{"id":357,"date":"2011-02-25T07:09:41","date_gmt":"2011-02-25T06:09:41","guid":{"rendered":"http:\/\/cerezo.name\/blog\/?p=357"},"modified":"2024-10-14T14:26:33","modified_gmt":"2024-10-14T12:26:33","slug":"presentations-on-smartphone-security","status":"publish","type":"post","link":"http:\/\/cerezo.name\/blog\/2011\/02\/25\/presentations-on-smartphone-security\/","title":{"rendered":"Presentations about Smartphone Security"},"content":{"rendered":"<p style=\"text-align: justify;\">A list of the best presentations about smartphone security all over the&nbsp;net:<\/p>\n<ul style=\"text-align: justify;\">\n<li><a href=\"http:\/\/cansecwest.com\/csw09\/csw09-ortega-economou.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Smartphone In(Security)<\/a>. Android\/iPhone multi-platform shellcode.<\/li>\n<li><a href=\"http:\/\/www.blackhat.com\/presentations\/bh-usa-09\/IOZZO\/BHUSA09-Iozzo-iPhoneMeterpreter-SLIDES.pdf\" target=\"_blank\" rel=\"noopener\">Post Exploitation Bliss: Meterpreter for iPhone<\/a>. iPhone shellcode development.<\/li>\n<li><a href=\"http:\/\/cansecwest.com\/csw09\/csw09-alvarez.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">The Smart-Phones Nightmare<\/a>. iPhone shellcode development.<\/li>\n<li><a href=\"https:\/\/media.blackhat.com\/bh-us-11\/Le\/BH_US_11_Le_ARM_Exploitation_ROPmap_Slides.pdf\" target=\"_blank\" rel=\"noopener\"><span class=\"caps\">ARM<\/span> Exploitation <span class=\"caps\">ROPMAP<\/span><\/a>. <span class=\"caps\">ROP<\/span> automation for&nbsp;<span class=\"caps\">ARM<\/span>.<\/li>\n<li><a href=\"http:\/\/reverse.put.as\/wp-content\/uploads\/2011\/06\/D1T1-Stefan-Esser-Antid0te-2.0-ASLR-in-iOS.pdf\" target=\"_blank\" rel=\"noopener\">Antid0te 2.0 \u2014 <span class=\"caps\">ASLR<\/span> in iOS<\/a>. Perfecting the <span class=\"caps\">ASLR<\/span> protection of&nbsp;iOS.<\/li>\n<li><a href=\"http:\/\/reverse.put.as\/wp-content\/uploads\/2011\/06\/BH_US_11_Belenko_iOS_Forensics_Slides.pdf\" target=\"_blank\" rel=\"noopener\">Overcoming iOS Data Protection to Re-enable iPhone Forensic<\/a>. A summary on iOS protections.<\/li>\n<li><a href=\"http:\/\/www.slideshare.net\/seguridadapple\/targeting-the-ios-kernel\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Targeting the iOS kernel<\/a>. Advanced security-related debugging techniques.<\/li>\n<li><a href=\"http:\/\/www.ruxconbreakpoint.com\/assets\/Uploads\/bpx\/D1T2%20-%20Mark%20Dowd%20&amp;%20Tarjei%20Mandt%20-%20iOS6%20Security.pdf\" target=\"_blank\" rel=\"noopener\">iOS 6 Security<\/a>. New iOS security features.<\/li>\n<li><a href=\"http:\/\/conference.hitb.org\/hitbsecconf2012ams\/materials\/D1T2%20-%20MuscleNerd%20-%20Evolution%20of%20iPhone%20Baseband%20and%20Unlocks.pdf\">Evolution of iPhone Baseband and Unlocks<\/a>.<\/li>\n<li><a href=\"https:\/\/media.blackhat.com\/bh-us-12\/Briefings\/Esser\/BH_US_12_Esser_iOS_Kernel_Heap_Armageddon_Slides.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">iOS Kernel Heap Armageddon Revisited<\/a>.<\/li>\n<li><a href=\"http:\/\/media.blackhat.com\/bh-dc-11\/Avraham\/BlackHat_DC_2011_Avraham-Popping_Android_Devices-Slides.pdf\" target=\"_blank\" rel=\"noopener\">Popping Shell on A(ndroid)<span class=\"caps\">RM<\/span> Devices<\/a>. Android shellcode development.