Smartphones have gone from novel to ubiquitous in record time, and now that most people walk around with an internet-connected computer in their pocket all the time, it's never been more critical for cybersecurity professionals to stay on the cutting edge of mobile security.
Black Hat events are a key way to accomplish that, and with this year's virtual Black Hat USA event coming up next month we wanted to quickly highlight some of the exciting mobile-focused Briefings, Trainings, and Arsenal tools you'll have access to when you attend!
First and foremost, there's still a little room left in the popular Offensive Mobile Reversing and Exploitation Training, which has been expanded on from prior versions to encompass a full 4 days of learning and hands-on practice.
Sign up to attend this 4-day Training now and look forward to receiving a basic introduction to security and reverse-engineering ARM64, iOS, and Android, as well as a practical walkthrough of the iOS and Android kernels. You'll learn everything from how to reverse-engineer iOS and Android binaries to how to write jailbreaks and exploits, and how to audit iOS and Android apps for vulnerabilities. This course is ideal for penetration testers, mobile developers or anyone keen to learn mobile application and OS security; don't miss your chance to sign up today!
You'll also have an assortment of Briefings to check out at Black Hat USA which cover a variety of mobile security issues. Stealthily Access Your Android Phones: Bypass the Bluetooth Authentication, for example, will clue you in to two new ways to bypass Bluetooth authentications and gain profile access. You'll learn about a new, yet-undisclosed zero-day vulnerability BlueRepli, as well as a new attack method of obtaining permissions when the target has only one interaction, which can be made very deceptive. You'll also get clear examples of how these novel bypass methods can yield mobile phone contact information, call history, stolen SMS verification codes, and fake text messages sent using the vulnerable phone.
And of course, if you drop by the (virtual) Arsenal to check out this year's lineup of mobile security tool vendors you can check out BlueRepli for yourself. Get a demo of BlueRepli Plus and see for yourself how it scans the surrounding Android phones via Bluetooth to potentially attack any Android phones found. If the target Android phone has a BlueRepli vulnerability, the user can obtain the phone's address book, SMS message, or send a fake text message without the target noticing; if the target Android phone is not affected by the BlueRepli vulnerability, the tool allows the user to disguise as a well-known application name or other very confusing names, to deceive the target, obtain permissions, and potentially achieve the same attack effect.
Register now for this year's fully virtual Black Hat USA, still scheduled to take place August 1st through 6th, and get more information about the event on the Black Hat website.