Back from CanSec! Here the mobile update for March (barely made it!).
ConferencesRSA Conference has a mobile track (link points to track) but I'm not going to list each talk here.
Black Hat Mobile Security Summit London, UK. Believe it or not it's all mobile talks! Mostly Android, one iOS and one Windows Phone talk and like 2 generic talks.
CFPsPHDays CFP ends today March 31st!
BeaCon 2015 mini con in Boston, MA, end of May.
Usenix WOOT'15 submit your offense research!
Android 5.1 / Nexus 5 issues: I recently updated to Android 5.1 (so did my friend Michael). Now we both have massive stability issues with our phones. Michael actually doesn't have stability issues his phone refuses to boot up. It boots until the first colored dots appear and then reboots again. The reason for this bootloop are unknown. Some people say this is due to issues with the phones power button. Michael indeed had some power button issues before the bootloop happened. My phone just started to randomly reboot. The issue seems known (search for Android 5.1 random reboot and you will find many reports).
Official Chinese translation of The Android Hacker's Handbook available on April 10th.
Dimple is a small NFC sticker with four or two buttons for Android devices. You are the one who chooses the button functionality. It makes doing everyday tasks quicker and saves your precious time. <-- from their website. This is basically a set of actual buttons (as in hardware) that you can stick on your Android. The buttons likely just activate a RFID tag that is picked up by your phone that then will perform some action. Very simple technology. Should be farely easy to hack (without physically pressing the button). Let's see, maybe I will order a sample just for fun. I have a pending Android NFC blog post anyway (but not time).
LinksPaper: a time line of mobile botnets
Android Installer Hijacking Vulnerability Could Expose Android Users to Malware
Android NFC malware (MIFARE) would be interesting to get more information on this
NFC Ultralight Toolkit
CoreTelephony: Impact: A remote attacker can cause a device to unexpectedly restart Description: A null pointer dereference issue existed in CoreTelephony's handling of Class 0 SMS messages. This issue was addressed through improved message validation. so those bugs still exist in iOS
Redheads should have emoji, too! sign the petition! ;-)
Android 4.4.4 local root PoCs for: CVE-2014-7911 and CVE-2014-4322
Amazon Gift Card Malware Spreading via SMS
Droidsec/wiki was updated!
Fuzzing Android's media framework slides and tools
WRANGLING DALVIK: MEMORY MANAGEMENT IN ANDROID (PART 1 OF 2)
HideAndroidEmulator Detection and Prevention of Emulator Evading on Android
(Mobile Pwn2Own) Google Android DHCP Parsing Remote Code Execution Vulnerability fixed in Android 5.1
Creating Better User Experiences on Google Play also human review of apps
Android for Work: Demystified
Android Browser Kitkat Content Spoofing Vulnerability
PENTAGON PERSONNEL NOW TALKING ON 'NSA-PROOF' SMARTPHONES funny, the NSA didn't stop the purchase since they already know how to p0wn those pones (<-- joke)
The nightmare behind the cross platform mobile apps dream slides
Hiding Behind ART slides
DABiD The Powerful Interactive Android Debugger For Android Malware Analysis slides
your comment...