<\/li>\n<li><a href=\"http:\/\/www.scribd.com\/doc\/59752686\/Beating-up-on-Android-Practical-Android-Attacks\" class=\"broken_link\">Beating up on Android<\/a>. Android exploit recap and development.<\/li>\n<li><a href=\"http:\/\/www2.dcsec.uni-hannover.de\/files\/android\/p50-fahl.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Why Eve and Mallory Love Android: An Analysis of Android <span class=\"caps\">SSL<\/span> (In)Security<\/a>. <span class=\"caps\">SSL<\/span> is hard for developers, mobile or&nbsp;not.<\/li>\n<li><a href=\"http:\/\/virtualabs.fr\/ndh2k11\/hacking-android.pdf\" target=\"_blank\" rel=\"noopener\">Hacking Android for fun <span class=\"amp\">&amp;<\/span> profit<\/a>. In-depth view of the Android security system.<\/li>\n<li><a href=\"http:\/\/korben.info\/wp-content\/uploads\/defcon\/SpeakerPresentations\/Pan\/DEFCON-20-Pan-APK-File-Infection-on-Android-System.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\"><span class=\"caps\">APK<\/span> Infection on Android<\/a>. Easy virii for Android install files.<\/li>\n<li><a href=\"http:\/\/www.ruxconbreakpoint.com\/assets\/Uploads\/bpx\/Breakpoint2012-Android-Schatz.pdf\" target=\"_blank\" rel=\"noopener\">Android Forensic Deep Dive<\/a>.<\/li>\n<li><a href=\"http:\/\/www.fortiguard.com\/files\/insomnidroid.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Android Reverse Engineering Tools<\/a>.<\/li>\n<li><a href=\"http:\/\/conference.hitb.org\/hitbsecconf2012ams\/materials\/D2T1%20-%20Georgia%20Weidman%20-%20Bypassing%20the%20Android%20Permission%20Model.pdf\">Bypassing the Android Permission Model<\/a>.<\/li>\n<li><a href=\"http:\/\/korben.info\/wp-content\/uploads\/defcon\/SpeakerPresentations\/Cannon\/DEFCON-20-Cannon-Into-The-Droid.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Into the Droid: Gaining Access to Android User Data<\/a>.<\/li>\n<li><a href=\"https:\/\/media.blackhat.com\/bh-eu-12\/Erasmus\/bh-eu-12-Erasmus-Heavy-Metal_Poisoned_Droid-Slides.pdf\" target=\"_blank\" rel=\"noopener\">The Heavy Metal That Poisoned the Droid<\/a>. Reduce the attack surface of Android applications.<\/li>\n<li><a href=\"https:\/\/media.blackhat.com\/bh-us-11\/Schuetz\/BH_US_11_Schuetz_InsideAppleMDM_Slides.pdf\" target=\"_blank\" rel=\"noopener\">Inside Apple\u2019s <span class=\"caps\">MDM<\/span> Black Box<\/a>. Just an overview of Apple\u2019s Mobile Device Management system.<\/li>\n<li><a href=\"http:\/\/www.defcon.org\/images\/defcon-18\/dc-18-presentations\/Lineberry\/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">These aren\u2019t the permissions you\u2019re looking for<\/a>. Weak permissions on the Android file system and applications.<\/li>\n<li><a href=\"http:\/\/www.mulliner.org\/symbian\/feed\/CollinMulliner_ExploitingSymbian_25C3.pdf\" target=\"_blank\" rel=\"noopener\">Exploiting Symbian<\/a>. Symbian shellcode development.<\/li>\n<li><a href=\"http:\/\/www.ekoparty.org\/archive\/2010\/ekoparty_2010-Monti-iphone_rootkit.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">iPhone Rootkit? There\u2019s an App for That!