8 Can’t-Miss Mobile AppSec Sessions at Black Hat USAPosted by Brian Lawrence Tony Ramirez Ashleigh Lee
We at NowSecure are excited to return to Black Hat 2018 in Las Vegas with 20,000 like-minded security professionals for a week of sessions, hacks, drinks and fun.
To help you plan your agenda, members of the NowSecure security research and engineering teams selected several key sessions or briefings that we’re eager to attend. If you’d like to catch up with one of our mobile appsec experts at the conference, click here to book a meeting with us or stop by Booth #671.
Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in a Complex Landscape
Parisa Tabriz, Google
Wed., Aug. 8, 9:00 a.m. – 10:00 a.m.
As system complexity grows exponentially, so do the security challenges — from the back end to web to mobile. Learn how to apply principled pragmatism, openness and a dissatisfaction with the status quo to improve security and reliability.
KeenLab iOS Jailbreak Internals: Userland Read-Only Memory Can Be Dangerous
Liang Chen, Tencent KeenLab
Wed., Aug. 8, 11:15 a.m. – 12:05 p.m.
Hear about the risk presented by using Direct Memory Access to achieve device-to-host attacks in iOS and how flaws across Apple Graphics components can result in kernel code execution.
Meltdown: Basics, Details and Consequences
Daniel Gruss, Michael Schwarz, Moritz Lipp, Graz University of Technology
Wed., Aug. 8, 2:40 p.m. – 3:30 p.m.
Meltdown hit PCs and mobile devices with AMD chips. Get the behind-the-scenes view and demos from the guys who found it.
A Brief History of Mitigation: The Path to EL1 in iOS 11
Ian Beer, Google
Wed., Aug. 8, 4:00 p.m. – 4:50 p.m.
The man behind the iOS 11.1.2 async_wake exploit will explain how he did it and his thoughts about what mitigation you might see in iOS 12 and beyond.
ARTist – A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware
Oliver Schranz, CISPA Helmholtz-Zentrum i.G.
Thurs., Aug. 9, 9:00 a.m. – 9:25 a.m.
We love reversing and here’s a new set of tooling. Get the inside story on this Android instrumentation and security toolkit — a novel instrumentation framework that allows for arbitrarily code modification of installed apps, the system server and the Java framework code.
Stealth Mango and the Presence of Mobile Surveillanceware
Andrew Blaich and Michael Flossman, Lookout
Thurs., Aug. 9, 11:00 a.m. – 11:50 a.m.
A new nation state actor has been observed deploying iOS and Android surveillance tooling, known as Stealth Mango and Tangelo. Learn about the depth and breadth of these tools that have compromised government and military devices in many countries.
Exploitation of a Modern Smartphone Baseband
Marco Grassi, Muqing Liu and Tianyi Xie, Tencent KeenLab
Thurs., Aug. 9, 2:30 p.m. – 3:20 p.m.
Hear the stories about how this team of researchers gained remote code execution on the baseband of a smartphone and learn how to find and exploit memory corruption bugs.
For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sale Systems
Leigh-Anne Galloway and Tim Yunusov, Positive Technologies
Thurs., Aug. 9, 3:50 p.m. – 4:40 p.m.
Mobile point-of-sale terminals that handle daily transactions are susceptible to fraud. Watch live demos of new vulnerabilities and explore ways to integrate mPOS into your testing practices.
Pleased to Meet You
Got questions about automating your mobile app security or interested in seeing a brief demo of the NowSecure mobile app security testing and third-party app vetting power tools in action? Stop by Booth #671 to consult with our seasoned team of mobile appsec experts or schedule a meeting.