This document provides an overview and agenda for dissecting the security of the Blackberry Z10 mobile device. It begins with a review of the Blackberry OS which is built on QNX. It then discusses gaining shell access, various approaches for analyzing the device such as fuzzing and exploiting system utilities, examining the firmware, analyzing the browser and application-level security. It also covers interacting with APIs and MDM capabilities. Metrics are provided on the efficiency of security features compared to other mobile platforms. The document aims to serve as a guide for further researching the Blackberry Z10.
Android forensics an Custom Recovery ImageMohamed Khaled
Mobile Forensic Process
Different Mobile Forensic Scenario
Acquisition Guide
Challenges of Android Forensics
How to Circumvent the Pass Code
Types Of Analyses(Logical analysis)
Types Of Analyses(Physical analysis)
Android Partition Layout
Custom Recovery Modifications
How Data are Stored In Android
Example of Useful Data extracted from Android Image
Operations security (OPSEC) presentations given in Bangkok Python meetup. The presentation covers topics about device encryption, two factor-authentication, SSH, preventing brute force attacks and ensuring your infrastructure integrity.
Android Mobile forensics with custom recoveriesIbrahim Mosaad
The presentation describes how can we do Android Mobile forensics through custom recovery partitions. It explains that different forensics functionalities can be done on android phones through the custom recovery partition. Some of these functionalities are Logical/Physical data acquisition, PIN/Pattern/Passcode bypass, rooting, adb shell and many other functionalities. The presentation also illustrates how can we build our own custom recoveries.
Android forensics an Custom Recovery ImageMohamed Khaled
Mobile Forensic Process
Different Mobile Forensic Scenario
Acquisition Guide
Challenges of Android Forensics
How to Circumvent the Pass Code
Types Of Analyses(Logical analysis)
Types Of Analyses(Physical analysis)
Android Partition Layout
Custom Recovery Modifications
How Data are Stored In Android
Example of Useful Data extracted from Android Image
Operations security (OPSEC) presentations given in Bangkok Python meetup. The presentation covers topics about device encryption, two factor-authentication, SSH, preventing brute force attacks and ensuring your infrastructure integrity.
Android Mobile forensics with custom recoveriesIbrahim Mosaad
The presentation describes how can we do Android Mobile forensics through custom recovery partitions. It explains that different forensics functionalities can be done on android phones through the custom recovery partition. Some of these functionalities are Logical/Physical data acquisition, PIN/Pattern/Passcode bypass, rooting, adb shell and many other functionalities. The presentation also illustrates how can we build our own custom recoveries.
Aov is one of the leading manufacturer & exporter from India. Aov offers comprehensive range of cotton, nylon & polyester socks in size & designs to fit individual customer specifications from Middle East, Europe, Canda & USA.
Esta apresentação é baseada em uma pesquisa que publiquei em 2015 que tratava de malware do tipo mach-o, e o aumento de visibilidade do macOS como novo alvo. Nesta nova pesquisa, a ideia é mostrar algumas dicas sobre internals, kernel e principais ameaças que o macOS vem enfrentando.
Implementation of Cmos Camera Device Driver and Wifi Technology on S3c2440 Us...IOSR Journals
Abstract: With the processing of CMOS technology, the technology of video acquisition based on CMOS is becoming a new trend. However, many CMOS camera chip is not supported by the newest Linux kernel yet. The environmental image acquirement and the Wi-Fi transmission system are studied and designed. In this paper, the method of designing the CMOS camera driver based on S3C2440 developing board with the embedded Linux environment is introduced and adds some components such as a USB Wi-Fi adapter. SCCB is a distinguishing feature of OV series CMOS chips. S3C2440 provides a camera interface, and the camera driver is designed based on it. The library and the utilities are compiled, and of images got from CMOS camera to the Wi-Fi mobile phone has been realized by means of programming.
Aov is one of the leading manufacturer & exporter from India. Aov offers comprehensive range of cotton, nylon & polyester socks in size & designs to fit individual customer specifications from Middle East, Europe, Canda & USA.
Esta apresentação é baseada em uma pesquisa que publiquei em 2015 que tratava de malware do tipo mach-o, e o aumento de visibilidade do macOS como novo alvo. Nesta nova pesquisa, a ideia é mostrar algumas dicas sobre internals, kernel e principais ameaças que o macOS vem enfrentando.
Implementation of Cmos Camera Device Driver and Wifi Technology on S3c2440 Us...IOSR Journals
Abstract: With the processing of CMOS technology, the technology of video acquisition based on CMOS is becoming a new trend. However, many CMOS camera chip is not supported by the newest Linux kernel yet. The environmental image acquirement and the Wi-Fi transmission system are studied and designed. In this paper, the method of designing the CMOS camera driver based on S3C2440 developing board with the embedded Linux environment is introduced and adds some components such as a USB Wi-Fi adapter. SCCB is a distinguishing feature of OV series CMOS chips. S3C2440 provides a camera interface, and the camera driver is designed based on it. The library and the utilities are compiled, and of images got from CMOS camera to the Wi-Fi mobile phone has been realized by means of programming.
Speaker: Omer S. Coskun
Language: English
While there has certainly been valuable interesting research of blackbox security assessments techniques presented on different conferences, it exclusively has almost focused on application layer of iOS. The recent disclosures on surveillance programs suggests that mobile users also being targeted not only by cyber criminals but also spy agencies. The level of skill and effort to prevent such an attack requires a reproducible threat model - a REDteam exercise.