<\/a>. How to make iPhone rootkits from jailbreaks.<\/li>\n<li><a href=\"http:\/\/www.isecpartners.com\/storage\/docs\/presentations\/iOS_Secure_Development_SOURCE_Boston_2011.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Secure Development in iOS<\/a>. The point of view of a pentester.<\/li>\n<li><a href=\"https:\/\/www.owasp.org\/images\/5\/5e\/The_smartphone_penetration_testing_framework-Georgia_Weidman.pdf\" target=\"_blank\" rel=\"noopener\">Introducing the Smartphone Pentesting Framework<\/a>. Very useful, albeit basic, set of pentesting tools.<\/li>\n<li><a href=\"http:\/\/www.defcon.org\/images\/defcon-18\/dc-18-presentations\/Trustwave-Spiderlabs\/DEFCON-18-Trustwave-Spiderlabs-Android-Rootkit.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">This is not the droid you\u2019re looking for<\/a>. Android rootkit development.<\/li>\n<li><a href=\"http:\/\/www.blackhat.com\/presentations\/bh-dc-10\/Seriot_Nicolas\/BlackHat-DC-2010-Seriot-iPhone-Privacy-slides.pdf\" target=\"_blank\" rel=\"noopener\">iPhone Privacy<\/a>. Handset data privacy and the SpyPhone app.<\/li>\n<li><a href=\"https:\/\/media.blackhat.com\/bh-us-10\/presentations\/Mahaffey_Hering\/Blackhat-USA-2010-Mahaffey-Hering-Lookout-App-Genome-slides.pdf\" target=\"_blank\" rel=\"noopener\">App Attack<\/a>. Android\/iPhone apps security analysis.<\/li>\n<li><a href=\"http:\/\/www.usenix.org\/event\/sec11\/tech\/slides\/enck.pdf\" target=\"_blank\" rel=\"noopener\">A Study of Android Application Security<\/a>. Mass-scale Android app decompilation.<\/li>\n<li><a href=\"http:\/\/www.floyd.ch\/download\/Android_0sec.pdf\" target=\"_blank\" rel=\"noopener\">Reversing Android Apps<\/a>. Good overview of tools for decompilation.<\/li>\n<li><a href=\"https:\/\/labs.mwrinfosecurity.com\/system\/assets\/128\/original\/mwri_wp7-bluehat-technical_2011-11-08.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Windows Pwn 7 <span class=\"caps\">OEM<\/span> \u2013 Owned Every Mobile?<\/a> Always easy hacks on new&nbsp;OSes.<\/li>\n<li><a href=\"https:\/\/media.blackhat.com\/bh-us-12\/Briefings\/Oi\/BH_US_12_Oi_Windows_Phone_Slides.pdf\" target=\"_blank\" rel=\"noopener\">Windows Phone 7 Internals and Exploitability<\/a>.<\/li>\n<li><a href=\"http:\/\/www.blackhat.com\/presentations\/bh-europe-08\/Niemela\/Presentation\/bh-eu-08-niemela.pdf\" target=\"_blank\" rel=\"noopener\">Detecting Mobile Phone Spy Tools<\/a>. FlexiSpy and its&nbsp;spawn.<\/li>\n<li><a href=\"http:\/\/www.defcon.org\/images\/defcon-19\/dc-19-presentations\/Shah\/DEFCON-19-Shah-Mobile-Moolah.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Mobile App Moolah: Profit taking with Mobile Malware<\/a>. An overview of frequent malware.<\/li>\n<li><a href=\"https:\/\/media.blackhat.com\/bh-us-11\/Daswani\/BH_US_11_Daswani_Mobile_Malware_Slides.pdf\" target=\"_blank\" rel=\"noopener\">Mobile Malware Madness and How to Cap the Mad Hatters<\/a>. On behavioural detection of mobile malware.<\/li>\n<li><a href=\"http:\/\/www.grmn00bs.com\/GeorgiaW_Smartphone_Bots_SLIDES_Shmoocon2011.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Transparent Botnet Control for Smartphones over <span class=\"caps\">SMS<\/span><\/a>. Basic Android botnet with <span class=\"caps\">SMS<\/span> C<span class=\"amp\">&amp;<\/span>C.