...stuff I do and things I like...

Monday, June 06 2016

Mobile Security News Update June 2016

Conferences
    Black Hat USA August, Las Vegas. 1000 WAYS TO DIE IN MOBILE OAUTH by Eric Chen, Patrick Tague, Robert Kotcher, Shuo Chen, Yuan Tian, Yutong Pei. ADAPTIVE KERNEL LIVE PATCHING: AN OPEN COLLABORATIVE EFFORT TO AMELIORATE ANDROID N-DAY ROOT EXPLOITS by Tao Wei, Yulong Zhang. ATTACKING BLUETOOTH SMART DEVICES - INTRODUCING A NEW BLE PROXY TOOL by Slawomir Jasek. PANGU 9 INTERNALS by Hao Xu, Tielei Wang, Xiaobo Chen. SAMSUNG PAY: TOKENIZED NUMBERS, FLAWS AND ISSUES by Salvador Mendoza. CAN YOU TRUST ME NOW? AN EXPLORATION INTO THE MOBILE THREAT LANDSCAPE by Josh Thomas. DEMYSTIFYING THE SECURE ENCLAVE PROCESSOR by Mathew Solnik, Tarjei Mandt. BAD FOR ENTERPRISE: ATTACKING BYOD ENTERPRISE MOBILE SECURITY SOLUTIONS by Vincent Tan THE ART OF DEFENSE - HOW VULNERABILITIES HELP SHAPE SECURITY FEATURES AND MITIGATIONS IN ANDROID by Nick Kralevich.

    Shakacon July 13-14, Honolulu, HI. FRUIT VS ZOMBIE: DEFEAT NON-JAILBROKEN IOS MALWARE BY CLAUD XIAO. Bluetooth Low Energy...by SUMANTH NAROPANTH, CHANDRA PRAKASH GOPALAIAH & KAVYA RACHARLA
Defcon still doesn't have the agenda or accepted talks up.

The Qualcomm Mobile Security Summit was super awesome once again. Good talks, interesting hallway conversations and always good to see friends.


SektionEins (Stefan Esser) release a jailbreak and anomaly detection app for iOS and eventually got band from the AppStore by Apple. The speculation is that Apple wants to hide the fact that certain sandbox and security features don't work as advertised and thus his App got band. The app likely wasn't band just because it can detect a jailbreak since like every app does exactly this, including apps like WhatsApp. There are also several process list viewers for iOS.


I finally could checkout a Blackberry PRIV. The actual hardware looks pretty sweet. I got a quick demo of the security and privacy features added by RIM, specially DTEK. I really liked the device security/privacy status overview, every phone should have that.

Qualcomm KeyMaster keys etracted from TrustZone waiting for the writeup. The previous blog posts where super good already, but this one should be really interesting.

Links