informa
News

Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches

Lectures delve deep into technical specifics regarding exploits and rootkits
[NOTE: Black Hat and Dark Reading are both part of UBM Tech. As the key July 27th-August 1st information security event in Las Vegas approaches, we'll be sharing information about the show directly from its creators here on Dark Reading.]

Ahead of Friday's early registration deadline, organizers have gathered together more freshly announced content from Black Hat USA 2013's spectacular Briefings lineup to detail for you for the first time.

Click here for more of Dark Reading's Black Hat articles.

So, ahead of Friday's early registration deadline, organizers have three more notable talks to highlight, this time focused on mobile. Thanks to the increasing sophistication of mobile phones, there are all kinds of new ways they can be used for good -- and, sadly, for bad. These lectures delve deep into the technical specifics and consist of the following:

-- In "How To Build a SpyPhone," Kevin McNamee showcases one of the more surprising exploits you may be able to use a phone for. Do you have your phone on sitting on your desk while discussing highly confidential conversation? If so, you could be broadcasting your conversation to someone who has injected a SpyPhone into another Android app without your knowledge. This talk will show how to build, hide, and use (track location, intercept phone calls and SMS messages) just such a SpyPhone.

-- Another technical deep-dive comes in "Mobile rootkits: Exploiting and rootkitting ARM TrustZone," from German security specialist Thomas Roth. Presented originally at our Black Hat Europe show in Amsterdam this March and extremely well-received, Thomas is bringing the talk to North American for the first time with significant expansion. This talk focuses on mobile rootkits -- which are becoming more and more potentially dangerous, and will focus on exploiting TEEs (Trusted Execution Environments) running in ARM TrustZone to hide a TrustZone-based-rootkit.

-- Finally, Black Hat USA 2013 is proud to debut "Android: one root to own them all" from information security veteran Jeff Forristal, a.k.a. RFP (Rain Forest Puppy). Forristal was responsible for the first publicized responsible security disclosure policy (2000) and the first publicized recognition of SQL injection (Phrack, 1998), and he has now brought his considerable skills to bear on the Android OS. The presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013, and an exploit that runs across almost all Android devices (regardless of age). Most interestingly, Forristal will be showing how he did it, why it is important, and how the exploit was created.

More information about Black Hat USA 2013, which has a rapidly growing set of Briefings talks, as well as a comprehensive set of two- and four-day trainings, is available now -- early, reduced-rated registration is open only until close of day on Friday, May 31st.

Recommended Reading: