...stuff I do and things I like...

Tuesday, December 13 2016

Mobile Security News Update December 2016

Conferences
    33c3 Hamburg, Germany 27-30 December. Downgrading iOS: From past to present by tihmstar. A look into the Mobile Messaging Black Box by Roland Schilling and Frieder Steinmetz. Dissecting modern (3G/4G) cellular modems by LaForge and holger. Geoloation methods in mobile networks by Erik.

    Shmoocon Washington D.C. January. A Context-Aware Kernel IPC Firewall for Android - David Wu, Sergey Bratus.

    Black Hat ASIA March 2017. FRIED APPLES: JAILBREAK DIY by Alex Hude and Max Bazaliy. MASHABLE: MOBILE APPLICATIONS OF SECRET HANDSHAKES OVER BLUETOOTH LE by Yan Michalevsky. REMOTELY COMPROMISING IOS VIA WI-FI AND ESCAPING THE SANDBOX by Marco Grassi.

I had to skip the November update due to a long overdue vacation. Playing with iOS webviews also did cost some time. Writing this blog becomes more and more time consuming since for some parts I would rather spent time on research than writing about other peoples research. Will see next year if I continue doing this or not. I'm doing this since January 2009 so it has been a few years.

New Conference: Samsung confirms it will render the US Note 7 useless with next update since the owners don't seem to care to return the phones to Samsung even tho they would get a replacement device. This is kind of hilarious.



Browser based iOS 9.3.x jailbreak (64bit only) it has been a while.

Chinese company installed secret backdoor on hundreds of thousands of phones


Recently the topic of SMS 2FA came up again. While I agree that SMS is not the most secure version of 2FA it is far far better then not providing any 2FA mechanism for your service.


Links