<\/li>\n<li><a href=\"http:\/\/mulliner.org\/collin\/academic\/publications\/ibots_MALWARE2010.pdf\" target=\"_blank\" rel=\"noopener\">Rise of the iBots: 0wning a telco network<\/a>. Botnet architecture with <span class=\"caps\">SMS<\/span>\/<span class=\"caps\">P2P<\/span> C<span class=\"amp\">&amp;<\/span>C.<\/li>\n<li><a href=\"http:\/\/www.blackhat.com\/presentations\/bh-usa-09\/BURNS\/BHUSA09-Burns-AndroidSurgery-SLIDES.pdf\" target=\"_blank\" rel=\"noopener\">Exploratory Android Surgery<\/a>. Android Intent fuzzing and sniffing.<\/li>\n<li><a href=\"http:\/\/conference.hitb.org\/hitbsecconf2011kul\/materials\/D2T1%20-%20Marc%20Blanchou%20and%20Mathew%20Solnik%20-%20Blackbox%20Android.pdf\" target=\"_blank\" rel=\"noopener\">Blackbox Android<\/a>. Breaking \u201cEnterprise Class\u201d Applications and Secure Containers.<\/li>\n<li>Pwning a <span class=\"caps\">4G<\/span> Device for the Lulz. Multiple attack recombination.<\/li>\n<li><a href=\"http:\/\/www.mulliner.org\/pocketpc\/feed\/pocketpcmms_collinmulliner_23c3.pdf\" target=\"_blank\" rel=\"noopener\">Advanced Attacks Against PocketPC Phones<\/a>. PocketPC <span class=\"caps\">MMS<\/span> User Agent attack.<\/li>\n<li><a href=\"http:\/\/www.blackhat.com\/presentations\/bh-europe-06\/bh-eu-06-fx.pdf\" target=\"_blank\" rel=\"noopener\">Analyzing Complex Systems: The Blackberry Case<\/a>. General Blackberry security.<\/li>\n<li><a href=\"http:\/\/www.donkeyonawaffle.org\/misc\/MonkeyBerries-isec-2010.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Smartphone Backdoors: An Analysis of Blackberry and Other Mobile Device Spyware<\/a>. On the Blackberry TXSBBSpy backdoor.<\/li>\n<li><a href=\"http:\/\/www.blackhat.com\/presentations\/bh-europe-05\/BH_EU_05-deHaas.pdf\" target=\"_blank\" rel=\"noopener\">Symbian Phone Security<\/a>. General Symbian security.<\/li>\n<li><a href=\"http:\/\/www.blackhat.com\/presentations\/bh-europe-06\/bh-eu-06-Niemela\/bh-eu-06-Niemela-up.pdf\" target=\"_blank\" rel=\"noopener\">Symbian Malware<\/a>. Basics on Symbian malware.<\/li>\n<li><a href=\"http:\/\/www.mulliner.org\/nfc\/feed\/collin_mulliner_25c3_attacking_nfc_phones.pdf\" target=\"_blank\" rel=\"noopener\">Attacking <span class=\"caps\">NFC<\/span> Mobile Phones<\/a>. Simple DoS and authentication issues on <span class=\"caps\">S40<\/span> phones.<\/li>\n<li><a href=\"http:\/\/www.mulliner.org\/nfc\/feed\/nfc_ndef_security_ninjacon_2011.pdf\" target=\"_blank\" rel=\"noopener\">Hacking <span class=\"caps\">NFC<\/span> and <span class=\"caps\">NDEF<\/span><\/a>. Revisiting the previous slides.<\/li>\n<li><a href=\"http:\/\/media.risky.biz\/EUSecWest-SoBenn-Transit2012-Preview.pdf\" target=\"_blank\" rel=\"noopener\"><span class=\"caps\">NFC<\/span> for Free Rides and Rooms<\/a>. How to UltraReset the transit cards.<\/li>\n<li><a href=\"http:\/\/www.mulliner.org\/android\/feed\/binaryinstrumentationandroid_mulliner_summercon12.pdf\" target=\"_blank\" rel=\"noopener\">Binary Instrumentation Framework for Android<\/a>. Binary instrumentation for <span class=\"caps\">NFC<\/span>\/<span class=\"caps\">RFID<\/span> tag reading.