Tuesday, June 23 2015
Monday, June 08 2015
Defcon QARK: Android App Exploit and SCA Tool
Tony Trummer and Tushar Dalvi (this is the only talk that was added after my last post)
All other conferences still have their CFPs open and didn't post any talks yet. The BreakPoint schedule is also not final yet.
Breakpoint 22-23 October, Melbourne, Australia. TEAM PANGU:
DESIGN, IMPLEMENTATION AND BYPASS OF THE CHAIN-OF-TRUST MODEL OF IOS; JORDI VAN DEN BREEKEL:
RELAYING EMV CONTACTLESS TRANSACTIONS WITH OFF-THE-SHELF ANDROID DEVICES; DMITRY KURBATOV: ATTACKS ON TELECOM OPERATORS AND MOBILE SUBSCRIBERS USING SS7.
I wanted to point to something that apparently not many people know about: Pangu jailbreak installs unlicensed code on millions of devices. Pangu has their own statement about this.
The Wikipedia page about Pangu Team states that they didn't have to sign an NDA for the training and therefore can use the vulnerability. Stefan's point is not about the vulnerability but about his code. All in all I can't verify all claims but I would say I know Stefan well enough to say that he would not make this up simple because he doesn't need to. He is very well known anyway so this is not a publicity issue for him. I 100% agree with Stefan's point of view about denying people from speaking at conferences if they are known to take credit or sell code they don't own or have a license for.
I encourage everybody to read up on this and to read statements made by BOTH sides. Please share your opinion with people who run conferences.
Android now has a bug bounty program, or as the call it Android Security Rewards Program.
Pretty cool, I wonder if they get more submissions because of this.
Apple tries to kill plain-text connections "If you're developing a new app, you should use HTTPS exclusively.". This feature is called
App Transport Security (ATS) and in the current iOS 9 version it can still be disabled. See: Configuring App Transport Security Exceptions in iOS 9 and OSX 10.11.
Android has had a similar feature for some time. Android M introduces a new Manifest option to declare if an app uses
clear text traffic or not. Deepening on this option the framework can deny clear text traffic from the app. A decent writeup on this topic is here: Android M and the war on clear text traffic.
Black Hat USA
AH! UNIVERSAL ANDROID ROOTING IS BACK by Wen Xu; ANDROID SECURITY STATE OF THE UNION by Adrian Ludwig; ATTACKING YOUR TRUSTED CORE: EXPLOITING TRUSTZONE ON ANDROID by Di Shen; CERTIFI-GATE: FRONT-DOOR ACCESS TO PWNING MILLIONS OF ANDROIDS by Ohad Bobrov & Avi Bashan; CLONING 3G/4G SIM CARDS WITH A PC AND AN OSCILLOSCOPE: LESSONS LEARNED IN PHYSICAL SECURITY by Yu Yu; COMMERCIAL MOBILE SPYWARE - DETECTING THE UNDETECTABLE by Joshua Dalman & Valerie Hantke; CRASH & PAY: HOW TO OWN AND CLONE CONTACTLESS PAYMENT DEVICES by Peter Fillmore; FAUX DISK ENCRYPTION: REALITIES OF SECURE STORAGE ON MOBILE DEVICES by Daniel Mayer & Drew Suarez; FINGERPRINTS ON MOBILE DEVICES: ABUSING AND LEAKING by Yulong Zhang & Tao Wei; FUZZING ANDROID SYSTEM SERVICES BY BINDER CALL TO ESCALATE PRIVILEGE by Guang Gong; MOBILE POINT OF SCAM: ATTACKING THE SQUARE READER by Alexandrea Mellen & John Moore & Artem Losev; REVIEW AND EXPLOIT NEGLECTED ATTACK SURFACES IN IOS 8 by Tielei Wang & HAO XU & Xiaobo Chen; STAGEFRIGHT: SCARY CODE IN THE HEART OF ANDROID by Joshua Drake; THIS IS DEEPERENT: TRACKING APP BEHAVIORS WITH (NOTHING CHANGED) PHONE FOR EVASIVE ANDROID MALWARE by Yeongung Park & Jun Young Choi; TRUSTKIT: CODE INJECTION ON IOS 8 FOR THE GREATER GOOD by Alban Diquet & Eric Castro & Angela Chow
Defcon RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID by Francis Brown and Shubham Shah; How to Shot Web: Web and mobile hacking in 2015 by Jason Haddix; LTE Recon and Tracking with RTLSDR by Ian Kline; Extracting the Painful (blue)tooth by Matteo Beccaro and Matteo Collura; Stagefright: Scary Code in the Heart of Android by Joshua J Drake; Build a free cellular traffic capture tool with a vxworks based femoto by Yuwei Zheng and Haoqi Shan
This year Black Hat US really has a large number of mobile related talks!
There is not too much to talk about otherwise. I still have to read all the stuff about Android M, some stuff is covered in the links section below. Make sure to checkout some of the HITB Amsterdam 2015 slides. Some good stuff in there for us mobile sec people.
I was really amazed how much publicity the iOS messaging crash got. Yes, it was easy to trigger. But yes, this kind of stuff happened before.