Monday, June 06 2016
Black Hat USA August, Las Vegas.
1000 WAYS TO DIE IN MOBILE OAUTH by Eric Chen, Patrick Tague, Robert Kotcher, Shuo Chen, Yuan Tian, Yutong Pei.
ADAPTIVE KERNEL LIVE PATCHING: AN OPEN COLLABORATIVE EFFORT TO AMELIORATE ANDROID N-DAY ROOT EXPLOITS
by Tao Wei, Yulong Zhang.
ATTACKING BLUETOOTH SMART DEVICES - INTRODUCING A NEW BLE PROXY TOOL
by Slawomir Jasek.
PANGU 9 INTERNALS by Hao Xu, Tielei Wang, Xiaobo Chen.
SAMSUNG PAY: TOKENIZED NUMBERS, FLAWS AND ISSUES by Salvador Mendoza.
CAN YOU TRUST ME NOW? AN EXPLORATION INTO THE MOBILE THREAT LANDSCAPE
by Josh Thomas.
DEMYSTIFYING THE SECURE ENCLAVE PROCESSOR
by Mathew Solnik, Tarjei Mandt.
BAD FOR ENTERPRISE: ATTACKING BYOD ENTERPRISE MOBILE SECURITY SOLUTIONS by Vincent Tan
THE ART OF DEFENSE - HOW VULNERABILITIES HELP SHAPE SECURITY FEATURES AND MITIGATIONS IN ANDROID by Nick Kralevich.
Defcon still doesn't have the agenda or accepted talks up.
Shakacon July 13-14, Honolulu, HI. FRUIT VS ZOMBIE: DEFEAT NON-JAILBROKEN IOS MALWARE BY CLAUD XIAO. Bluetooth Low Energy...by SUMANTH NAROPANTH, CHANDRA PRAKASH GOPALAIAH & KAVYA RACHARLA
The Qualcomm Mobile Security Summit was super awesome once again. Good talks, interesting hallway conversations and always good to see friends.
SektionEins (Stefan Esser) release a jailbreak and anomaly detection app for iOS and eventually got
band from the AppStore by Apple. The speculation is that Apple wants to hide the fact that certain sandbox
and security features don't work as advertised and thus his App got band. The app likely wasn't band just
because it can detect a jailbreak since like every app does exactly this, including apps like WhatsApp.
There are also several process list viewers for iOS.
I finally could checkout a Blackberry PRIV. The actual hardware looks pretty sweet.
I got a quick demo of the security and privacy features added by RIM, specially DTEK. I really liked the
device security/privacy status overview, every phone should have that.
Qualcomm KeyMaster keys etracted from TrustZone waiting for the writeup. The previous blog posts where super good already, but this one should be really interesting.