Collin R. Mulliner

November 2024
Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

November 2024

Sun

Mon

Tue

Wed

Thu

Fri

Sat

I've gotten a little lazy with this blog but I promise I will post more often in 2016.

Conferences
32c3 27-30 December, Hamburg, Germany. Iridium Update: more than just pagers by Schneider and Sec. Running your own 3G/3.5G network: OpenBSC reloaded by LaForge. (Un)Sicherheit von App-basierten TAN-Verfahren im Onlinebanking (in German) by Vincent Haupert.

ShmooCon January 15 - 17, Washington D.C. Hiding from the Investigator: Understanding OS X and iOS Code Signing to Hide Data by Joshua Pitts. LTE Security and Protocol Exploits by Roger Piqueras Jover.

BSides NYC January 16, NYC. 99 Problems but a Microkernel ain't one! by Alex Plaskett. Mobile implants in the age of cyber-espionage by Dmitry Bestuzhev.

Black Hat ASIA March 31 - April 1, Singapore. HEY YOUR PARCEL LOOKS BAD - FUZZING AND EXPLOITING PARCEL-IZATION VULNERABILITIES IN ANDROID by Qidan He.

NDSS 2016 February 21 - 24, San Diego. Has a good number of Android related papers. Some titles look quite interesting.

As I said before, I'm neither attending 32c3 nor Shmoocon. I'll be attending BSides NYC tho.

Google suspended Android-vts the only up to date Android device vulnerability scanner. No idea if Google would allow it back after fixing the issues. On the other side I rather have a tool that can find a large number vulnerabilities rather than having a crippled version in the Play Store.

Jobs
Palo Alto Networks - Mobile Malware Research Engineer

We at Square are looking for Security people and Engineers.

Links
Grab'n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Exploring Android's SELinux Kernel Policy

(In)secure iOS Mobile Banking Apps - 2015 Edition

Samsung patched the Pwn2Own baseband bug within 1 month

Android-classyshark for looking at Android APKs/decompiling

This tool is used to extract dex files from oat file.

Android Data Residue Vulnerability

New Android 'enjarify' Decompile Tool

Droid Turbo Bootloader Unlock on now with SunShine 3.2 Beta

Windows Phone Internals

Huawei is disclosing 'Security Advisory' for baseband bugs

Google can remotely bypass the passcode of at least 74% of Android devices if ordered I thought this was more widely known?

Hacking Team - how they infected your Android device by 0days (slides from Hack.Lu)

Unblocking Stolen Mobile Devices Using SS7-MAP Vulnerabilities: Exploiting the Relationship between IMEI and IMSI for EIR Access (paper)

POC for CVE-2015-6620, AMessage unmarshal arbitrary write

iOS Trojan 'TinyV' Attacks Jailbroken Devices

Attacking Bound Services on Android

BytecodeViewer - A Java Reverse Engineering Suite. GUI Java And APK Decompiler, Editor, Debugger And More

Using "system" privileges by abusing mobile remote support tools (slides)

List of Android apps to detect fake mobile towers

Defeating iOS Jailbreak detection for Mobile Application Testing

Abusing Android ClipData

50 smartphone users in Singapore hit by malware targeting mobile banking customers

BareDroid allows for bare-metal analysis on Android devices.

Apparently if install an accessibility service, FDE password is reset to default on Android 5.x+.

Capstone Engine on Android

11:35 | /security | comments | permanent link | Imprint/Disclaimer

...stuff I do and things I like...

Mobile Security News Update December 2015