Thursday, November 21 2013
Friday, October 11 2013
30c3 did not announce the program yet but I know a bunch of people who got their talks accepted. It is going to be a good conference. I will talk about my Dynamic Dalvik Instrumentation framework for Android (more about this soon).
ShmooCon has announced a number of talks. Armor For Your Android Apps by Roman Faynberg, Apple iOS Certificate Tomfoolery by Tim Medin, How Smart Is Bluetooth Smart? by Mike Ryan, Protecting Sensitive Information on iOS Devices by David Schuetz
News and Links
I bet I missed a lot of stuff that happened in the last weeks.
I'm going to be at 30c3 in Hamburg, Germany between Christmas an New Years.
Friday, August 30 2013
September was a busy month, but the monthly update is back!
HACK.LU Debugging and Reversing the HTC Android Bootloader by Cedric Halbronn and Nicolas Hureau, Grand Theft Android: Phishing with permission by Joany Boutet and Tom Leclerc, Abusing Dalvik Beyond Recognition by Jurriaan Bremer, Playing Hide and Seek with Dalvik executables by Axelle Apvrille. So Hack.Lu has a lot of Android talks this year, but most of the other talks look super interesting too. I would love to go, but can't.
PacSec Tokyo, November 2013. "Android games + free Wi-Fi = Privacy leak" Takayuki Sugiura & Yosuke Hasegawa, NetAgent, @hasegawayosuke, "Defeating the protection mechanism on Android platform"
Tim Xia, Baidu, "Mobile Phone Baseband Exploitation in 2013: Hexagon challenges"
Dr. Ralf-Philipp Weinmann, Affiliation, @esizkur, "Deeper than ever before: Exploring, Subverting, Breaking and Pivoting with NAND Flash Memory"
Josh m0nk Thomas. The PacSec program kicks ass!
Missed conferences: ekopart 2013 they had a bunch of mobile (mostly Android) talks.
Monday, August 12 2013
DeepSec Cracking And Analyzing Apple iCloud Protocols: iCloud Backups, Find My iPhone, Document Storage:
Vladimir Katalov (ElcomSoft Co. Ltd.), Bypassing Security Controls with Mobile Devices: Georgia Weidman (Bulb Security LLC), Using memory, filesystems, and runtime to app pen iOS and Android: Andre Gironda, Mobile Fail: Cracking Open "Secure" Android Containers: Chris John Riley (c22.cc), Building the first Android IDS on Network Level: Jaime Sánche
Hack in the Box - Kuala Lumpur Tales from iOS 6 Exploitation and iOS 7 Security Changes: Stefan Esser, Cracking and Analyzing Apple's iCloud Protocols: Vladimir Katalov, Android DDI: Dynamic Dalvik Instrumentation of Android Applications and Framework: Collin Mulliner
BreackPoint Ruxcon A TALE OF TWO ANDROIDS: Jon Oberheide, ADVANCED IOS KERNEL DEBUGGING FOR EXPLOIT DEVELOPERS: Stefan Esser
BruCON Jake Valletta - CobraDroid, David Perez/Jose Pico - Geolocation of GSM mobile devices, even if they do not want to be found., Stephan Chenette - Building Custom Android Malware for Penetration Testing
Hackers2Hackers Android: Game of Obfuscation: Bremer & Chiossi, At ARMs length yet so far away: Brad Spengler
Android PRNG Stuff:
So I guess everybody knows about the Android PRNG issue. See
Some SecureRandom Thoughts
Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist
OpenSSL PRNG Is Not Really Fork-safe
Upcoming paper at CCS'13: Soo Hyeon Kim (The Attached Institute of ETRI and KOREA Unisversity), Daewan Han (The Attached Institute of ETRI), Dong Hoon Lee (KOREA University) Predictability of Android OpenSSL's Pseudo Random Number Generator (those guys also got credited with reporting some issues about Android's OpenSSL PRNG usage). So they know about this for some time since the submission deadline for CCS was early in May. I wonder if the bitcoin heist could have been avoided if they notified the devs of the Android bitcoin wallet apps instead of Google.
Tuesday, July 16 2013
SyScan 360 Tales from iOS 6 Exploitation and iOS 7 Security Changes by Stefan Esser; Mr. Big-dumb or Mr. Big-data: How smart is your mobile security intelligent system by Wayne Yan; Android Forensic Analysis Deep Dive by Bradley Schatz; Detecting Advanced Android Malware by Data Flow Analysis Engine by pLL and Zu Hao
I'm going to speak at HITB in Kuala Lumpur in October. My talk will be about Dynamic Dalvik Instrumentation. I will release all my code after the talk.
HITB does not have a program yet.
30c3 in Hamburg Germany (awesome location!)
Black Hat USA slides are available here.
Make sure to check out the first release of POC||GTFO
Tuesday, June 25 2013
today we finally release ReKey our hotpatching
service for fixing Android's Master Key bug. We have a press release here.
ReKey was joint work of: Collin Mulliner, Jon Oberheide, William Robertson, and Engin Kirda.
Wednesday, June 12 2013
Defcon has more talks: Do-It-Yourself Cellular IDS
Here my REcon review. I must say REcon
became my favorite conference together with CanSecWest. There were to bunch of really cool talks. I always enjoy
REcon talks out side of my main work area. One such talk was about old video game cabinet security: Just keep trying ! Unorthodox ways to hack an old-school hardware. I didn't find the link to the slides anymore. But pretty much 90% of the talks were good. REcon also had mobile talks. jduck's talk on Reversing and Auditing Android's Proprietary Bits was pretty good. I especially liked Wardriving from your pocket: Reversing the Broadcom chipset with Wireshark the talk was about reversing the Broadcom Wifi firmware to enable monitor mode. Their website is here: bcmon.blogspot.com. Super interesting as well was Hiding @ Depth Exploring & Subverting NAND Flash memory and Reversing HLR, HSS and SPR: rooting the heart of the Network and Mobile cores from Huawei to Ericsson. Altogether if you missed REcon you missed out!
I actually decided to go to Defcon after all.
Black Hat USA has
the following talks: A PRACTICAL ATTACK AGAINST MDM SOLUTIONS, ANDROID: ONE ROOT TO OWN THEM ALL, BLACKBERRYOS 10 FROM A SECURITY PERSPECTIVE, HIDING @ DEPTH - EXPLORING: SUBVERTING AND BREAKING NAND FLASH MEMORY, HOW TO BUILD A SPYPHONE, I CAN HEAR YOU NOW: TRAFFIC INTERCEPTION AND REMOTE MOBILE PHONE CLONING WITH A COMPROMISED CDMA FEMTOCELL, MACTANS: INJECTING MALWARE INTO IOS DEVICES VIA MALICIOUS CHARGERS, MOBILE ROOTKITS: EXPLOITING AND ROOTKITTING ARM TRUSTZONE, ROOTING SIM CARDS, ABUSING WEB APIS THROUGH SCRIPTED ANDROID APPLICATIONS, and LTE BOOMS WITH VULNERABILITIES.
Defcon has: I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell, Defeating SEAndroid, and Inside The Strange World Of Java Cards SIM Card Apps And Over-The-Air Updates
BreakPoint has: A TALE OF TWO ANDROIDS
BruCON has: CobraDroid, Geolocation of GSM mobile devices, even if they do not want to be found