Next week I’ll be heading over to Las Vegas for the world’s biggest security and hacking conferences; Blackhat and DEFCON. Here’s a short run-down of some presentations and briefings that are related to mobile. Obviously there are many others that may also be relevant to mobile (e.g. SSL attacks or HTML5). As you can see, mobile interest is again steadily going up, as well as in other embedded platforms such as automotive and in-home systems. It looks like it is going to be a pretty interesting, if slightly scary week!
Blackhat
- A Practical Attack Against MDM Solutions
- Android: One Root to Own Them All
- BlackberryOS 10 From a Security Perspective
- Bluetooth Smart: The Good, The Bad, the Ugly, And The Fix!
- Hiding @ Depth – Exploring, Subverting and Breaking NAND Flash Memory
- How to Build a Spyphone
- I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning With a Compromised CDMA Femtocell
- Legal Considerations for Cellphone Research
- Mactans: Injecting Malware Into iOS Devices Via Malicious Chargers
- Mobile Rootkits: Exploiting and Rootkitting ARM TrustZone
- Multiplexed Wired Attack Surfaces
- Rooting SIM Cards
- Embedded Devices Security and Firmware Reverse Engineering
- JTAGulator: Assisted Discovery of On-Chip Debug Interfaces
- Abusing Web APIs Through Scripted Android Applications
- Beyond the Application: Cellular Privacy Regulation Space
- LTE Booms with Vulnerabilities
- Mobile Malware: Why the Traditional AV Paradigm Is Doomed and How To Use Physics To Detect Undesirable Routines
- OPSEC Failures of Spies
- Hacking Like In The Movies: Visualizing Page Tables For Local Exploitation
DEFCON
- I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning With a Compromised CDMA Femtocell (same as Blackhat)
- The Secret Life of SIM Cards
- DragonLady: An Investigation of SMS Fraud Operations in Russia
- Business Logic Flaws in Mobile Operators Services
- Protecting Data With Short-Lived Encryption Keys and Hardware Root of Trust
- Do-It-Yourself Cellular IDs (same as Blackhat)
- Android WebLogin: Google’s Skeleton Key
- Building an Android IDS on Network Level
- Defeating SEAndroid
- Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks
- BYO-Disaster and Why Corporate Wireless Security Still Sucks
- JTAGulator: Assisted Discovery Of On-Chip Debug Interfaces (same as Blackhat)
- Combatting Mac OSX/iOS Malware with Data Visualization
- Blucat: Netcat For Bluetooth
- The Bluetooth Device Database