...stuff I do and things I like...

Conferences

Black Hat USA July 26-27 Las Vegas. 'GHOST TELEPHONIST' LINK HIJACK EXPLOITATIONS IN 4G LTE CS FALLBACK by Haoqi Shan, Jun Li, Lin Huang, Qing Yang, Yuwei Zheng. ALL YOUR SMS & CONTACTS BELONG TO ADUPS & OTHERS by Angelos Stavrou, Azzedine Benameur, Ryan Johnson. BROADPWN: REMOTELY COMPROMISING ANDROID AND IOS VIA A BUG IN BROADCOM'S WI-FI CHIPSETS by Nitay Artenstein. CLOAK & DAGGER: FROM TWO PERMISSIONS TO COMPLETE CONTROL OF THE UI FEEDBACK LOOP by Chenxiong Qian, Simon Pak Ho Chung, Wenke Lee, Yanick Fratantonio. DEFEATING SAMSUNG KNOX WITH ZERO PRIVILEGE by Di Shen. FIGHTING TARGETED MALWARE IN THE MOBILE ECOSYSTEM by Andrew Blaich, Megan Ruthven. HONEY, I SHRUNK THE ATTACK SURFACE – ADVENTURES IN ANDROID SECURITY HARDENING by Nick Kralevich. NEW ADVENTURES IN SPYING 3G AND 4G USERS: LOCATE, TRACK & MONITOR by Altaf Shaik, Andrew Martin, Jean-Pierre Seifert, Lucca Hirschi, Ravishankar Borgaonkar, Shinjo Park. SONIC GUN TO SMART DEVICES: YOUR DEVICES LOSE CONTROL UNDER ULTRASOUND/SOUND by Aimin Pan, Bo Yang, Shangyuan LI, Wang Kang, Zhengbo Wang. SS7 ATTACKER HEAVEN TURNS INTO RIOT: HOW TO MAKE NATION-STATE AND INTELLIGENCE ATTACKERS' LIVES MUCH HARDER ON MOBILE NETWORKS by Martin Kacer, Philippe Langlois. THE FUTURE OF APPLEPWN - HOW TO SAVE YOUR MONEY by Timur Yunusov.

(Black Hat has a very strong mobile security line up this year.)

Defcon July 27-30 Las Vegas. Man in the NFC by Haoqi Shan & Jian Yuan. (speaker selection not final)

MOSEC June, Shanghai added a bunch of talks (all mobile security related, obviously).

Recon June 16-18 Montreal, Canada. FreeCalypso: a fully liberated GSM baseband by Mychaela Falconia. Hacking Cell Phone Embedded Systems by Keegan Ryan.

This took a long time again. It gets harder and harder do to this since this stuff is not directly what I do on a day to day basis currently.

The Qualcomm Mobile Security summit was excellent again! Fantastic talks and again I met a bunch of people I mostly knew from email and/or twitter or haven't seen in quite some time. This conference still is unparalleled!

I had a minute to play with the BlackBerry KeyOne and it feels like a super solid device. The screen is bigger then I thought it would be and this makes the device almost too big for my taste - but this is hard to say from playing with it for just a minute.

So iOS will finally support NDEF tags.

Detect NFC tags on iOS 11.0! pic.twitter.com/70szXo1yny

— Aaron (@iosaaron) June 5, 2017

This talk is really interesting for anybody interested in mobile application security. This is not about mobile app reverse engineering but about app, backend, phone infrastructure interaction.

