...stuff I do and things I like...

Conferences

SourceBoston Mat 2015: A Swift Teardown by Jared Carlson; iOS App Analytics VS Privacy: An analysis of the use of analytics by Guillaume Ross. (they still have TBD slots)

ReCon Montreal, Canada (June): Building a Better Bluetooth Attack Framework by Chris Weedon

Black Hat USA ADVENTURES IN FEMTOLAND: 350 YUAN FOR INVALUABLE FUN by Alexey Osipov & Alexander Zaitsev; ATTACKING YOUR TRUSTED CORE: EXPLOITING TRUSTZONE ON ANDROID by Di Shen; CERTIFI-GATE: FRONT-DOOR ACCESS TO PWNING MILLIONS OF ANDROIDS by Ohad Bobrov & Avi Bashan; FAUX DISK ENCRYPTION: REALITIES OF SECURE STORAGE ON MOBILE DEVICES by Daniel Mayer & Drew Suarez; HACKING INTO SMARTPHONES AND CARS WITH A SIM CARD by Matt Spisak; STAGEFRIGHT: SCARY CODE IN THE HEART OF ANDROID by Joshua Drake; TRUSTKIT: CODE INJECTION ON IOS 8 FOR THE GREATER GOOD by Alban Diquet & Eric Castro

CONFidence Krakow: iOS Hacking: Advanced Pentest & Forensic Techniques by Omer S. Coskun; Abusing apns for profit by Karol Wiesek

Defcon Extracting the Painful (blue)tooth by Matteo Beccaro and Matteo Collura; Build a free cellular traffic capture tool with a vxworks based femoto by Yuwei Zheng and Haoqi Shan

Android Security Symposium Vienna, Austria, from 9-11 September 2015. Only Android security talks!

Some of the upcoming conferences I covered in earlier month (e.g. HITB Amsterdam).

CFPs

Breakpoint Melbourne, Australia, October 22th-23th

SEC-T Stockholm 17-18:th of September 2015

44con

The Chaos Communication Camp cfp just closed yesterday.

iPhone: I bought an iPhone 5c (as a tryout device) like two weeks ago. I used to have a iPhone 3G back in 2009. I'm pretty happy with it, usability is great and the radio/antenna seems way better then the one in the Nexus 5. One thing I noticed is that most major apps are much better on the iPhone. There are exceptions like Dropbox. The Dropbox client is missing features compared with the android version. I'm missing the text editor! Also inter-app communication is really a weakness of iOS and a strength of Android. Other annoying stuff: I can't set Chrome to be the default browser. I can't have Signal as the default SMS app. One of the most annoying things are notifications. Many apps don't support privacy friendly notifications on the lock screen. I want to see if there are new emails in an account but I don't want the sender, subject, or content to be shown. The same is true with a lot of apps. It is either no notification or notification with content. Not happy with this! But I'm a big fan of handover.

I total I'm still happy with my tryout iPhone 5c. Let's see how long.

Mobile Killswitch: The mobile killswitch now has it's first possibility for abuse: So this killswitch tech in mobile phones now, kinda scary, especially when I can lock you out from your phone from an app w/ no root by @jcase.


Links

Security Conference Calendar by DuoSecurity

SyScan 2015 talks on YouTube

System -> root backdoor in ZTE devices

The state of ASLR on Android

Hardware-accelerated disk encryption in Android 5.1 I once supervised a student project to implement HW accelerated FDE for unmanaged flash on a Nokia N900

Android anti-root detection Proof of Concept this is a fun subject, I have been playing around in this area myself.

Ping Pong Root for S6

bypassing ZTE zMax Write protection

Darshak updated version!

Times 'a Ticking... to Forensicate the Apple Watch! slides

Tricking Android Smart Lock with Bluetooth

An NFC PGP SmartCard For Android

Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers etc.)

How to Get a BaseStation from the good guys at ERNW

iOS release dates all of them

The definitive guide to Phreak Boxes

Open source Android Forensics app and framework from viaforensics

Our Android Malware Summary for the Year 2014 mobile sandbox team