SourceBoston Mat 2015: A Swift Teardown by Jared Carlson; iOS App Analytics VS Privacy: An analysis of the use of analytics by Guillaume Ross. (they still have TBD slots)Some of the upcoming conferences I covered in earlier month (e.g. HITB Amsterdam).
ReCon Montreal, Canada (June): Building a Better Bluetooth Attack Framework by Chris Weedon
Black Hat USA ADVENTURES IN FEMTOLAND: 350 YUAN FOR INVALUABLE FUN by Alexey Osipov & Alexander Zaitsev; ATTACKING YOUR TRUSTED CORE: EXPLOITING TRUSTZONE ON ANDROID by Di Shen; CERTIFI-GATE: FRONT-DOOR ACCESS TO PWNING MILLIONS OF ANDROIDS by Ohad Bobrov & Avi Bashan; FAUX DISK ENCRYPTION: REALITIES OF SECURE STORAGE ON MOBILE DEVICES by Daniel Mayer & Drew Suarez; HACKING INTO SMARTPHONES AND CARS WITH A SIM CARD by Matt Spisak; STAGEFRIGHT: SCARY CODE IN THE HEART OF ANDROID by Joshua Drake; TRUSTKIT: CODE INJECTION ON IOS 8 FOR THE GREATER GOOD by Alban Diquet & Eric Castro
CONFidence Krakow: iOS Hacking: Advanced Pentest & Forensic Techniques by Omer S. Coskun; Abusing apns for profit by Karol Wiesek
Defcon Extracting the Painful (blue)tooth by Matteo Beccaro and Matteo Collura; Build a free cellular traffic capture tool with a vxworks based femoto by Yuwei Zheng and Haoqi Shan
Android Security Symposium Vienna, Austria, from 9-11 September 2015. Only Android security talks!
Breakpoint Melbourne, Australia, October 22th-23th
SEC-T Stockholm 17-18:th of September 2015
The Chaos Communication Camp cfp just closed yesterday.
iPhone: I bought an iPhone 5c (as a tryout device) like two weeks ago. I used to have a iPhone 3G back in 2009. I'm pretty happy with it, usability is great and the radio/antenna seems way better then the one in the Nexus 5. One thing I noticed is that most major apps are much better on the iPhone. There are exceptions like Dropbox. The Dropbox client is missing features compared with the android version. I'm missing the text editor! Also inter-app communication is really a weakness of iOS and a strength of Android. Other annoying stuff: I can't set Chrome to be the default browser. I can't have Signal as the default SMS app. One of the most annoying things are notifications. Many apps don't support privacy friendly notifications on the lock screen. I want to see if there are new emails in an account but I don't want the sender, subject, or content to be shown. The same is true with a lot of apps. It is either no notification or notification with content. Not happy with this! But I'm a big fan of handover.
I total I'm still happy with my tryout iPhone 5c. Let's see how long.
Mobile Killswitch: The mobile killswitch now has it's first possibility for abuse: So this killswitch tech in mobile phones now, kinda scary, especially when I can lock you out from your phone from an app w/ no root by @jcase.
Security Conference Calendar by DuoSecurity
SyScan 2015 talks on YouTube
System -> root backdoor in ZTE devices
The state of ASLR on Android
Hardware-accelerated disk encryption in Android 5.1 I once supervised a student project to implement HW accelerated FDE for unmanaged flash on a Nokia N900
Android anti-root detection Proof of Concept this is a fun subject, I have been playing around in this area myself.
Ping Pong Root for S6
bypassing ZTE zMax Write protection
Darshak updated version!
Times 'a Ticking... to Forensicate the Apple Watch! slides
Tricking Android Smart Lock with Bluetooth
An NFC PGP SmartCard For Android
Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers etc.)
How to Get a BaseStation from the good guys at ERNW
iOS release dates all of them
The definitive guide to Phreak Boxes
Open source Android Forensics app and framework from viaforensics
Our Android Malware Summary for the Year 2014 mobile sandbox team