Black Hat USA Las Vegas, July 26-27. ALL YOUR SMS & CONTACTS BELONG TO ADUPS & OTHERS by Angelos Stavrou, Azzedine Benameur, Ryan Johnson. NEW ADVENTURES IN SPYING 3G AND 4G USERS: LOCATE, TRACK & MONITOR by Altaf Shaik, Andrew Martin, Jean-Pierre Seifert, Lucca Hirschi, Ravishankar Borgaonkar, Shinjo Park. SS7 ATTACKER HEAVEN TURNS INTO RIOT: HOW TO MAKE NATION-STATE AND INTELLIGENCE ATTACKERS' LIVES MUCH HARDER ON MOBILE NETWORKS by Martin Kacer, Philippe Langlois. FIGHTING TARGETED MALWARE IN THE MOBILE ECOSYSTEM by Andrew Blaich, Megan Ruthven. GHOST TELEPHONIST LINK HIJACK EXPLOITATIONS IN 4G LTE CS FALLBACK by Haoqi Shan, Jun Li, Lin Huang, Qing Yang, Yuwei Zheng. HONEY, I SHRUNK THE ATTACK SURFACE – ADVENTURES IN ANDROID SECURITY HARDENING by Nick Kralevich. DEFEATING SAMSUNG KNOX WITH ZERO PRIVILEGE by Di Shen. BLUE PILL FOR YOUR PHONE by Oleksandr Bazhaniuk, Yuriy Bulygin. CLOAK & DAGGER: FROM TWO PERMISSIONS TO COMPLETE CONTROL OF THE UI FEEDBACK LOOP by Chenxiong Qian, Simon Pak Ho Chung, Wenke Lee, Yanick Fratantonio.Black Hat and Defcon have a really good number of mobile related talks this year.
Defcon Las Vegas. Jailbreaking Apple Watch by Max Bazaliy. Inside the "Meet Desai" Attack: Defending Distributed Targets from Distributed Attacks by CINCVolFLT (Trey Forgety). macOS/iOS Kernel Debugging and Heap Feng Shui by Min(Spark) Zheng & Xiangyu Liu. Using GPS Spoofing to Control Time by David "Karit" Robinson. Phone System Testing and Other Fun Tricks by "Snide" Owen. Unboxing Android: Everything You Wanted To Know About Android Packers by Avi Bashan & Slava Makkaveev. Ghost in the Droid: Possessing Android Applications with ParaSpectre by chaosdata. Ghost Telephonist' Impersonates You Through LTE CSFB by Yuwei Zheng & Lin Huang. Bypassing Android Password Manager Apps Without Root by Stephan Huber & Siegfried Rasthofer. Man in the NFC by Haoqi Shan & Jian Yuan.
USENIX Workshop on Offensive Technologies (WOOT) Vancouver Canada, 14-15 August. Shattered Trust: When Replacement Smartphone Components Attack by Omer Shwartz, Amir Cohen, Asaf Shabtai, and Yossi Oren. White-Stingray: Evaluating IMSI Catchers Detection Applications by Shinjo Park and Altaf Shaik, Ravishankar Borgaonkar, Andrew Marti, Jean-Pierre Seifert. fastboot oem vuln by Roee Hay.
It was a busy month and July will be even busier. I'll be at GSMA DSG, Black Hat and Defcon July and Usenix WOOT in mid August
OEM just told Google a bug I submitted isn't a bug. It is a FULL permement secureboot bypass.— Jon Sawyer (@jcase) July 6, 2017
Picture of month:
Liang Chen is demostrating iOS 11.0 beta 2 jailbreak on iPhone 7. pic.twitter.com/wA7U9AQ32E— vangelis (@vangelis_at_POC) June 23, 2017
There is a lot happening in the Android boot loader world at the moment. I guess this is what happens when the devices get more and more locked down - people go after the root of trust.
Emulation and Exploration of BCM WiFi Frame Parsing using LuaQEMU
New attack can now decrypt satellite phone calls in "real time"
Library injection for debuggable Android apps
Attack TrustZone with Rowhammer
All slides from MOSEC 2017
Researchers Build Firewall to Deflect SS7 Attacks
Android Security Bulletin - July 2017
mobile CTF by HackerOne
Secure Mobile Application Development
ANDROID O AND DEX 38: DALVIK OPCODES FOR DYNAMIC INVOCATION
IMSecure - Attacking VoLTE (and other Stuff)
Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
Thieves caught hours after stealing GPS tracking devices from tech company
How the Osmocom GSM stack is funded
OWASP list of the most important security tools for Android and iOS
For $500, this site promises the power to track a phone and intercept its texts
A recopilatory of useful android tools
Privacy Threats through Ultrasonic Side Channels on Mobile Devices (paper)
Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone (paper)
Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations (paper)
Dvmap: the first Android malware with code injection
JNI method enumeration in ELF files
root shell on Moto G4 & G5 with a Secure Boot and Device Locking Bypass
Breaking Samsung Galaxy Secure Boot through Downloaded mode (paper)
A very minimalist smali emulator that could be used to "decrypt" obfuscated strings
anti vm on android
Back That App Up: Gaining Root on the Lenovo Vibe
PoCs for Android July bulletin: CVE-2017-8260 CVE-2017-0705 CVE-2017-8259
Secure initialization of TEEs: when secure boot falls short
Reverse Engineering Samsung S6 SBOOT - Part II
No permission required for SMS verification in Android O