Together with my former colleagues Ravi, Patrick, Jean-Pierre from
TU Berlin / SecT I have
been working on an enhancement for mobile phones in order
to protect SMS messages especially mTANs against trojans.
We investigated several ways to improve mTAN security and finally
came to the conclusion that we just need to change the SMS routing
on the mobile phone itself.
Basically we remove SMS messages
that contain mTANs from the normal delivery queue and only deliver them
to a special application. This way no other program (including trojans)
can access the SMS message.
NoSuchCon finally released their agenda.They have an interesting lineup but no mobile talk.
SourceDublin Android application reverse engineering & defensesi by Patrick Schulz & Felix Matenaar.
SummerCon has posted it's schedule. I'll present some work I've done on Dynamic Dalvik Instrumentation.
REcon has stared to post talks. Reversing HLR, HSS and SPR: rooting the heart of the Network and Mobile cores from Huawei to Ericsson by Philippe Langlois. Reversing and Auditing Android's Proprietary Bits by Joshua J. Drake.
Shakacon Deviant Ollam - Android Phones Can Do That?!? Custom Tweaking for Power Security Users. Max Sobell - Android 4.0: Ice Cream "Sudo Make Me a" Sandwich. Andreas Kutz - Pentesting iOS Apps - Runtime Analysis & Manipulation.
Some interesting upcoming talks! I guess everybody else an their moms are waiting to hear back from the Black Hat USA CfP.
SyScan was a totally awesome event. Really good talks and lots of them.
My favorite talk was: Bochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns by Mateusz Jurczyk and Gynvael Coldwind.
Android Apps: What are they doing with your precious Internet?
The majority of Android apps are not malicious, but use internet access in ways that are not compatible with the user's interests.
Amy Tang (University of California Berkeley), Ashwin Rao (INRIA), Justine Sherry (University of California Berkeley), Dave Choffnes (University of Washington)
Unlocking the Motorola Bootloader (Android phones) by Dan Rosenberg. A real nice read. Most interesting part is that
the unlock is via attacking a vulnerability in code running in TrustZone.
I have been super busy with work so I might missed a few things here and there. Right now I'm waiting
to here back from SummerCon and Black Hat USA about talks I submitted. I'm still thinking about submitting to ReCON ;)
CanSecWest was pretty good this year. My favorite talks were (no order):
Desktop Insecurity - Ilja van Sprundel & Shane "K2" Macaulay, Smart TV Security - SeungJin Lee, Godel's Gourd - Fuzzing for Logic Issues - Mike "dd" Eddington, and Reflecting on Reflection - Exploiting Reflection Vulnerabilities in
Managed Languages - James Forshaw. I can't wait to get the slides.
I totally missed Black Hat Europe, it had some interesting talks: The M2M Risk Assessment Guide, A Cyber Fast Track Project - Don A. Bailey, Practical Attacks Against MDM Solutions - Daniel Brodie + Michael Shaulov, Off Grid Communications With Android- Meshing The Mobile World - Josh Thomas + Jeff Robble, Next Generation Mobile Rootkits - Thomas Roth.
Last week I attend the RSA Conference for the first timer ever. I always
had the impression that it is not worth going but this year I went anyway.
The plan was to just hang around at the various side events that take place
during RSAC. Meeting with people etc. That part is totally worth it
if you can spent the day doing actual work. I ended up going to the conference
to speak on the Mobile Security Battle Royale panel (as a replacement for Jon Oberheide). So I got a conference pass and could checkout the actual
conference and expo. The expo was pretty standard if you are used to attend
events like CeBIT or maybe CES. Just smaller and security companies only.
I didn't have the chance to attend other talks besides Big Brother's Greek Tragedy State-Deployed Malware & Trojans so I can't really make my mind up
if it is worth the money or not.
SC Magazine wrote an article
about the panel I spoke on. Here are some comments: Android certainly does
support remote updates. But the problem really is that manufacturers and
mobile carriers stop supporting devices after 12-18 month.
Infiltrate posted a few more talks. The one I'm really interested in is: Josh "m0nk" Thomas -
NAND-Xplore -> Bad Blocks = Well Hidden.
Troopers in Heidelberg Germany (March). They have a few interesting talks: UI Redressing Attacks on Android Devices by Marcus Niemietz, Malicious Pixels: QR-Codes as attack vectors by Peter Kieseberg, Corporate Espionage via Mobile Compromise: A Technical Deep Dive by David Weinstein and a few other non mobile talks that look really interesting.
Hack in the Box Amsterdam LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements, SMS To Meterpreter: Fuzzing USB Internet Modems. I really need to go to HITB some day.
NSC - NoSuchCon is a new conference
held in May in Paris, France. The organizers seek strong (only) technical
HTC Settles Privacy Case Over Flaws in Phones Interesting read, quote: The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows-based phones in ways that let third-party applications install software that could steal personal information, surreptitiously send text messages or enable the device's microphone to record the user's phone calls.
CanSecWest coming up in March has started posting talks: Doug DePerry @dugdep & Tom Ritter @TomRittervg - CDMA Femptocell Traffic Interception and Remote Mobile Phone Cloning, Rahul Sasi @fb1h2s - SMS to Meterpreter, Fuzzing USB Modems, Stephan Esser @i0n1c will be talking about iOS, Joshua J. Drake @jduck1337i - Tackling the Android Challenge. In addition to mobile security there is another super interesting talk about embedded system security: @beist will be talking about Samsung SmartTVs.
SyScan Singapore is coming up in April and also posted talks. There are not too many mobile talks but all talks sound pretty good. Stefan Esser ( @i0n1c ) - Mountain Lion / iOS Vulnerability Garage Sale. I will also show some stuff I've been working on in the past month during a lightning talk, all brand new!
SourceBoston also in April: Protecting sensitive information on iOS devices David Schuetz, Attacking NFC Mobile Wallets: Where Trust Breaks Down Max Sobell.
Infiltrate Matias Soler -
The Chameleon: A cellphone-based USB impersonator, Stephen Lawler & Stephen Ridley - Advanced Exploitation of Mobile/Embedded Devices: The ARM Microprocessor.
Personal notes: I'm going to be in San Francisco during RSA, ping me if you want to chat. I'm also going to be at CanSecWest, just attending this year. Further I'm going to SyScan. I also plan to be around SourceBoston but unfortunately not attending (ticket prices vs. university etc, I'm not complaining).
Shmoocon 2013 has posted their schedule. Mobile talks are: Armor for your Android Apps by Roman Faynberg, Protecting Sensitive Information on iOS Devices by David Schuetz, Apple iOS Certificate Tomfoolery by Tim Medin.
All other upcoming conferences (SyScan, CanSecWest, SourceBoston, Infiltrate) haven't posted any talks yet.
My 29c3 conference review. The new location CCH in Hamburg is really nice. There is a lot of space and the space was used very well. Due to the space the conference was much more relaxed. This also counted for the talks. Most of the time everybody had a place to sit. One small downside of this years conference the schedule, sometimes three tech talks were running in parallel in different rooms. But all together I don't think anybody could complain about 29c3. For me personally one of the best congresses I ever attended. The recordings of the talks can be downloaded from here.