Black Hat USA Las Vegas. DEMYSTIFYING THE SECURE ENCLAVE PROCESSOR by Tarjei Mandt and Mathew Solnik. ADAPTIVE KERNEL LIVE PATCHING: AN OPEN COLLABORATIVE EFFORT TO AMELIORATE ANDROID N-DAY ROOT EXPLOITS by Tao Wei and Yulong Zhang. CAN YOU TRUST ME NOW? AN EXPLORATION INTO THE MOBILE THREAT LANDSCAPE by Josh Thomas. SAMSUNG PAY: TOKENIZED NUMBERS, FLAWS AND ISSUES by Salvador Mendoza.
AppSec EU Rome. Don't Touch Me That Way. by David Lindner and Jack Mannino. Automated Mobile Application Security Assessment with MobSF by Ajin Abraham. Why Hackers Are Winning The Mobile Malware Battle - Bypassing Malware Analysis Techniques by Yair Amit.
Hack in The Box Amsterdam, NL. SANDJACKING: PROFITING FROM IOS MALWARE by Chilik Tamir. FORCING A TARGETED LTE CELLPHONE INTO AN EAVESDROPPING NETWORK by Lin Huang. ADAPTIVE ANDROID KERNEL LIVE PATCHING by Tim Xia and Yulong Zhang. COMMSEC TRACK: INSPECKAGE - ANDROID PACKAGE INSPECTOR by Antonio Martins.
Area41 When providing a native mobile application ruins the security of your existing Web solution by Jeremy Matos. IMSecure - Attacking VoLTE and other Stuff by Hendrik Schmidt & Brian Butterly. Reversing Internet of Things from Mobile Applications by Axelle Apvrille.
Recon Montreal, CA. Breaking Band by Nico Golde and Daniel Komaromy. Hardware-Assisted Rootkits and Instrumentation: ARM Edition by Matt Spisak
This was a long break, I was covered in work and had other things to do. But I'm not giving up this blog. Sadly I missed a bunch of conferences earlier this year. Especially CanSecWest and Troopers/TelSecDay. TelSecDay looked really awesome this year! Sad to have missed it.
Work with me and other awesome people at Square we are looking for a bunch of different mobile security related people. Android and iOS!
For those who are interested in TrustZone or TrustZone implementations check out: War of the Worlds - Hijacking the Linux Kernel from QSEE This blog has a lot of awesome research on TrustZone and Qualcomm's implementation.
60 Minutes: shows how easily your phone can be hacked. As I said earlier on Twitter, this is as good as it gets on TV. All of the people on the show are pros (know all of them personally!). Of course if you are an expert yourself you will complain about anything shown on TV ;-)
Dilbert gets it:
Related to the iPhone will be bricked if the clock is set back too far.
AppMon, GreaseMonkey for Android and iOS
Mobile Security Bullshit Bingo
CVE-2015-1805 root tool, Android Sony
Hacking Samsung Galaxy via Modem interface exposed via USB
Overly restrictive SELinux filesystem permissions in Android N
Android IOMX getConfig/getParameter Information Disclosure
Metaphor - Stagefright with ASLR bypass
Brussels police were forced to use WhatsApp during attacks
eMMC backdoor leading to bootloader unlock on Samsung Galaxy Devices
Android rooting bug opens Nexus phones to "permanent device compromise"
You can install a GSM network with a single command now - $sudo apt-get install gsm-network
Android Installer Hijacking Vulnerability Could Expose Android Users to Malware
How to Build Your Own Rogue GSM BTS for Fun and Profit (using a BladeF)
Multiple vulnerabilities found in Quanta LTE routers (backdoor, backdoor accounts, RCE, weak WPS ...)
Nexus Security Bulletin-April 2016
Android Security Bulletin-May 2016
Dalvik Virtual Execution with SmaliVM
Releasing the Fairphone 2 Open Operating System
Calling all Mobile Researchers!
Analysis of CVE-2016-2414 - Out-of-Bound Write Denial of Service Vulnerability in Android Minikin Library
[CVE-2016-2443] Qualcomm MSM debug fs kernel arbitrary write (Nexus 5, Nexus 7 2013 and maybe other models)
Android is moving to enforcing storage verification at runtime (via @copperheadsec)
Modem interface exposed via USB (samsung)
Hey your parcel looks bad - Fuzzing and Exploiting parcel-ization vulnerabilities in Android (slides)
iovyroot - (temp) root tool
Linux Kernel Exploitation on Android
ss7MAPer - A SS7 pen testing toolkit
Beating Expectations: Android Security Patching for PRIV
Pwn a Nexus device with a single vulnerability (slides)
Exploring the Physical Address Space on iOS