<\/li>\n<li><a href=\"https:\/\/www.blackhat.com\/presentations\/bh-dc-08\/Steve-DHulton\/Presentation\/bh-dc-08-steve-dhulton.pdf\" target=\"_blank\" rel=\"noopener\">Intercepting <span class=\"caps\">GSM<\/span> traffic<\/a>. <span class=\"caps\">A5<\/span>\/1 cracking.<\/li>\n<li><a href=\"http:\/\/events.ccc.de\/congress\/2009\/Fahrplan\/attachments\/1519_26C3.Karsten.Nohl.GSM.pdf\" target=\"_blank\" rel=\"noopener\"><span class=\"caps\">GSM<\/span> \u2014 <span class=\"caps\">SRSLY<\/span>?<\/a>. More on <span class=\"caps\">A5<\/span>\/1 cracking and <span class=\"caps\">A5<\/span>\/3 cracking.<\/li>\n<li><a href=\"http:\/\/events.ccc.de\/camp\/2011\/Fahrplan\/attachments\/1868_110810.SRLabs-Camp-GRPS_Intercept.pdf\" target=\"_blank\" rel=\"noopener\"><span class=\"caps\">GPRS<\/span> Intercept: Wardriving your country<\/a>. Old attacks, not going&nbsp;fast.<\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li><a href=\"http:\/\/events.ccc.de\/congress\/2011\/Fahrplan\/attachments\/1994_111217.SRLabs-28C3-Defending_mobile_phones.pdf\" target=\"_blank\" rel=\"noopener\">Defending mobile phones<\/a>. On the predictable padding of the <span class=\"caps\">GSM<\/span> protocol.<\/li>\n<li><a href=\"http:\/\/www.slideshare.net\/ipse\/open-source-4g-radio\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Open source <span class=\"caps\">4G<\/span> radio<\/a>. A WiMAX scanner in Matlab.<\/li>\n<li><a href=\"http:\/\/www.youtube.com\/watch?v=rr2u1lrqDsI\" target=\"_blank\" rel=\"noopener\">All Your Baseband Are Belong To Us<\/a>. An exploration on remote &nbsp;baseband exploitation.<\/li>\n<li><a href=\"https:\/\/www.blackhat.com\/presentations\/bh-usa-07\/Joglekar\/Presentation\/bh-usa-07-joglekar.pdf\" target=\"_blank\" rel=\"noopener\">Vulnerabilities in Dual-mode\/Wi-Fi phones<\/a>. VoIP vulnerabilities.<\/li>\n<li><a href=\"http:\/\/www.syscan.org\/index.php\/download\/get\/cf272427224c550a7f39ebaae737e5fa\/Day2_Speaker_04_Philippe_Langlois.zip\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Telecom Signaling Attacks on <span class=\"caps\">3G<\/span> and <span class=\"caps\">LTE<\/span> networks<\/a>. Advanced scanning in telco networks.<\/li>\n<li><a href=\"http:\/\/www.taddong.com\/docs\/BlackHat_DC_2011_Perez-Pico_Mobile_Attacks-Slides.pdf\" target=\"_blank\" rel=\"noopener\">A practical attack against <span class=\"caps\">GPRS<\/span>\/<span class=\"caps\">EDGE<\/span>\/<span class=\"caps\">UMTS<\/span>\/<span class=\"caps\">HSPA<\/span> mobile data communications<\/a>. <span class=\"caps\">GPRS<\/span>\/<span class=\"caps\">EDGE<\/span> connection hijacking via a rogue base station attack.<\/li>\n<li><a href=\"http:\/\/events.ccc.de\/camp\/2011\/Fahrplan\/attachments\/1868_110810.SRLabs-Camp-GRPS_Intercept.pdf\" target=\"_blank\" rel=\"noopener\"><span class=\"caps\">GPRS<\/span> Intercept: Wardriving your country<\/a>.<\/li>\n<li><a href=\"http:\/\/www.virusbtn.com\/pdf\/conference_slides\/2011\/Apvrille-VB2011.pdf\" target=\"_blank\" rel=\"noopener\">An OpenBTS <span class=\"caps\">GSM<\/span> Replication Jail for Mobile Malware<\/a>. <span class=\"caps\">DIY<\/span> network cell.