Qualcomm Mobile Security Summit 2017 San Diego, May. All talks are on mobile security - super strong lineup!
AppSec EU May 11-12, Belfast. How to steal mobile wallet? - Mobile contactless payments apps attack and defense. Fixing Mobile AppSec: The OWASP Mobile Project.
MOSEC June Shanghai. Pwning Apple Watch. (program not complete yet!)
OffensiveCon is a new security conference in Berlin Germany focused on Offense. No details yet but they chose the right location for sure.
For everybody who didn't make it to the Android Security Symposium, they recorded the talks and the videos are available: here.
Google published a blog post and a detailed report on Android Security in 2016. The report covers everything from patching and update stats to high impact vulnerabilities. People posted a lot of summaries but you should really read it yourself if you work with Android.
Google pulls March security update for Nexus 6, after it breaks SafetyNet and Android Pay. This was pretty interesting, not the fact that they broke SafetyNet but that they broke it for their own devices (Nexus). This happened to some really small manufacturer before and if you have an idea of how SN works on the backend - it is clear what happened.
execute USSD codes in iOS 10.2.xx --bug-Impact: Tapping a tel link in a PDF document could trigger a call without prompting the user #lol— Ravishankar Borgaonk (@raviborgaonkar) March 27, 2017
Android anti-debugging tricks can be patented? This is stupid in so many ways https://t.co/IjXfg45xoN— Bernhard Mueller (@muellerberndt) March 25, 2017
Anti Debugging fun Android Art
PageSwitch an exploit toolkit for the Nintendo switch
Ransomware scammers exploited Safari bug to extort porn-viewing iOS users
Increasing Android app security for freei (slides)
Looking Back at Android Security in 2016 by DuoSecurity
OWASP Mobile - Anti Reversing Checks
Android/Ztorg teardown - It detects the Android SDK emulator, but also emulators from Genymotion, Bluestacks and BuilDroid. It also detects tainted environments. Several of its checks will be difficult to bypass
Owning OnePlus 3/3T with a Malicious Charger
The updated iOS Security Guide now covers iOS 10
iOS 10.3 fixes a large number of Kernel and WebKit bugs
Statistical Deobfuscation for Android (I suppose this is for Dex code only)
Hacking Android Apps with Frida (part 2)
Nexus 5X Owners Say Device Boot-Looping Kills Phones; Getting Runaround From LG
This American Surveillance Tool Helped Russians Spy On Androids And iPhones
Apple cracking down on developers who use SDKs like Rollout to update apps without App Store approval (Apple going after hot-patching frameworks)
Attacking Nexus 9 with Malicious Headphones
GSMA Coordinated Vulnerability Disclosure Program
gdrive-appdata: Tries to fetch the contents of the appdata hidden folder from Google Drive.
Harald Welte about TelcoSecDay 2017 @ Troopers
NDK changes for API level 26
O-MG, the Developer Preview of Android O is here!
Android API Differences Report
Frustrated by robo callers & an AT&T subscriber? Get the AT&T call protect app
Samsung commits to monthly security updates for unlocked US smartphones
Android phone market stats
20 bestselling mobile phones of all time
Android Kernel CVE PoCs
Mobile Malware Masquerades as POS Management App
Judge an Android malware scanner by rednaga.io (@timstrazz and @caleb_fenton)
The Art Of Bootloader Unlocking: Exploiting Samsung S-Boot (video from nullcon talk)
Having fun with Secure Messengers and Android Weari (slides CansecWest 2017)
Pwning the NExus of Every Pixel (slides CanSecWest 2017)
Injecting Metasploit Payloads into Android Applications
Receive FREE SMS online (number in various countries)
TrustZone An Attackers Perspective (slides)
Reverse Engineering Samsung S6 SBOOT - Part I
Letter to the FCC on SS7 Security by Ron Wyden
FCC: Legacy Systems Risk Reductions (it's about ss7)