Tag: Ricardo Dahab

ARES 2015

~ hucktech ~ Leave a comment

The 2015 ARES Conference (the Int’l Conference on Availability, Reliability, and Security), is happening in France later this month. There’s a variety of interesting talks on the schedule: focusing on firmware security, a few jump out, and I’m sure I’ve missed a bunch:

Cold Boot Attacks on DDR2 and DDR3 SDRAM
Simon Lindenlauf, Hans Höfken, Marko Schuba

Hardware Security Evaluation Using Assurance Case Models
Henrique Kawakami, Roberto Gallo, Ricardo Dahab, Erick Nascimento

Virtual Machine Introspection_c_ Techniques and Applications
Yacine Hebbal, Sylvie Laniepce, Jean-Marc Menaud

A Lightweight Framework for Cold Boot Based Forensics on Mobile Devices
Benjamin Taubmann, Manuel Huber, Sascha Wessel, Lukas Heim, Hans Peter Reiser, Georg Sigl

Don’t brick your car: Firmware confidentiality and rollback for vehicles
Hafizah Mansor, Konstantinos Markantonakis, Raja Naeem Akram, Keith Mayes

Watch what you wear: preliminary forensic analysis of smart watches
Ibrahim Baggili, Kyle Anthony, Jeff Oduru, Frank Breitinger, Glenn McGee

Physically Secure Code and Data Storage in Autonomously Booting Systems
Johannes Götzfried, Johannes Hampel, Tilo Müller

Complexity Estimates of a SHA-1 Near-Collision Attack for GPU and FPGA
Stefan Gradinger, Bernhard Greslehner-Nimmervoll, Jürgen Fuß, Robert Kolmhofer

New Android security research

~ hucktech ~ Leave a comment

As reported yesterday by Lucian Armasu in TomsHardware.com, there’s a research paper that talks about security issues of customizing mobile devices:

Security and system architecture: comparison of Android customizations
Roberto Gallo, Patricia Hongo, Ricardo Dahab, Luiz C. Navarro, Henrique Kawakami, Kaio Galvão, Glauber Junqueira, and Luander Ribeiro
“Smartphone manufacturers frequently customize Android distributions so as to create competitive advantages by adding, removing and modifying packages and configurations. In this paper we show that such modifications have deep architectural implications for security. We analysed five different distributions: Google Nexus 4, Google Nexus 5, Sony Z1, Samsung Galaxy S4 and Samsung Galaxy S5, all running OS versions 4.4.X (except for Samsung S4 running version 4.3). Our conclusions indicate that serious security issues such as expanded attack surface and poorer permission control grow sharply with the level of customization.”

https://dl.acm.org/citation.cfm?id=2766519

See the TomsHardware article for some additional comments, beyond the research.

http://www.tomshardware.com/news/customized-android-firmware-security-vulnerabilities,29631.html

(Re: ‘firmware’ use in TomHardware article, I wish there was more granularity for the term ‘firmware’, it is often used to refer to embedded OS code on mobile devices.)