...stuff I do and things I like...

Tuesday, December 13 2016

Mobile Security News Update December 2016

Conferences
    33c3 Hamburg, Germany 27-30 December. Downgrading iOS: From past to present by tihmstar. A look into the Mobile Messaging Black Box by Roland Schilling and Frieder Steinmetz. Dissecting modern (3G/4G) cellular modems by LaForge and holger. Geoloation methods in mobile networks by Erik.

    Shmoocon Washington D.C. January. A Context-Aware Kernel IPC Firewall for Android - David Wu, Sergey Bratus.

    Black Hat ASIA March 2017. FRIED APPLES: JAILBREAK DIY by Alex Hude and Max Bazaliy. MASHABLE: MOBILE APPLICATIONS OF SECRET HANDSHAKES OVER BLUETOOTH LE by Yan Michalevsky. REMOTELY COMPROMISING IOS VIA WI-FI AND ESCAPING THE SANDBOX by Marco Grassi.

I had to skip the November update due to a long overdue vacation. Playing with iOS webviews also did cost some time. Writing this blog becomes more and more time consuming since for some parts I would rather spent time on research than writing about other peoples research. Will see next year if I continue doing this or not. I'm doing this since January 2009 so it has been a few years.

New Conference: Samsung confirms it will render the US Note 7 useless with next update since the owners don't seem to care to return the phones to Samsung even tho they would get a replacement device. This is kind of hilarious.



Browser based iOS 9.3.x jailbreak (64bit only) it has been a while.

Chinese company installed secret backdoor on hundreds of thousands of phones


Recently the topic of SMS 2FA came up again. While I agree that SMS is not the most secure version of 2FA it is far far better then not providing any 2FA mechanism for your service.


Links

Saturday, December 10 2016

Kiwicon X

I finally made it to Kiwicon this year (special thanks to vt for dragging us out!). I even managed to get a talk in (con bucket list--) making the trip even sweeter.

The conference was absolutely awesome. Well organized, friendly people (staff and attendees!), and a perfect venue. The conference had about 2500 attendees which seemed like a good fit for the venue. I liked the overall program, the intermissions and speaker introductions were absolutely fantastic. In my opinion Kiwicon is at the sweet spot on the issues of size and target audience. It is big enough to be attract different kinds of folks and it is small enough to find people and hangout. I also really love single track conferences!

Sadly it was announced that this was the last Kiwicon, I'm happy to have made it to the last one! Thanks!

Below a few photos and videos from Kiwicon, the official Kiwicon photos are here.

KiwiCon intro #kiwicon #latergram

A video posted by Collin (@collin_rm) on

KiwiConX

A video posted by Collin (@collin_rm) on

KiwiCon sheep

A photo posted by Collin (@collin_rm) on

IR Fire detector #kiwicon

A video posted by Collin (@collin_rm) on

KiwiCon beer

A photo posted by Collin (@collin_rm) on