<\/li>\n<li><a href=\"http:\/\/es.scribd.com\/doc\/59561750\/ERNW-HITB-AMS-Mende-Rey-Attacking-Mobile-Telecommunication-Networks-Ger\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Attacking <span class=\"caps\">3G<\/span> and <span class=\"caps\">4G<\/span> mobile telecommunications networks<\/a>. An exploration on network scanning <span class=\"caps\">3G<\/span>\/<span class=\"caps\">4G<\/span> networks.<\/li>\n<li><a href=\"https:\/\/www.troopers.de\/wp-content\/uploads\/2011\/10\/TR12_TelcoSecDay_Langlois_Attacking_GRX.pdf\" target=\"_blank\" rel=\"noopener\">Attacking <span class=\"caps\">GRX<\/span><\/a>. Attacking The <span class=\"caps\">GPRS<\/span> Roaming eXchange.<\/li>\n<li><a href=\"https:\/\/events.ccc.de\/congress\/2009\/Fahrplan\/attachments\/1507_Playing_with_the_GSM_RF_Interface.pdf\" target=\"_blank\" rel=\"noopener\">Playing with the <span class=\"caps\">GSM<\/span> <span class=\"caps\">RF<\/span> interface<\/a>. Random Access Channel bursts (<span class=\"caps\">RACH<\/span>) flooding.<\/li>\n<li><a href=\"https:\/\/media.blackhat.com\/bh-us-10\/presentations\/Grugq\/BlackHat-USA-2010-Gurgq-Base-Jumping-slides.pdf\" target=\"_blank\" rel=\"noopener\">Base Jumping<\/a>. <span class=\"caps\">GSM<\/span> DoS (<span class=\"caps\">RACH<\/span>, <span class=\"caps\">IMSI<\/span> Flood, <span class=\"caps\">IMSI<\/span> Detach).<\/li>\n<li><a href=\"http:\/\/prezi.com\/lmmptb0qldfb\/sim-toolkit-attack\/\" target=\"_blank\" rel=\"noopener\"><span class=\"caps\">SIM<\/span> Toolkit Attack<\/a>. SIM-playing made&nbsp;easy.<\/li>\n<li><a href=\"http:\/\/events.ccc.de\/camp\/2011\/Fahrplan\/attachments\/1867_sim.pdf\" target=\"_blank\" rel=\"noopener\">The blackbox in your phone<\/a>. An easier overview on the functionalities of the&nbsp;<span class=\"caps\">SIM<\/span>.<\/li>\n<li><a href=\"http:\/\/events.ccc.de\/camp\/2011\/Fahrplan\/attachments\/1883_m2m.pdf\" target=\"_blank\" rel=\"noopener\">Machine-to-machine (<span class=\"caps\">M2M<\/span>) security<\/a>. Easy attacks on common setups.<\/li>\n<li><a href=\"https:\/\/events.ccc.de\/congress\/2009\/Fahrplan\/attachments\/1503_openbsc_gsm_fuzzing.pdf\" target=\"_blank\" rel=\"noopener\">Fuzzing your <span class=\"caps\">GSM<\/span> phone using OpenBSC and scapy<\/a>. <span class=\"caps\">GSM<\/span> protocol introduction with some details on how to fuzz the <span class=\"caps\">GSM<\/span> stack (no particular attack is discussed).<\/li>\n<li><a href=\"http:\/\/conference.hitb.org\/hitbsecconf2011kul\/materials\/D1T2%20-%20Laurent%20Weber%20-%20All%20your%20Base%20Stations%20Are%20Belong%20To%20Us.pdf\" target=\"_blank\" rel=\"noopener\">Extending Scapy by a <span class=\"caps\">GSM<\/span> Air Interface<\/a>. Advanced toolkit for <span class=\"caps\">GSM<\/span>&nbsp;DoS.<\/li>\n<li><a href=\"http:\/\/www.mulliner.org\/security\/sms\/feed\/bh-usa-09-sms.pdf\" target=\"_blank\" rel=\"noopener\">Fuzzing the Phone in Your Phone<\/a>. Discovering DoS attacks and remote exploits with fuzzed SMSs on iPhone\/Android\/WinMo.