TelcoSecDay @ Troopers Markus Vervier: Borrowing Mobile Network Identities - Just Because We Can, Tobias Engel: Securing the SS7 Interconnect, Ravishankar Borgaonkar - TelcoSecurity Mirage: 1G to 5G, Dieter Spaar - How to Assess M2M Communication from an Attacker's Perspective.
CanSecWest Timur Yunusov & Kirill Nesterov - Bootkit via SMS: 4G access level security assesment. Team Pangu Userland Exploits of Pangu 8, the first untethered iOS8 jailbreak.
Hack in the Box Amsterdam The Savage Curtain: Mobile SSL Failures; Eight Ou Two Mobile; Mobile Authentication Subspace Travel; Fuzzing Objects d'ART: Digging Into the New Android L Runtime Internals; Relay Attacks in EMV Contactless Cards with Android OTS Devices; Bootkit via SMS: 4G Access Level Security Assessment
TelcoSecDay @ Troopers looks pretty awesome. Too bad that I can't go because of the 100% overlap with CanSec. Sadly this seems to be a new trend that a number of top conferences overlap or are so close to each other that it is impossible to attend both.
Somebody is selling fake versions of the Android Hacker's Handbook on Amazon. Indicators are missing pictures or the white book backside (original one is black).
We recently presented BabelCrypt at Financial Crypto. I would love to see a usable implementation of this. Unfortunately I don't have the time to make this happen. I would pay money for this app.
Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)
Beemer, Open Thyself! - Security vulnerabilities in BMW's ConnectedDrive (attack was carried out over the air)
Google Android and iOS apps now in scope for vulnerability rewards from Google
OpenBTS and Metasploit integration
AndroidCensus got updated again (+30 new samples)
Adrian Ludwig's response on WebView vulns
Native Android Runtime Emulation
Can you imagine Internet service provider hijack customers' traffic to replace APKs they're downloading? Well in CN everything is possible. (very interesting, I would love to see more data on this)
giefroot: A tool to root your device using CVE-2014-7911 (by Keen Team) and CVE-2014-4322
CVE-2014-7911 - A Deep Dive Analysis of Android System Service Vulnerability and Exploitation>a