...stuff I do and things I like...

Conferences

ekoparty Sep 27-29, Buenos Aires. Blue Pill for your phone by Oleksandr Bazhaniuk. Unbox Your Phone - Exploring and Breaking Samsung's TrustZone Sandboxes by Daniel Komaromy. Inside Android's SafetyNet Attestation: Attack and Defense by Collin Mulliner. How to cook Cisco: Exploit Development for Cisco IOS by George Nosenko. Bypass Android Hack by Marcelo Romero.

Virus Bulletin 4-6 Oct, Madrid Span. Last-minute paper: Publishing our malware stats by Jason Woloz (Google) [This is about Android Malware]. Android reverse engineering tools: not the usual suspects by Axelle Apvrille.

Some comments on BlueBorne: I've been involved with Bluetooth security since like forever (not active in the last 10+ years). The early Bluetooth vulnerabilities were mostly logic bugs and issues such as missing authentication. Bluetooth devices could not be set to hidden and would always show up when scanning for devices. Stuff like that. BlueBorne is different as it is a remote exploitable memory corruption vulnerability in Linux, Android, and Windows. This is quite a novelty since we haven't seen a bug that is more ore less the same on two platforms. Even more interesting is that this bug is pre-authentication and gives you kernel privileges (code exec in the kernel).

In theory this set of vulnerabilities can be bad, bad. In practice the issue is much less of an issue. Exploit mitigations and built variances help mitigating the risk. Devices are not always visible therefore the attacker cannot easily find your device and attack it.

Also see: Hackers Could Silently Hack Your Cellphone And Computers Over Bluetooth.

FaceID: I think it is a really horrible idea! Do not put biometric systems in to consumer products ever! I will not buy products with mandatory biometrics so far iOS allows me to turn it off and use a passphrase - thats why I even consider buying iOS devices. I hate this change -- biometrics are bad.

Pics:

Huh, here I was looking to get a phone similar to Walmarts in-store model... And eBay just has their actual in-store model... Perfect! pic.twitter.com/sq4pUtCBe3

— Tim Strazzere (@timstrazz) September 17, 2017

https://t.co/zqdwIa27IR

"Certified devices are also required to ship without pre-installed malware"

A good requirement IMHO. 😛

— sp (@LambdaCube) August 28, 2017

I agree ^^^

Badass! @cmwdotme just demoed his new company's ARM hypervisor -- capable of running iOS instances on virtual iPhone6 hardware #TenSec pic.twitter.com/vb9ld8cjIE

— Ralf (RPW) (@esizkur) August 31, 2017

Android Oreo feature spotlight: Changes to Verified Boot won't allow you to start a downgraded OS https://t.co/9RZqASUyeb pic.twitter.com/Zz6OD4xliv

— Android Police (@AndroidPolice) September 5, 2017

Links

SELinux in Android Oreo or: How I Learned to Stop Worrying and Love Attributes (presentation)

Kernel Driver mmap Handler Exploitation (paper)

BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews (paper)

AndroidXRef now with Android O/8

Now the native-shim loader can create VM's for ART based Android devices by rednaga

Good thread about the Android Key Store API

IDA AArch64 processor extender extension: Adding support for ARMv8.1 opcodes

INJECTING MISSING METHODS AT RUNTIME

Oppo/Oneplus .ops Firmware decrypter

Android Hardware-backed Keystore (docs)

Samsung to Launch Mobile Security Rewards Program, Welcoming Security Research Community

Android 8.0 includes the following security-related changes

WHAT'S NEW IN KNOX 2.9?

ANDROID O AND DEX 38: DALVIK OPCODES FOR DYNAMIC INVOCATION

The public release of shadow v2 jemalloc exploitation tool with support for Android (both ARM32 and ARM64)

Making it safer to get apps on Android O

Dig Deep into FlexiSpy for Android

Tool for leaking and bypassing Android malware detection system

iOS 8.4.1 32 bit jailbreak