Defcon QARK: Android App Exploit and SCA Tool Tony Trummer and Tushar Dalvi (this is the only talk that was added after my last post)All other conferences still have their CFPs open and didn't post any talks yet. The BreakPoint schedule is also not final yet.
Breakpoint 22-23 October, Melbourne, Australia. TEAM PANGU: DESIGN, IMPLEMENTATION AND BYPASS OF THE CHAIN-OF-TRUST MODEL OF IOS; JORDI VAN DEN BREEKEL: RELAYING EMV CONTACTLESS TRANSACTIONS WITH OFF-THE-SHELF ANDROID DEVICES; DMITRY KURBATOV: ATTACKS ON TELECOM OPERATORS AND MOBILE SUBSCRIBERS USING SS7.
I wanted to point to something that apparently not many people know about: Pangu jailbreak installs unlicensed code on millions of devices. Pangu has their own statement about this. The Wikipedia page about Pangu Team states that they didn't have to sign an NDA for the training and therefore can use the vulnerability. Stefan's point is not about the vulnerability but about his code. All in all I can't verify all claims but I would say I know Stefan well enough to say that he would not make this up simple because he doesn't need to. He is very well known anyway so this is not a publicity issue for him. I 100% agree with Stefan's point of view about denying people from speaking at conferences if they are known to take credit or sell code they don't own or have a license for. I encourage everybody to read up on this and to read statements made by BOTH sides. Please share your opinion with people who run conferences.
Android now has a bug bounty program, or as the call it Android Security Rewards Program. Pretty cool, I wonder if they get more submissions because of this.
Apple tries to kill plain-text connections "If you're developing a new app, you should use HTTPS exclusively.". This feature is called App Transport Security (ATS) and in the current iOS 9 version it can still be disabled. See: Configuring App Transport Security Exceptions in iOS 9 and OSX 10.11.
Android has had a similar feature for some time. Android M introduces a new Manifest option to declare if an app uses clear text traffic or not. Deepening on this option the framework can deny clear text traffic from the app. A decent writeup on this topic is here: Android M and the war on clear text traffic.
Untether TaiG Jailbreak Tool for iOS 8.3
Hacking and Securing iOS Applications in Chinese
Remotely Abusing Android - Ryan Welton (slides)
dexstrings Extracting the strings from the .dex files with meaning.
A Pattern for Remote Code Execution using Arbitrary File Writes and MultiDex Applications
Digging for Android Kernel Bugs (slides)
Man in the (Android) Middleware (slides)
byeselinux: Android kernel module to bypass SELinux at boot. Made for XZDualRecovery (Xperia) and Lollipop firmwares.
Complex Method of Obfuscation Found in Dropper RealShell
The dextra utility began its life as an alternative to the AOSP's dexdump and dx ...
ARM Trusted Firmware - version 1.1
Reversing DexGuard's String Encryption
Integrating PaX into Android
Yet Another Mediatek Backdoor (by @jcase)
How to Root 10 Million Phones with One Exploit by Keen Team (slides)
Understanding Android's Application Update Cycles
Firefox OS on Android Devices
Android Activity Security
Fitness Tracker: Hack In Progress (slides)
Fuzzing Objects d’ART — Hack In The Box 2015 Amsterdam