Previously top secret #TR16 talk on pwning Uber & Lyft (w/ live demos!) by @vlad_penetrator & @gramx is finally out! https://t.co/cqtAC69p7w

— Kelly Shortridge (@swagitda_) May 31, 2017

Pictures of the month:

Some old PalmOS devices on street in my hood <3 pic.twitter.com/gkePP0Uzd8

— Collin Mulliner (@collinrm) May 28, 2017

A Symbian phone appears #QPSISummit2017 pic.twitter.com/MFHiAEKl4T

— Collin Mulliner (@collinrm) May 18, 2017

So basically set your smartphone's name to %x%x%x%x and test for format string vulns in connected devices . here's a 2011 BMW 330i #Hackers pic.twitter.com/vhLKRnKYud

— Eهاb Huسein (@__Obzy__) May 17, 2017

Links

Papers and Slides from MOBILE SECURITY TECHNOLOGIES (MOST) 2017 an Academic Workshop

Android Security Bulletin - June 2017

LazyDroid - bash script to facilitate some aspects of an Android application assessment

factory and OTA images for Nexus devices

Android: Multiple Android devices do not revoke QSEE trustlets

Brazilian phishers are now asking for victim's IMEI in their fake bank pages, aiming to steal their accounts via mobile access

50+ iOS 11 Features Apple Didn't Announce On Stage [List]

Android Mazar 3.0 targets 41 banking apps

Google Publishes List of 42 Phones Running Latest Android Security Updates 42 is not a lot!

City-Wide IMSI-Catcher Detection

Up to $200,000 for Android exploits!

Mobile subscriber WiFi privacy (WiFi IMSI catcher!!) (paper)

Collection of the most common vulnerabilities found in iOS applications

Android O feature spotlight: Android tells you if an app is displaying a screen overlay

Priorities for Securing the Mobile Ecosystem (slides)

Cloak & Dagger Android Overlay attacks

Cloak & Dagger (slides)

Cloak & Dagger talk(youtube)

Honey, I Shrunk the Attack Surface Adventures in Android Security Hardening (slides)

With great speed comes great leakage - How processor performance is tied to side-channel leakage (slides)

Pwning the Nexus of Every Pixel (slides)

initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection

Android Encryption Demystified

iPhone 7 and 7 Plus get a stable jailbreak on iOS 10.1.1 with extra_recipe+yaluX

The Shadow over Android (slides)

Apparently Google Play Store can now manage your app signing keys, and 'opt-in is permanent (via Nikolay Elenkov)

Hacking iOS Applications a detailed testing guide (doc)

Android malware that infected 3500 devices/day

iOS/macOS bugs slaughter list by P0's Ian Beer

Hacking the Samsung Galaxy S8 Irisscanner

Learning about Bluetooth protocols and reverse-engineering them.

A Simple Tool for Linux Kernel Audits

Google VS Root: Why SafetyNet is now standard for developers

Google Play can now restrict app distribution based on SafetyNet Attestation results, SoC vendor etc (via John Kozyrakis)

US Senate Adopts Signal, HTTPS A Year After Trying To Kill Encryption

Alarming Security Defects in SS7, the Global Cellular Network - and How to Fix Them

iOS Kernel utilities

Dutch Cops Bust Another PGP BlackBerry Company for Alleged Money Laundering

Multiple MediaTek vulnerabilities

Google Working on Fix for Android Permission Weakness

More Android phones than ever are covertly listening for inaudible sounds in ads

The Jiu-Jitsu of Detecting Frida

Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol

Over 100 CF-Auto-Roots were updated by ChainfireXDA

Android Security Bulletin - May 2017

de-obfuscate Android Ztorg obfuscated strings

Android Applications Reversing 101

A diagram of the Android Activity / Fragment lifecycle

Example of a powerful overlay attack executed by Android banker (video)

Identifying an Android Device - Available Identifiers

Diving Deeper into Android O

How To Put Any Android Smartphone Into Monitor Mode Using Custom Script Without bcmon

Android app analysis and feature extraction library

Introduction to Fridump

Here's How To Track The Smartphone Apps That Are Tracking You

AssetHook: A Redirector for Android Asset Files Using Old Dogs and Modern Tricks

Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices (paper)

Dirty COW and why lying is bad even if you are the Linux kernel

How to build and integrate OpenSSL into your Android NDK project

iOS DeviceCheck. Access per-device, per-developer data that your associated server can use in its business logic.

Changes to Trusted Certificate Authorities in Android Nougat