Black Hat USA July 22-27 Las Vegas. BROADPWN: REMOTELY COMPROMISING ANDROID AND IOS VIA A BUG IN BROADCOM'S WI-FI CHIPSETS by Nitay Artenstein. (Program not complete)
SyScan360 May 30-31 Seattle. Exploit iOS 9.x Userland with LLDB JIT by Wei Wang. The wounded android WIFI driver New attack surface in cfg80211 by Hao Chen.
MOSEC June, Shanghai. Revisiting the Kernel Security Enhancements in iOS 10 AND Pwning Apple Watch. (Program still not complete)
Recordings for the first OsmoCon are available here. OsmoCon is, of course, a conference about the OsmoCom projects!
Android O news: will prompt for pin/passcode before enabling developer options, further Android O changes device identifiers and how to access them.
If you are interested in mobile backing Trojans you should follow Lukas Stefanko:
Somebody released the source code of FlexiSpy (mobile phone spyware) to the public. The release notes are here: readme.txt. The download is here: FlexiSpyOmni.zip, collection of all data is here: Source code and binaries of FlexiSpy from the Flexidie dump and a writeup of the dump is here: FlexSpy Application Analysis. I bet we will see more details in the coming weeks!
Does Blackberry give out review samples for the KEYone? I would really like one and give it a try (would post full review here of course!).
All Nokia phones ever made.
ss7 assessment tool
ss7 map testing tool
Fried Apples (slides)
The Galaxy S8's facial scanner can, unsurprisingly, be tricked with a photo (Biometrics are convenience not security)
jtrace - augmented, Android aware strace
Mobile Telephony Threats in Asia (slides)
Security updates in iOS 10.3.1 a lot of webkit and kernel bugs
Pegasus for Android (paper)
3G/4G Intranet Scanning (slides)
Know your community - Stefan Esser
Protection Profile for Mobile Device Fundamentals
CVE-2017-2416 Remote code execution triggered by malformed GIF in ImageIO framework, affecting most iOS/macOS apps (blog post)
Easy 4G/LTE IMSI Catchers for Non-Programmers (paper)
More Android Anti-Debugging Fun
Analysis of the Facebook.app for iOS [v. 87.0] (blog post)
Over The Air: Exploiting Broadcom's Wi-Fi Stack (Part 1)
Over The Air: Exploiting Broadcom's Wi-Fi Stack (Part 2)
Slides for the Android Security Symposium 2017
FemotoCell Hacking (slides)
iOS Kernel Integrity Protection bypass via Tick (FPU) Tock (IRQ)
DexGuard vs. ProGuard (WARNING: post is by a app protection company)
Bose headphones secretly data-mine users if they have the app installed on their phone!
Cellular Provider Record Retention Periods
Attack TrustZone with Rowhammer (slides)
A surprise encounter with a telco APT (slides)
The Shadow over Android Heap exploitation assistance for Android's libc allocator (slides)
Vulnerability Exploitation and Mitigation in Android (slides by Google)
Stetho: A debug bridge for Android applications
Why Banker Bob (still) Can't Get TLS Right: A Security Analysis of TLS in Leading UK Banking Apps (blog post + paper)
Calling JNI Functions with Java Object Arguments from the Command Line (blog post)
Logic Bug Hunting in Chrome on Android (slides)
Redex and Android byteCode optimizer
AppMon is an automated framework for monitoring and tampering system API calls of native apps on macOS, iOS and Android
Android Security Bulletin - April 2017
Android Vendor Test Suite (VTS)
Mobile Security Research - 2017 Q1
Forensics Investigation of Android Phone using Andriller
Using Frida on Android without root
Introducing 'gnirehtet', a reverse tethering tool for Android
Man sues Confide: I wouldn't have spent $7/month if I'd known it was flawed
Who owns your runtime?