EMV CONTACTLESS TRANSACTIONS WITH OFF-THE-SHELF ANDROID DEVICES; DMITRY KURBATOV: ATTACKS ON TELECOM OPERATORS AND MOBILE SUBSCRIBERS USING SS7.

All other conferences still have their CFPs open and didn't post any talks yet. The BreakPoint schedule is also not final yet.

I wanted to point to something that apparently not many people know about: Pangu jailbreak installs unlicensed code on millions of devices. Pangu has their own statement about this. The Wikipedia page about Pangu Team states that they didn't have to sign an NDA for the training and therefore can use the vulnerability. Stefan's point is not about the vulnerability but about his code. All in all I can't verify all claims but I would say I know Stefan well enough to say that he would not make this up simple because he doesn't need to. He is very well known anyway so this is not a publicity issue for him. I 100% agree with Stefan's point of view about denying people from speaking at conferences if they are known to take credit or sell code they don't own or have a license for. I encourage everybody to read up on this and to read statements made by BOTH sides. Please share your opinion with people who run conferences.

Android now has a bug bounty program, or as the call it Android Security Rewards Program. Pretty cool, I wonder if they get more submissions because of this.

Apple tries to kill plain-text connections "If you're developing a new app, you should use HTTPS exclusively.". This feature is called App Transport Security (ATS) and in the current iOS 9 version it can still be disabled. See: Configuring App Transport Security Exceptions in iOS 9 and OSX 10.11.

Android has had a similar feature for some time. Android M introduces a new Manifest option to declare if an app uses clear text traffic or not. Deepening on this option the framework can deny clear text traffic from the app. A decent writeup on this topic is here: Android M and the war on clear text traffic.

Links

Untether TaiG Jailbreak Tool for iOS 8.3

Hacking and Securing iOS Applications in Chinese

Remotely Abusing Android - Ryan Welton (slides)

dexstrings Extracting the strings from the .dex files with meaning.

A Pattern for Remote Code Execution using Arbitrary File Writes and MultiDex Applications

Digging for Android Kernel Bugs (slides)

Man in the (Android) Middleware (slides)

byeselinux: Android kernel module to bypass SELinux at boot. Made for XZDualRecovery (Xperia) and Lollipop firmwares.

Complex Method of Obfuscation Found in Dropper RealShell

The dextra utility began its life as an alternative to the AOSP's dexdump and dx ...

ARM Trusted Firmware - version 1.1

Reversing DexGuard's String Encryption

Integrating PaX into Android

Yet Another Mediatek Backdoor (by @jcase)

How to Root 10 Million Phones with One Exploit by Keen Team (slides)

Understanding Android's Application Update Cycles

Firefox OS on Android Devices

Android Activity Security

Fitness Tracker: Hack In Progress (slides)

Fuzzing Objects d’ART — Hack In The Box 2015 Amsterdam