Mobile Exploits, Oh My!

Following up on yesterday's action-packed protocol Intel update, we've gathered together more freshly announced content from Black Hat USA 2013's spectacular Briefings line-up to detail for you for the first time. And yet again, there's a host of impressive debuts in here.

So, ahead of Friday's early registration deadline, we've got three more killer talks, this time focused on mobile. Thanks to the increasing sophistication of mobile phones, there's all kinds of news ways they can be used for both good - and, sadly, for bad. These lectures delve deep into the technical specifics, so let's take it away:

• In 'How To Build a SpyPhone', Kevin McNamee showcases one of the more eye-opening ways to leverage a mobile phone. Do you have your phone on sitting on your desk while discussing highly confidential conversation? If so, you could be broadcasting your conversation to someone who has injected a SpyPhone into another Android app without your knowledge. This talk will show how to build, hide and use (track location, intercept phone calls and SMS messages) just such a SpyPhone.
• Another technical deep-dive comes in 'Mobile rootkits: Exploiting and rootkitting ARM TrustZone', from German security specialist Thomas Roth. Presented originally at our Black Hat Europe show in Amsterdam this March and extremely well received, Thomas is bringing the talk to North America for the first time with significant expansion. This talk focuses on mobile rootkits - which are becoming more and more potentially dangerous, and will focus on exploiting TEEs (Trusted Execution Environments) running in ARM TrustZone to hide a TrustZone-based-rootkit.
• Finally, Black Hat USA 2013 is proud to debut 'Android: one root to own them all' from information security veteran Jeff Forristal, aka RFP or 'Rain Forest Puppy'. Forristal was responsible for the first publicized responsible security disclosure policy (2000) and the first publicized recognition of SQL injection (Phrack, 1998), and he's now brought his considerable skills to bear on the Android OS. The presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013, and an exploit that runs across almost all Android devices (regardless of age). Most interestingly, Forristal will be showing how he did it, why it is important, and how the exploit was created.

Of course, these aren't the only mobile talks we have at our July show in Las Vegas - just check out the rest of the Briefings content for Black Hat USA to see the crazy length and breadth of content we're pulling out for this year's event. (Don't forget you can sign up for 2-day or 4-day Trainings as well, to be held ahead of the Briefings.)