...stuff I do and things I like...

Conferences

Black Hat ASIA Singapore March 28-31. FRIED APPLES: JAILBREAK DIY by Alex Hude, Max Bazaliy, Vlad Putin. ANTI-PLUGIN: DON'T LET YOUR APP PLAY AS AN ANDROID PLUGIN by Cong Zheng, Tongbo Luo, Xin Ouyang, Zhi Xu. REMOTELY COMPROMISING IOS VIA WI-FI AND ESCAPING THE SANDBOX by Marco Grassi. 3G/4G INTRANET SCANNING AND ITS APPLICATION ON THE WORMHOLE VULNERABILITY by Guangdong Bai, Zhang Qing. MOBILE-TELEPHONY THREATS IN ASIA by Lion Gu, Marco Balduzzi, Payas Gupta. MASHABLE: MOBILE APPLICATIONS OF SECRET HANDSHAKES OVER BLUETOOTH LE by Yan Michalevsky.

CanSecWest Vancouver Canada, March 15-17. Qidan He : Pwning Nexus of Every Pixel: Chain of Bugs demystified. Logic Bug Hunting in Chrome on Android by Georgi Hershey & Robert Miller.

Zer0Con Seoul, Korea April 13-14. Ian Beer : Through the mach portal.

OsmoCon (Osmocom Conference) 2017 is the first technical conference for Osmocom users, operators and developers! April 21, Berlin. All about Osmocom!

HITB Amsterdam April 13-14. FEMTOCELL HACKING: FROM ZERO TO ZERO DAY by JeongHoon Shin. CAN'T TOUCH THIS: CLONING ANY ANDROID HCE CONTACTLESS CARD by Slawomir Jasek. EXTRACTING ALL YOUR SECRETS: VULNERABILITIES IN ANDROID PASSWORD MANAGERS by Stephan Huber, Steven Artz, Siegfried Rasthofer. HUNTING FOR VULNERABILITIES IN SIGNAL by Markus Vervier.

Opcde Dubai, UAE April 26-27. Practical attacks against Digital Wallet by Loic Falletta.

I took a way too long break again. So many things happen in the world of mobile security every week. I really wish I had more time for this. I also have a bunch of small things I need to put on this blog but I think they are too specific for the news and will likely get their own posts.

Some news from MWC (I didn't attend):

First the BlackBerry KEYone a new Android-based phone with a physical keyboard. Other then the BB Priv the KEYone's keyboard is fix and doesn't slide. Movable parts are really not a good idea, they break way too fast. In my opinion this device looks super solid and likely will be supported longer than the average flagship phone from other manufacturers (data on this would be awesome).

Nokia released 3 new Android phones the 3 (MTK), 5 (QCOM) and 6 (QCOM). The phones seem to run Android N without any modifications or vendor crap. Very low price (230Euro for the 6). The bottom of their website specifically says: You get an experience that's focused and clutter-free, and we'll make sure you keep getting regular updates, so you'll always stay on top of features and security. that is what you should expect in 2017.

The Android Devices Security Patch Status page is an awesome resource to determine if a specific device from a specific vendor has been patched and when the patch was released. From the page: This list is Prepared to Serve as a Quick reference to identify which Device is being actively maintained by the Vendor.. This is super useful, thanks!

Xiaomi launching own SoC for Android phones-upgradable baseband with fake base station detection capabilities. IMSI catchers r threat now ;) pic.twitter.com/S0hzDBIiQd

— Ravishankar Borgaonk (@raviborgaonkar) March 2, 2017

Apple 0day is expensive. https://t.co/F1UEUU0s3r

— Collin Mulliner (@collinrm) February 22, 2017

Ode to a dead 0-day - #Android #DirtyCOW explicated in iambic meter (from an #Andevcon 5-min flash talk back in Dec 16 :-) pic.twitter.com/IQ1RKmuW4f

— Jonathan Levin (@Morpheus______) March 5, 2017

MOSEC mobile security conference in June in Shanghai. This seems to be the 3rd year of the conference. There is no schedule yet.

The story of the day Vault 7: CIA Hacking Tools Revealed. Vault 7: CIA Hacking Tools Revealed : iOS Exploit list. Yes, the CIA uses n-day exploits! The Android exploits.

They talk about Android, Defcon, and backdooring your repo? ;-)

CIA Memes Pt 2 #Vault7 pic.twitter.com/5RH4EvNMXO

— Brendan Dolan-Gavitt (@moyix) March 7, 2017

Pic of the month:

Links

ENISA: Smartphone Secure Development Guidelines

Android Security Bulletin - March 2017

Android Security Bulletin - February 2017

Vault 7: CIA Hacking Tools Revealed

Multi-BTS with Osmocom and a single UmTRX

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis Paper and Tool

Booting into fastboot mode Instructions for all Nexus devices

TROOPERS17 GSM Network - How about your own SMPP Service?

MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models paper

Exploiting Android S-Boot: Getting Arbitrary Code Exec in the Samsung Bootloader (1/2)

Android ransomware requires victim to speak unlock code

Hacking Android phone. How deep the rabbit hole goes.

Sunny with a chance of stolen credentials: Malicious weather app found on Google Play 5k installs via Google Play!

iOS keychain items used to persist after app uninstall. As of iOS 10.3 beta 2, deleting app deletes keychain items via @hubert3

SunShine 3.4.27 is out - Bringing unlock support for Droid Turbo on 6.0.x

Cellular re-broadcast over satellite

Identifying Rebroadcast (GSM) also linked in post above

ios-triage - Node.js cli for iOS incident response. Program will extract, process and report (including diffs) on iOS device and app telemetry.

Remote control: Companies blur lines over who owns devices

Shodan.io iOS App

Analysis of iOS.GuiInject Adware Library

Patching and Re-Signing iOS Apps

Lifting the (Hyper) Visor: Bypassing Samsung's Real-Time Kernel Protection

Android ransomware repurposes old dropper techniques

Deobfuscating libMobileGestalt keys

Samsung: Stack buffer overflow in OTP TrustZone trustlet

How easy it would be to hack Trump's phone by my friend Zach aka @quine

iOS 10.2 Yalu Jailbreak Now Supports All 64-bit Devices except iPhone 7 and iPad Air 2

Android bootloader (aboot) parser

Tracking Android Security Update across Devices

SAMSUNG KNOX 1.0 ECRYPTFS KEY GENERATOR WEAK ENCRYPTION

Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part II: Analysis of The Scope of Java

Black market Blackphones get sent a kill message that bricks them

iOS/MacOS kernel memory corruption due to userspace pointer being used as a length

Update on the Fancy Bear Android malware (poprd30.apk)

An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps (paper)

Charger Malware Calls and Raises the Risk on Google Play

Secrets leak in Android apps online service to test APKs

26 security issues in major Android password manager apps

Easy 4G/LTE IMSI Catchers for Non-Programmers (paper)

App-in-the-Middle Attack Bypasses Android for Work Secure Framework

Android FRIDA: Add support for enumerateLoadedClasses() on ART

Android: Inter-process munmap in android.util.MemoryIntArray

Owning a Locked OnePlus 3/3T: Bootloader Vulnerabilities

Binary based obfuscation in a way of CTF kids. We obfuscate your apps, support both iOS/Android.

Android (Huawei) privilege escalation in EMUI keyguard app via loading shellcode in theme pack

The Story of Firefox OS