Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

5/27/2013
08:38 PM
50%
50%

Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches

Lectures delve deep into technical specifics regarding exploits and rootkits

[NOTE: Black Hat and Dark Reading are both part of UBM Tech. As the key July 27th-August 1st information security event in Las Vegas approaches, we'll be sharing information about the show directly from its creators here on Dark Reading.]

Ahead of Friday's early registration deadline, organizers have gathered together more freshly announced content from Black Hat USA 2013's spectacular Briefings lineup to detail for you for the first time.

Click here for more of Dark Reading's Black Hat articles.

So, ahead of Friday's early registration deadline, organizers have three more notable talks to highlight, this time focused on mobile. Thanks to the increasing sophistication of mobile phones, there are all kinds of new ways they can be used for good -- and, sadly, for bad. These lectures delve deep into the technical specifics and consist of the following:

-- In "How To Build a SpyPhone," Kevin McNamee showcases one of the more surprising exploits you may be able to use a phone for. Do you have your phone on sitting on your desk while discussing highly confidential conversation? If so, you could be broadcasting your conversation to someone who has injected a SpyPhone into another Android app without your knowledge. This talk will show how to build, hide, and use (track location, intercept phone calls and SMS messages) just such a SpyPhone.

-- Another technical deep-dive comes in "Mobile rootkits: Exploiting and rootkitting ARM TrustZone," from German security specialist Thomas Roth. Presented originally at our Black Hat Europe show in Amsterdam this March and extremely well-received, Thomas is bringing the talk to North American for the first time with significant expansion. This talk focuses on mobile rootkits -- which are becoming more and more potentially dangerous, and will focus on exploiting TEEs (Trusted Execution Environments) running in ARM TrustZone to hide a TrustZone-based-rootkit.

-- Finally, Black Hat USA 2013 is proud to debut "Android: one root to own them all" from information security veteran Jeff Forristal, a.k.a. RFP (Rain Forest Puppy). Forristal was responsible for the first publicized responsible security disclosure policy (2000) and the first publicized recognition of SQL injection (Phrack, 1998), and he has now brought his considerable skills to bear on the Android OS. The presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013, and an exploit that runs across almost all Android devices (regardless of age). Most interestingly, Forristal will be showing how he did it, why it is important, and how the exploit was created.

More information about Black Hat USA 2013, which has a rapidly growing set of Briefings talks, as well as a comprehensive set of two- and four-day trainings, is available now -- early, reduced-rated registration is open only until close of day on Friday, May 31st.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15246
PUBLISHED: 2020-11-23
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v...
CVE-2020-15247
PUBLISHED: 2020-11-23
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permi...
CVE-2020-15248
PUBLISHED: 2020-11-23
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the ...
CVE-2020-15249
PUBLISHED: 2020-11-23
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since SVG ...
CVE-2020-28927
PUBLISHED: 2020-11-23
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.