...stuff I do and things I like...

Conferences

PacSec Nov 1-2, Tokyo, Japan. Grandma's old bag, how outdated libraries spoil Android app security by Marc Schoenefeld. When encryption is not enough: Attacking Wearable - Mobile communication over BLE by Kavya Racharla. The Art of Exploiting Unconventional Use- after-free Bugs in Android Kernel by Di Shen.

DeepSec Nov 14-17, Vienna, Austria. Normal Permissions In Android: An Audiovisual Deception by Constantinos Patsakis.

Black Hat Europe 2017 Dec 4-7, London, UK. ATTACKING NEXTGEN ROAMING NETWORKS by Daniel Mende, Hendrik Schmidt. ATTACKS AGAINST GSMA'S M2M REMOTE PROVISIONING by Maxime Meyer. BLUEBORNE - A NEW CLASS OF AIRBORNE ATTACKS THAT CAN REMOTELY COMPROMISE ANY LINUX/IOT DEVICE by Ben Seri, Gregory Vishnepolsky. DIFUZZING ANDROID KERNEL DRIVERS by Aravind Machiry, Chris Salls, Jake Corina, Shuang Hao, Yan Shoshitaishvili. HOW SAMSUNG SECURES YOUR WALLET AND HOW TO BREAK IT by HC MA. INSIDE ANDROID'S SAFETYNET ATTESTATION by Collin Mulliner, John Kozyrakis. JAILBREAKING APPLE WATCH by Max Bazaliy. RO(O)TTEN APPLES: VULNERABILITY HEAVEN IN THE IOS SANDBOX by Adam Donenfeld.

Quick conference review: both 44con and ekoparty were great. Ekoparty was especially awesome since I got to check the last continent off my list. Also the size of ekoparty was way beyond what I was expecting. They managed to have a really good conference that is professionally run while stilling maintaining the vibe of a hacker / underground con <3

Two weeks ago there was a post on Medium about two companies that provide a mobile identification service. That service basically can be used to convert your phone's IP address into real information about the owner of the phone (the contract owner). This is done via APIs that are provided by multiple Mobile Network Operators (such as AT&T). The medium article linked to demo pages of those two service providers (payfone and danal inc) that show not only your phone number but also your operator's name, your name and address.

I played with the two demo sites for a bit (while they were still online - offline now). I'm on Google Fi with a number proted from T-Mobile (pre-paid). Payfone only had my phonenumber and old carrier (T-Mobile) while Danal inc showed no data at all. I never provided any data to T-Mobile since it is not required for a pre-paid card. Google has all the data but likely does not share it with 3rd parties.

Overall this is a service that I really don't want to exist. I don't want an abritary company to be able to identify me while visiting their website from my mobile phone. I hope those companies don't just sell their services to anybody. Read the Medium article again: AT&T consumer choice opt-out doesn't affect this!

iOS 11 the tragedy continues: 11.0 had a bunch of flaws that were annyoing. Now 11.0.3 randomly frezzes my phone for minutes. Also I have some issues with voice call audio not working sometimes. Highly disaspointing!

Pictures of the month:

Saw a throne of phones in Göteborg. pic.twitter.com/wE6M5e2WPa

— Mikko Hypponen (@mikko) October 17, 2017

Today marks the third time one of my iPhones has vibrated itself out of alignment with its wireless charging pad over night. pic.twitter.com/HFchysZ7L9

— Matthew Panzarino (@panzer) October 10, 2017

Have you ever seen two Android Banking Trojans beating each other for victim's credit card information? #Malware cc @malwrhunterteam pic.twitter.com/EY6yQifVqp

— Lukas Stefanko (@LukasStefanko) June 27, 2017

pic.twitter.com/BBWLB8Zklu

— jellphonic (@jellphonic) September 25, 2017

Links

IT TAKES JUST $1,000 TO TRACK SOMEONE'S LOCATION WITH MOBILE ADS

Oppo/Oneplus .ops Firmware decrypter

[WIP] Crappy iOS app analyzer

Magisk v14.3

Down the Rabbit Hole with a BLU Phone Infection

eSIM for Consumer Devices (PDF)

Android Crypto-Ransomware that misuses accessibility services + encrypts data + changes PIN.

iOS jailbreak detection toolkit now available from TraiOfBits

Administering Chromebooks For teams traveling to complex and hostile environments

HackingTeam back for your Androids, now extra insecure!

iOS 11 security updates

Researchers: Uber's iOS App Had Secret Permissions That Allowed It to Copy Your Phone Screen

How To Obtain Real-Time Data from iCloud and Forget About 2FA with Just an Old iTunes Backup. No Passwords Needed

Meet Danny, the Guy Authorities Say Is Selling Encrypted Phones to Organized Crime

Android Reverse Engineering tools Not the Usual Suspects (slides)

Understanding new APK Signature Scheme V2?

Google Play Security Reward Program

SAMSUNG TEEgris

source for suhide

Dieser Mann weiss, wie man in Smartphones einbricht (German)

NEW Rainbow Table added: GSM A5/1 table, 1.52 Terabytes in size. Torrent now available

Alarming number of DNS requests made by iOS devices

Bluetooth Hacking Tools Comparison

Unpatched Bugs Rampant on Mobile Devices in Financial Services Firms

Legitimacy: a Memory Research Platform for iOS

Samsung Android Security Bulletin Oct 2017 (a very long list!)

SELinux in Android Oreo or: How I Learned to Stop Worrying and Love Attributes (slides)

Android Security Bulletin - October 2017 (now calling out individual vendors)

Frida All The Things (slides)

Magisk Module to Allow Location Mocking, Screenshots in Any App, and Disabling System Signature Verification

notes on Hacking BLE - list of resources

Blue Pill for Your Phone (slides)

Bill Gates just switched to an Android phone (Windows Phones is dead!)

NFC - Contactless Cards: Brute Forcing Processing Options

Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices

XNU kernel 4570.1.46 sources

Linux Kernel Self Protection Project (slides)

CLKSCREW: Exposing the perils of security-oblivious energy management (paper)

(pdf)

In a first, Android apps abuse serious 'Dirty Cow' bug to backdoor phones

Label enums for Android JNI to aid in reversing

IDA jni helper

Google Play apps with as many as 2.6m downloads added devices to botnet

Samsung is gonna let you run any Linux distro on a Galaxy

Shim to grab keystore backed data

Android Security Reference (largely private notes of @doriancussen)

Google Play Billing Library 1.0 released

The Stony Path of Android Bug Bounty - Bypassing Certificate Pinning

Hardening the Kernel in Android Oreo