Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

5/27/2013
08:38 PM
50%
50%

Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches

Lectures delve deep into technical specifics regarding exploits and rootkits

[NOTE: Black Hat and Dark Reading are both part of UBM Tech. As the key July 27th-August 1st information security event in Las Vegas approaches, we'll be sharing information about the show directly from its creators here on Dark Reading.]

Ahead of Friday's early registration deadline, organizers have gathered together more freshly announced content from Black Hat USA 2013's spectacular Briefings lineup to detail for you for the first time.

Click here for more of Dark Reading's Black Hat articles.

So, ahead of Friday's early registration deadline, organizers have three more notable talks to highlight, this time focused on mobile. Thanks to the increasing sophistication of mobile phones, there are all kinds of new ways they can be used for good -- and, sadly, for bad. These lectures delve deep into the technical specifics and consist of the following:

-- In "How To Build a SpyPhone," Kevin McNamee showcases one of the more surprising exploits you may be able to use a phone for. Do you have your phone on sitting on your desk while discussing highly confidential conversation? If so, you could be broadcasting your conversation to someone who has injected a SpyPhone into another Android app without your knowledge. This talk will show how to build, hide, and use (track location, intercept phone calls and SMS messages) just such a SpyPhone.

-- Another technical deep-dive comes in "Mobile rootkits: Exploiting and rootkitting ARM TrustZone," from German security specialist Thomas Roth. Presented originally at our Black Hat Europe show in Amsterdam this March and extremely well-received, Thomas is bringing the talk to North American for the first time with significant expansion. This talk focuses on mobile rootkits -- which are becoming more and more potentially dangerous, and will focus on exploiting TEEs (Trusted Execution Environments) running in ARM TrustZone to hide a TrustZone-based-rootkit.

-- Finally, Black Hat USA 2013 is proud to debut "Android: one root to own them all" from information security veteran Jeff Forristal, a.k.a. RFP (Rain Forest Puppy). Forristal was responsible for the first publicized responsible security disclosure policy (2000) and the first publicized recognition of SQL injection (Phrack, 1998), and he has now brought his considerable skills to bear on the Android OS. The presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013, and an exploit that runs across almost all Android devices (regardless of age). Most interestingly, Forristal will be showing how he did it, why it is important, and how the exploit was created.

More information about Black Hat USA 2013, which has a rapidly growing set of Briefings talks, as well as a comprehensive set of two- and four-day trainings, is available now -- early, reduced-rated registration is open only until close of day on Friday, May 31st.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis Group,  2/25/2020
Google Adds More Security Features Via Chronicle Division
Robert Lemos, Contributing Writer,  2/25/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9431
PUBLISHED: 2020-02-27
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
CVE-2020-9432
PUBLISHED: 2020-02-27
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
CVE-2020-9433
PUBLISHED: 2020-02-27
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
CVE-2020-9434
PUBLISHED: 2020-02-27
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
CVE-2020-6383
PUBLISHED: 2020-02-27
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.