There are some interesting briefings happening at the blockbuster hacker convention, Black Hat 2013, in Vegas at the end of next month. We have all the major mobile OS developers (except Windows Phone) covered by multiple sessions with Android taking the prize. What I found very interesting is a dedicated session by Ralf-Philipp Weinmann who is a postdoctoral researcher at the LACS (Laboratory of Algorithms, Cryptology and Security) of the University of Luxembourg. Here is how he describes his session:
BLACKBERRYOS 10 FROM A SECURITY PERSPECTIVE
BlackBerry prides itself with being a strong contender in the field of secure mobile platforms. While traditionally BlackBerryOS was based on a proprietary RTOS with a JVM propped on top, the architecture was completely overhauled with BlackBerryOS 10. Now the base operating system is the formerly off-the-shelf RTOS QNX, which doesn’t exactly have an excellent security track record. Moreover, for the first time in BBOS history, native code applications are allowed on the platform.
This talk will present an analysis of the attack surface of BBOS 10, considering both ways to escalate privileges locally and routes for remote entry. Moreover, since exploitation is only half the work of offense, we’ll show ways for rootkits to persist on the device. Last but not least we will settle whether BlackBerry Balance really holds what it promises: are mobile devices really ready to securely separate crucial business data from Angry Birds?
Now that is definitely a session I would love to sit in on though I am not sure if it will have any practical ramifications. The main thing Weinmann is highlighting is that the BlackBerry OS is no longer a black box like the previous models. On the other hand we have quite a few researchers digging into some crazy exploits on Android and iOS. We have one team who is going to detail exactly how to inject malware into iOS devices via malicious chargers. This exploit works on non-jailbroken and jailbroken devices and all current generation devices.
On top of that they have quite a few sessions on Android security issues. The most interesting one is the “Android: One Root to Own Them All” which is essentially a huge security bug that was disclosed to Google in February. It allows any malicious developer to modify an APK install file without breaking the signature and add malicious code. It works on a wide number of Android devices across generations and architectures with little to no modification. This is stressed even further by the Spyphone briefing where researchers are showing off how they can inject a SpyPhone service into any Android application and track the phones location, intercept phone calls, sms, email, contacts, camera, and everything without being detected. There are a few others that are also of interest attacking NAND flash itself and attacking page tables.
Let us know if you will be going to Black Hat 2013!
PS: There is also a great session at the DefCon conference on Defeating the NSA’s SEAndroid which Samsung is using to tout their enterprise readiness and security. Pau Oliva Fora is set to describe how Vendors “FAIL in properly implementing SEAndroid protection.”
Image Credit: Failblog