...stuff I do and things I like...

Tuesday, September 20 2016

Mobile Security News Update September 2016

Conferences
    Black Hat EU November, London UK. ARMAGEDDON: HOW YOUR SMARTPHONE CPU BREAKS SOFTWARE-LEVEL SECURITY AND PRIVACY Speaker: Clementine Maurice, Moritz Lipp. DETACH ME NOT - DOS ATTACKS AGAINST 4G CELLULAR USERS WORLDWIDE FROM YOUR DESK Speaker: Bhanu Kotte, Dr. Silke Holtmanns, Siddharth Rao. MOBILE ESPIONAGE IN THE WILD: PEGASUS AND NATION-STATE LEVEL ATTACKS Speaker: Max Bazaliy, Seth Hardy. POCKET-SIZED BADNESS: WHY RANSOMWARE COMES AS A PLOT TWIST IN THE CAT-MOUSE GAME Speaker: Federico Maggi, Stefano Zanero. ROOTING EVERY ANDROID: FROM EXTENSION TO EXPLOITATION Speaker: Di Shen, Jiahong (James) Fang. SIGNING INTO ONE BILLION MOBILE APP ACCOUNTS EFFORTLESSLY WITH OAUTH2.0 Speaker: Ronghai Yang, Wing Cheong Lau. STUMPING THE MOBILE CHIPSET Speaker: Adam Donenfeld. WIFI-BASED IMSI CATCHER Speaker: Piers O'Hanlon, Ravishankar Borgaonkar.

    PacSec Tokyo Japan, October. Demystifying the Secure Enclave Processor by Mathew Solnik.
The most interesting read this week was The bumpy road towards iPhone 5c NAND mirroring a paper by Sergei Skorobogatov. In this paper he shows how to implement a NAND mirroring attack against an iPhone 5C. The basic idea behind this attack is erase the PIN failure counter between each set of tries to avoid the artificial brute force delay and to avoid data deletion after N failed PINs. The paper goes into great detail on various problems he encountered while implementing the attack. I highly recommend reading this paper. The picture below is taken from this paper.

Google's Project Zero now has an Android "Prize" for achieving RCE on a Nexus device with only knowing it's email address or phone number. Apparently you can't use a BTS (via @jduck) for this attack. Overall this looks interesting, I wonder if anybody is going to claim the money soon. Announcement: Project Zero Prize.

Links