Collin R. Mulliner

November 2024
Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

November 2024

Sun

Mon

Tue

Wed

Thu

Fri

Sat

Conferences
ekoparty October 21-23, Buenos Aires. ARM disassembling with a twist by Agustin Gianni and Pablo Sole. Exploiting GSM and RF to Pwn you Phone by Manuel Moreno and Francisco Cortes. Faux Disk Encryption: Realities of Secure Storage on Mobile Devices by Drew Suarez and Daniel Mayer. New Age Phreacking: Tacticas y trucos para fraudes en Wholesale by David Batanero.

Hackito Ergo Sum October 29-30, Paris, France. Malicious AVPs: Exploits to the LTE Core by Laurent Ghigonis & Philippe Langlois. Android malware that won't make you fall asleep by By Lukasz Siewierski.

The RIM BlackBerry PRIV looks like a real interesting device. The PRIV seems to focus on security. The website claims a hardend linux kernel, and indeed they seem to run a grsec kernel as you can see in this picture (lower left corner) posted on the Crackberry forum. Some comments about this in this series of tweets.

There is a new security news outlet with focus on the consumer angle it is called The Parallax. It is super new and does not have many articles yet. But I think the consumer focus could be interesting.

Job Section (just because I know about a bunch of stuff)
Intern at Siemens with focus on Mobile Security (Germany)

I know that Button Inc in NYC is looking for mobile developers.

Square is looking to hire multiple security people.

Links
Pangu iOS 9 jailbreak

Cryptfs Password Manager with Android 6 support

Android banking Trojan delivers customized phishing pages straight from the cloud

OpenKeychain Audit (PDF)

The AuditDroid Project is a fully functional and self-contained environment for learning about Android security

Android Vulnerability Test Suite - now detects CVE-2015-6602

Attackers with brief physical access can enable WiFi MITM on Android 6.0

A "shim" for loading native jni files for Android active debugging

Androguard: A simple step by step guide

Interesting Twitter thread about HTC and Security updates for Android including the HTC USA President

Same Sh*t Different Android Browser

Nexus 5X and Nexus 6P review: The true flagships of the Android ecosystem contains a large section disk encryption performance on various Android devices

A Look at Marshmallow Root & Verity Complications

SELinux in Android Lollipop and Marshmallow (PDF)

Current State of Android Privilege Escalation (PDF)

AOSP 4.4.4 ROM for grouper (Nexus7) with DexHunter automatic unpacker built in

Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).

Using Android's tamper detection securely in your app

An Xposed and adbi based module which is capable of hooking both Java and Native methods targeting Android OS.

microG GmsCore is a FLOSS (Free/Libre Open Source Software) framework to allow applications designed for Google Play Services to run on systems, where Play Services is not available.

Nexus Security Bulletin—October 2015

The Nexus 5X And 6P Have Software-Accelerated Encryption, But The Nexus Team Says It's Better Than Hardware Encryption

Reverse Shell Over SMS (Exploiting CVE-2015-5897) (OS X)

Nexus 6P has a hardware fuse that blows irreversibly when bootloader unlocked.

BoringSSL runs Android M and other stuff...

YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs (not actually the FIRST)

03:19 | /security | comments | permanent link | Imprint/Disclaimer


Name:
URL/Email:	[http://... or mailto:you@wherever] (optional)
Title:	(optional)
Comments:
Save my Name and URL/Email for next time (cookies required)

...stuff I do and things I like...

Mobile Security News Update October 2015 part II