Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

5/27/2013
08:38 PM
50%
50%

Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches

Lectures delve deep into technical specifics regarding exploits and rootkits

[NOTE: Black Hat and Dark Reading are both part of UBM Tech. As the key July 27th-August 1st information security event in Las Vegas approaches, we'll be sharing information about the show directly from its creators here on Dark Reading.]

Ahead of Friday's early registration deadline, organizers have gathered together more freshly announced content from Black Hat USA 2013's spectacular Briefings lineup to detail for you for the first time.

Click here for more of Dark Reading's Black Hat articles.

So, ahead of Friday's early registration deadline, organizers have three more notable talks to highlight, this time focused on mobile. Thanks to the increasing sophistication of mobile phones, there are all kinds of new ways they can be used for good -- and, sadly, for bad. These lectures delve deep into the technical specifics and consist of the following:

-- In "How To Build a SpyPhone," Kevin McNamee showcases one of the more surprising exploits you may be able to use a phone for. Do you have your phone on sitting on your desk while discussing highly confidential conversation? If so, you could be broadcasting your conversation to someone who has injected a SpyPhone into another Android app without your knowledge. This talk will show how to build, hide, and use (track location, intercept phone calls and SMS messages) just such a SpyPhone.

-- Another technical deep-dive comes in "Mobile rootkits: Exploiting and rootkitting ARM TrustZone," from German security specialist Thomas Roth. Presented originally at our Black Hat Europe show in Amsterdam this March and extremely well-received, Thomas is bringing the talk to North American for the first time with significant expansion. This talk focuses on mobile rootkits -- which are becoming more and more potentially dangerous, and will focus on exploiting TEEs (Trusted Execution Environments) running in ARM TrustZone to hide a TrustZone-based-rootkit.

-- Finally, Black Hat USA 2013 is proud to debut "Android: one root to own them all" from information security veteran Jeff Forristal, a.k.a. RFP (Rain Forest Puppy). Forristal was responsible for the first publicized responsible security disclosure policy (2000) and the first publicized recognition of SQL injection (Phrack, 1998), and he has now brought his considerable skills to bear on the Android OS. The presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013, and an exploit that runs across almost all Android devices (regardless of age). Most interestingly, Forristal will be showing how he did it, why it is important, and how the exploit was created.

More information about Black Hat USA 2013, which has a rapidly growing set of Briefings talks, as well as a comprehensive set of two- and four-day trainings, is available now -- early, reduced-rated registration is open only until close of day on Friday, May 31st.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.