<\/li>\n<li><a href=\"https:\/\/media.blackhat.com\/bh-us-10\/whitepapers\/Bailey_DePetrillo\/BlackHat-USA-2010-Bailey-DePetrillo-The-Carmen-Sandiego-Project-wp.pdf\" target=\"_blank\" rel=\"noopener\">The Carmen-San Diego Project<\/a>. Tricks of the trade to geolocate any mobile phone.<\/li>\n<li><a href=\"http:\/\/events.ccc.de\/congress\/2008\/Fahrplan\/attachments\/1262_25c3-locating-mobile-phones.pdf\" target=\"_blank\" rel=\"noopener\">Locating Mobile Phones using Signalling System #7<\/a>. A different way to explain mobile phone geolocation.<\/li>\n<li><a href=\"http:\/\/events.ccc.de\/congress\/2010\/Fahrplan\/attachments\/1781_27c3-android-geolocation.pdf\" target=\"_blank\" rel=\"noopener\">Android geolocation using <span class=\"caps\">GSM<\/span> network<\/a>. How to extract geolocation information from an Android smartphone.<\/li>\n<li><a href=\"https:\/\/www.defcon.org\/images\/defcon-17\/dc-17-presentations\/defcon-17-brandon_dixon-attacking_sms.pdf\" target=\"_blank\" rel=\"noopener\">Attacking <span class=\"caps\">SMS<\/span>. It\u2019s No Longer Your <span class=\"caps\">BFF<\/span><\/a>. Mail2SMS and <span class=\"caps\">IM2SMS<\/span> abuses.<\/li>\n<li><a href=\"http:\/\/www.blackhat.com\/presentations\/bh-europe-09\/Gassira_Piccirillo\/BlackHat-Europe-2009-Gassira-Piccirillo-Hijacking-Mobile-Data-Connections-slides.pdf\" target=\"_blank\" rel=\"noopener\">Hijacking Mobile Data Connections<\/a>. WAP-provisioning spoofing to hijack mobile connections.<\/li>\n<li><a href=\"http:\/\/www.blackhat.com\/presentations\/bh-usa-09\/LACKEY\/BHUSA09-Lackey-AttackingSMS-SLIDES.pdf\" target=\"_blank\" rel=\"noopener\">Attacking Mobile Phone Messaging<\/a>. <span class=\"caps\">MMS<\/span> spoofing, fingerprinting and various attacks.<\/li>\n<li><a href=\"http:\/\/www.mulliner.org\/security\/feed\/random_tales_mobile_hacker.pdf\" target=\"_blank\" rel=\"noopener\">Random tales from a mobile phone hacker<\/a>. On the <span class=\"caps\">MSISDN<\/span> disclosure in <span class=\"caps\">HTTP<\/span> headers by web proxies and other curiosities.<\/li>\n<li><a href=\"https:\/\/www.isecpartners.com\/presentations\/a-million-little-tracking-devices.html\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">A Million Little Tracking Devices<\/a>. Zoombak in-depth analysis.<\/li>\n<li><a href=\"http:\/\/sebug.net\/paper\/Meeting-Documents\/Ruxcon2011\/Peter_Fillmore_Ruxcon_Presentation2011.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Mobile and Contactless Payment Security<\/a>. Introduction to protocols, formats and attacks.<\/li>\n<li><a href=\"http:\/\/mulliner.org\/security\/pmon\/mulliner_pmon_2012.pdf\" target=\"_blank\" rel=\"noopener\">Probing Mobile Operator Networks<\/a>. What would you find by network scanning the mobile telcos?<\/li>\n<li><a href=\"http:\/\/conference.hitb.org\/hitbsecconf2012kul\/materials\/D1T1%20-%20Philippe%20Langlois%20and%20Emmanuel%20Gadaix%20-%206000%20Ways%20and%20More.pdf\" target=\"_blank\" rel=\"noopener\">Why Telcos Keep Getting Hacked<\/a>. Interesting research on the history of telco security.<\/li>\n<li><a href=\"http:\/\/www.slideshare.net\/geovedi\/satellite-telephony-security\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Satellite Telephony Security<\/a>. Introduction to protocols and call interception.