...stuff I do and things I like...

Tuesday, April 25 2017

Mobile Security News Update April 2017

    Black Hat USA July 22-27 Las Vegas. BROADPWN: REMOTELY COMPROMISING ANDROID AND IOS VIA A BUG IN BROADCOM'S WI-FI CHIPSETS by Nitay Artenstein. (Program not complete)

    SyScan360 May 30-31 Seattle. Exploit iOS 9.x Userland with LLDB JIT by Wei Wang. The wounded android WIFI driver New attack surface in cfg80211 by Hao Chen.

    MOSEC June, Shanghai. Revisiting the Kernel Security Enhancements in iOS 10 AND Pwning Apple Watch. (Program still not complete)

Recordings for the first OsmoCon are available here. OsmoCon is, of course, a conference about the OsmoCom projects!

Android O news: will prompt for pin/passcode before enabling developer options, further Android O changes device identifiers and how to access them.

If you are interested in mobile backing Trojans you should follow Lukas Stefanko:

Somebody released the source code of FlexiSpy (mobile phone spyware) to the public. The release notes are here: readme.txt. The download is here: FlexiSpyOmni.zip, collection of all data is here: Source code and binaries of FlexiSpy from the Flexidie dump and a writeup of the dump is here: FlexSpy Application Analysis. I bet we will see more details in the coming weeks!

Does Blackberry give out review samples for the KEYone? I would really like one and give it a try (would post full review here of course!).

All Nokia phones ever made.

Yo Ralf where the slides at?