...stuff I do and things I like...

Conferences

Black Hat Europe Nov 12-13 Amsterdam. (IN-)SECURITY OF BACKEND-AS-A-SERVICE by Siegfried Rasthofer & Steven Arzt. ALL YOUR ROOT CHECKS BELONG TO US: THE SAD STATE OF ROOT DETECTION by Azzedine Benameur & Nathan Evans & Yun Shen. AUTHENTICATOR LEAKAGE THROUGH BACKUP CHANNELS ON ANDROID by Guangdong Bai. LTE & IMSI CATCHER MYTHS by Ravishankar Borgaonkar & Altaf Shaik.

Ruxcon Oct 25. Melbourne Australia. HIGH-DEF FUZZING: EXPLORING VULNERABILITIES IN HDMI-CEC by JOSHUA 'KERNELSMITH' SMITH. DESIGN, IMPLEMENTATION AND BYPASS OF THE CHAIN-OF-TRUST MODEL OF IOS by Team Pangu.

Hacker Halted September 17th, Atlanta GA. One SMS to hack a company by Dmitry Chastuhin. Why You'll Care More About Mobile Security in 2020 by Tom Bain.

Virus Bulletin September 29th, Prague. Mobile banking fraud via SMS in North America: who's doing it and how by Cathal Mc Daid. Will Android trojan, worm or rootkit survive in SEAndroid and containerization? by William Lee and Rowland Yu. Dare 'DEVIL': beyond your senses with Dex Visualizer by Jun Yong Park and Seolwoo Joo. Android ransomware: turning CryptoLocker into CryptoUnlocker (live demo) by Alexander Adamov.

CFPs

toorcon San Diego

Unfortunately I had to cancel my talk at Android Security Symposium in Vienna due to a scheduling conflict. It is a real bummer but I can't do anything about it. The replacement talk is done by my friend and research buddy Matthias he is doing a talk on one of our previous mitigation projects.

The iOS KeyRaider malware looks rather interesting. It combines a lot of different functionality. Such as steeling AppStore credentials and a ransomware module. This malware again only targets jailbroken iOS devices, users specifically had to download apps from third-party Cydia repositories. So this is not a general threat but a threat to people who jailbreak their device. If you jailbreak you likely have a very specific need and you hopefully know what you are doing. If not, just don't jailbreak your device (no matter what OS is runs).

I just found this recently published paper titled: Header Enrichment or ISP Enrichment? Emerging Privacy Threats in Mobile Networks. The paper studies HTTP header modifications and injection that is done by mobile network operators. The paper more or less is a direct follow up to my paper on the same subject titled: Privacy Leaks in Mobile Phone Internet Access. Their paper looks at what happens to smart phones that actually use HTTP (my work was mostly focused on phones that used the WAP technology - even though WAP was translated to HTTP to access regular web pages). Anyway their paper provides a good insight in what is happening. If you run a website that get a lot of mobile traffic you should look if you see some of the HTTP headers that are injected by the mobile carriers.

Links

QARK - Quick Android Review Kit

PoCForCVE-2015-1528

Android Cross-Reference covers every single Android release (all 133) ever made

Android linux kernel privilege escalation (CVE-2014-4323)

Effectively bypassing kptr_restrict on Android

Offensive and Defensive Android Reverse Engineering by Tim, Jon, and Caleb (slides)

Remote Code Execution in Dolphin Browser for Android

Changes made to AOSP from m-preview-1 to m-preview-2

Tim Strazzere: So I'm guessing @YotaPhone never expected to send updates? Since the OTA keys are the compromised, test-keys (good find, but WTF?)

Very interesting blog post from the T-Mobile USA CEO. He basically says their are going after people who modify their phones to get free tethering. The outcome will be interesting.

World Writable Code Is Bad, MMMMKAY

Ask Us Almost Anything about Android Security, Privacy or Malware with beaups, Tim "diff" Strazzere, Joshua "jduck" Drake, and Jon "jcase" Sawyer

Android 6.0 with Runtime Permissions

android_run_root_shell

Video of jduck's Black Hat talk: Stagefright: Scary Code in the Heart of Android

A rather short updates this time. Until next time!