Recon Brussels Brussels, 27-29 January. Analyzing iOS apps: road from AppStore to security analysis report by Lenar Safin, Yaroslav Alexandrov, Egor Fominykh, Alexander Chernov.
31CON Auckland NZ, 23-24 February. RAVISHANKAR BORGAONKAR (UK): PRIVACY ISSUES IN 4G. PHILIPPE LANGLOIS (FRANCE): something about mobile networks.
Android Security Symposium 2017 Vienna Austria, March. Many interesting talks.
Troopers Heidelberg, Germany. March. Hunting For Vulnerabilities in Signal by Jean-Philippe Aumasson, Markus Vervier. Samsung Pay: Tokenized Numbers, Flaws and Issues by Salvador Mendoza.
TelcoSecDay @ Troopers It's no use crying over spilled 2G,3G,4G - what we need to fix in 5G. Outlook on 5G security from 3GPP perspective. Automated large-scale detection of rogue base stations: A field report. Exploring fraud in telephony networks, an illustration with Over-The-Top Bypass.
Infiltrate Miami, FL. March. Jean-Philippe Aumasson, Markus Vervier: Hunting For Vulnerabilities in Signal. Georgi Geshev, Robert Miller: Logic Bug Hunting in Chrome on Android. Marco Grassi, Liang Chen: Remotely Compromising a Modern iOS Device. Vasilis Tsaousoglou, Patroklos Argyroudis: The Shadow over Android: Heap exploitation assistance for Android's libc allocator. Ralf-Phillip Weinmann: Did I hear a shell popping in your baseband?.
SyScan360 Seattle WA, USA (new conference)I'm not a fan or a user of WhatsApp but this backdoor story is just bad and will drive users away from a secure messaging app (maybe even the biggest install based of all of them). Zeynep Tufekci wrote an open letter to the Guardian to have them update the story. Moxie also wrote a blog post about these claims. The Guardian should have asked people with the technical expertise for advice before publishing the story.
You Shot The SheriffSao Paulo - Brazil
AT&T 2G network shutdown happened on Dec 31 2016
AndroidXRef is looking for sponsors!
The mobile talks from 33c3 are all totally worth watching (no particular order):
Dissecting modern (3G/4G) cellular modemsPics of the month:
Downgrading iOS: From past to present
Geolocation methods in mobile networks
Shut Up and Take My Money! The Red Pill of N26 Security
Code BROWN in the Air. A systemic update of sensitive information that you sniff from pagers
So, um… I guess the person who wrote @Medium's overly-florid app store release notes was part of the layoffs pic.twitter.com/YEbcuC5FVn— Rod Begbie (@RodBegbie) January 14, 2017
@PatrickMcCanna again pic.twitter.com/UG4Fh1fYHM— Jon Sawyer (@jcase) January 24, 2017
Best question so far about my 1992 Nokia 101: "How can it be older than the web, if it has a separate button for the #hashtag?" pic.twitter.com/Sa9drZwtPe— Mikko Hypponen ଙ (@mikko) January 23, 2017
Samsung Android Security Updates for January
Secure boot and image authentication in mobile tech (white paper)
Practical Android Debugging Via KGDB
We reverse engineered 16k apps, here's what we found (hardcoded secrets mostly) they also have an online tool
Very detailed description of hacking the Kyocera KC-S701(Russian)
LG G3 Arbitrary File Retrieval from Cloud Services
Trojanized Photo App on Google Play Signs Up Users for Premium Services
OnePlus 3/3T Bootloader Vulnerability Allows Changing of SELinux to Permissive Mode in Fastboot
Qualcomm releases whitepaper detailing pointer authentication on ARMv8.3 (whitepaper)
IoT mode fuzzing with OpenBTS
buy a BlackPhone for 120 Euros
Security conferences in 2017
Summary of Critical and Exploitable iOS Vulnerabilities in 2016
Switcher: Android joins the attack-the-router club
Cyanogen's Services Will Be Shutting Down (the commercial part of CyanoGen mode)
V3SPA: An Open Source Tool for Visually Analyzing and Diffing SELinux/SE for Android Security Policies
Project Zero exploit for iOS 10.1.1
OWASP Mobile Security Testing Guide (Work in Progress)
Android Banking Trojan Source Code Leaked Online, Leads to New Variation Right Away
A theme pack got you pwned with system privilege on Huawei's EMUI
Google Rolls Out Instant Apps Feature For Android: Download And Run Apps Without Installing Them
Open source 3GPP LTE library
fastboot oem sha1sum
Automating iOS blackbox security scanning (slides)
Meitu Android App TearDown
Hooking Android System Calls for Pleasure and Benefit
iOS9 iCloud backup retrieval proof of concept
Pixel bootlaoder exploit for reading flash storage
Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes
Wap Push bugs in Samsung Android phones
Virulent Android malware returns, gets >2 million downloads on Google Play
HIJACKING WHATSAPP ACCOUNTS USING WHATSAPP WEB
Security Analysis of the Telegram IM (a Master's Thesis)
Android Security Bulletin - January 2017
Classification of Smartphone Users Using Internet Traffic (paper)
LG posts January security bulletin ahead of Google with Android and LG-specific patches
Analysis of multiple vulnerabilities in AirDroid
Android banking Trojan asks victims to send selfies with ID cards
A Whale of a Tale: HummingBad Returns
iOS Dropbear SSH