Black Hat EU November, London UK. ARMAGEDDON: HOW YOUR SMARTPHONE CPU BREAKS SOFTWARE-LEVEL SECURITY AND PRIVACY Speaker: Clementine Maurice, Moritz Lipp. DETACH ME NOT - DOS ATTACKS AGAINST 4G CELLULAR USERS WORLDWIDE FROM YOUR DESK Speaker: Bhanu Kotte, Dr. Silke Holtmanns, Siddharth Rao. MOBILE ESPIONAGE IN THE WILD: PEGASUS AND NATION-STATE LEVEL ATTACKS Speaker: Max Bazaliy, Seth Hardy. POCKET-SIZED BADNESS: WHY RANSOMWARE COMES AS A PLOT TWIST IN THE CAT-MOUSE GAME Speaker: Federico Maggi, Stefano Zanero. ROOTING EVERY ANDROID: FROM EXTENSION TO EXPLOITATION Speaker: Di Shen, Jiahong (James) Fang. SIGNING INTO ONE BILLION MOBILE APP ACCOUNTS EFFORTLESSLY WITH OAUTH2.0 Speaker: Ronghai Yang, Wing Cheong Lau. STUMPING THE MOBILE CHIPSET Speaker: Adam Donenfeld. WIFI-BASED IMSI CATCHER Speaker: Piers O'Hanlon, Ravishankar Borgaonkar.The most interesting read this week was The bumpy road towards iPhone 5c NAND mirroring a paper by Sergei Skorobogatov. In this paper he shows how to implement a NAND mirroring attack against an iPhone 5C. The basic idea behind this attack is erase the PIN failure counter between each set of tries to avoid the artificial brute force delay and to avoid data deletion after N failed PINs. The paper goes into great detail on various problems he encountered while implementing the attack. I highly recommend reading this paper. The picture below is taken from this paper.
PacSec Tokyo Japan, October. Demystifying the Secure Enclave Processor by Mathew Solnik.
Google's Project Zero now has an Android "Prize" for achieving RCE on a Nexus device with only knowing it's email address or phone number. Apparently you can't use a BTS (via @jduck) for this attack. Overall this looks interesting, I wonder if anybody is going to claim the money soon. Announcement: Project Zero Prize.
iCloud, iHack, iSpam
Android Premium SMS Warning Message Manipulation
tool to inspect, dump, modify, search and inject libraries into Android processes.
How My Rogue Android App Could Monitor & Brute-force Your App's Sensitive Metadata
APK Signature Scheme v2
Just One Photo Can Silently Hack Millions Of Androids (@TimStrazz)
Parse the Qualcomm DIAG format and convert 2G, 3G and 4G radio messages to Osmocom GSMTAP for analysis in wireshark and other utilities.
PEGASUS iOS Kernel Vulnerability Explained by Stefan Esser
Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB
VB2016 preview: Mobile Applications: a Backdoor into Internet of Things?
Hiding root with suhide
Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor
Reverse Engineering Xiaomi's Analytics app
A Case of Misplaced Trust: How a Third-Party App Store Abuses Apple's Developer Enterprise Program to Serve Adware
File-Based Encryption in Android 7
Linux Security Summit Videos a lot is Android relevant
Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis (paper)
suhide v0.51 released
Introducing BLESuite and BLE-Replay: Python Tools for Rapid Assessment of Bluetooth Low Energy Peripherals
Samsung Android Security Updates - September
A Survey on Android ELF Malware
Keeping Android safe: Security enhancements in Nougat
Nexus Device Downloads via jduck @ droidsec