<\/li>\n<li><a href=\"http:\/\/gmr.crypto.rub.de\/slides\/oakland.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Don\u2019t Trust Satellite Phone \u2014 an Analysis of the <span class=\"caps\">GMR<\/span>\u20111 and <span class=\"caps\">GMR<\/span>\u20112 Standards<\/a>. Not even satellite phones are&nbsp;safe!<\/li>\n<li><a href=\"http:\/\/www.codenomicon.com\/resources\/whitepapers\/Intelligent-Bluetooth-Fuzzing-why-bother.pdf\" target=\"_blank\" rel=\"noopener\">Intelligent Bluetooth Fuzzing<\/a>. The ignored but omnipresent protocol.<\/li>\n<li><a href=\"http:\/\/www.sec.t-labs.tu-berlin.de\/%7Enico\/bh2011.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Femtocells: a Poisonous Needle in the Operator\u2019s Hay Stack<\/a>. Interceptions, injections and invading the operator network. Also <a href=\"http:\/\/www.isti.tu-berlin.de\/fileadmin\/fg214\/Papers\/conf_t2_2010.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Hacking Femtocell<\/a>, <a href=\"http:\/\/www.isti.tu-berlin.de\/fileadmin\/fg214\/Papers\/conf_eusectwest10.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Immature Femtocells<\/a> and <a href=\"http:\/\/www.isti.tu-berlin.de\/fileadmin\/fg214\/ravi\/FEMTOCELL_etsi.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Security challenges for Femtocell communication architecture<\/a> from the same author.<\/li>\n<li><a href=\"https:\/\/media.blackhat.com\/bh-us-12\/Briefings\/Rowley\/BH_US_12_Rowley_Microcell_Bricks_Slides.pdf\" target=\"_blank\" rel=\"noopener\">How many bricks does it take to crack a microcell?<\/a><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><strong>Note<\/strong>: this post will be expanded in the future.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A list of the best presentations about smartphone security all over the&nbsp;net: Smartphone In(Security). Android\/iPhone multi-platform shellcode. Post Exploitation Bliss: Meterpreter for iPhone. iPhone shellcode development. The Smart-Phones Nightmare. iPhone shellcode development. <span class=\"caps\">ARM<\/span> Exploitation <span class=\"caps\">ROPMAP<\/span>. <span class=\"caps\">ROP<\/span> automation for&nbsp;<span class=\"caps\">ARM<\/span>. Antid0te 2.0 \u2014 <span class=\"caps\">ASLR<\/span> in iOS. Perfecting the <span class=\"caps\">ASLR<\/span> protection of&nbsp;iOS. Overcoming iOS Data Protection to Re-enable&nbsp;[\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"ngg_post_thumbnail":0},"categories":[6,3],"tags":[],"_links":{"self":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/357"}],"collection":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/comments?post=357"}],"version-history":[{"count":60,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/357\/revisions"}],"predecessor-version":[{"id":1668,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/357\/revisions\/1668"}],"wp:attachment":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/media?parent=357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/categories?post=357"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/tags?post=357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}