This talk appeals to hands-on iOS hackers looking to dive into iOS Security Architecture, Sandbox mechanism, ARM64 assembly and Security APIs while being firmly accompanied with always overlooked penetration testing techniques and the ways of how to automate them. The talk will cover dynamic memory reversing and how to tackle cryptography on an assessment so that participants will understand how to quantitatively and qualitatively carry an offensive penetration testing or forensic examination of iOS environment.
CONFidence: http://confidence.org.pl/pl/
Security Architecture and Design - CISSPSrishti Ahuja
Security Architecture and Design using CISSP guidelines, hardware and software security, kernel, virtualization, security models, ring model, security domains, BellLaPadula model, Biba model, Reading up and Writing down, Reading down and Writing up
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
4. Agenda
Blackberry OS review
Shell Access
The Approaches
Firmware from the inside
Playing with the browser
Security on the application level
Funny with APIs
MDM capabilities
Efficiency of security features
Future research
4
Dissecting Blackberry Z10
5. Blackberry OS review
Built on QNX!
Tiny
Micro-kernel architecture
Virtual memory alloc for each process
POSIX-compilant
QNX = MK + PM + processes
5
Dissecting Blackberry Z10
8. Agenda
Blackberry OS review
Shell Access
The Approaches
Firmware from the inside
Playing with the browser
Security on the application level
Funny with APIs
MDM capabilities
Efficiency of security features
Future research
8
Dissecting Blackberry Z10
9. Shell Access
Extremely easy!
development mode on
generate a 4096-bit RSA key (ssh-keygen/putty)
blackberry-connect <t> -password <p> -sshPublicKey <k>
ssh 169.254.0.1 nuts
Even easier:
Dingleberry nuts
/accounts/devuser/
9
Dissecting Blackberry Z10
10. Agenda
Blackberry OS review
Shell Access
The Approaches
Firmware from the inside
Playing with the browser
Security on the application level
Funny with APIs
MDM capabilities
Efficiency of security features
Future research
10
Dissecting Blackberry Z10
11. The Approaches
1. General permissions
SUID/SGID
-rwxrwsrwx 1 root root
Writable files and folders
"find all suid files" => "find / -type f -perm -04000 –ls”
"find all sgid files" => "find / -type f -perm -02000 –ls”
"find config* files" => "find / -type f -name "config*””
"find all writable folders and files" => "find / -perm -2 –ls”
"find all writable folders and files in current dir" => "find . -perm -2 -ls"
11
Dissecting Blackberry Z10
13. The Approaches
3.1. System utilities. BOFs
Many missing: setuidgid, id, dumpifs…
Many interesting:
• confstr – current configuration including path, architecture and network
info
• dmc – digital media controller
• fsmon – file system monitor
• jsc – JavaScript engine for Webkit used on a device
• ldo-msm – LDO Driver
• mkdosfs – format a DOS filesystem (FAT-12/16/32)
• mkqnx6fs – format a filesystem (for QNX6, however, is presented in
Blackberry OS)
• and also tools such as mount, on, nfcservice, nvs_write_bin and displayctl.
13
Dissecting Blackberry Z10
14. The Approaches
3.1. System utilities. BOFs
Process 57340127 (displayctl) terminated SIGSEGV code=1 fltno=11
ip=788293d2(/base/usr/lib/graphics/msm8960/displayHALr086.so@dsi_get_pclk_freq+0x121) mapaddr=000093d2. ref=00000008
Process 249935086 (nowplaying) terminated SIGSEGV code=1 fltno=11
ip=78102cce(/usr/sbin/nowplaying@main+0x19d) ref=00000000
Process 1545237780 (charge_monitor) terminated SIGSEGV code=1 fltno=11
ip=010b998c(/usr/lib/ldqnx.so.2@message_detach+0x8) mapaddr=0003998c.
ref=00000028
Process 1543295477 (shutdown) terminated SIGSEGV code=1 fltno=11
ip=78117c3e(/proc/boot/shutdown-msm8960.so@pmic_ssbi_read+0x15)
mapaddr=00001c3e. ref=ffffffff
14
Dissecting Blackberry Z10
16. The Approaches
3.2. System utilities. Vulnerable syscalls. nvs_write_bin.
Nonvolatile (sometimes written as "non-volatile")
storage (NVS) - also known as nonvolatile memory or
nonvolatile random access memory (NVRAM) - is a
form of static random access memory whose
contents are saved when a computer is turned off or
loses its external power source. NVS is implemented
by providing static RAM with backup battery power
or by saving its contents and restoring them from an
electrically erasable programmable ROM (EPROM)
16
Dissecting Blackberry Z10
17. Agenda
Blackberry OS review
Shell Access
The Approaches
Firmware from the inside
Playing with the browser
Security on the application level
Funny with APIs
MDM capabilities
Efficiency of security features
Future research
17
Dissecting Blackberry Z10
18. Firmware from the inside
Firmware update? Yes, please!
MFCQ QNX image
18
Dissecting Blackberry Z10
19. Firmware from the inside
Tools to deal with:
qfcm_parser.py partitions!
chkqnx6fs info about the images
dumpifs IFS dump
https://github.com/intrepidusgroup/pbtools
19
Dissecting Blackberry Z10
20. Firmware from the inside
Pearls inside:
ALL the scripts and configs can be read now!
.script (starting up)
ifs_variables.sh (sysvars)
os_device_image_check
Microkernel itself
20
Dissecting Blackberry Z10
21. Firmware from the inside
Pearls inside:
Protected tools can be launched now!
persist-tool:
insecure syscalls
can be reproduced
(read/dump data)
21
Bootrom Version: 0x0523001D (5.35.0.29)
DeviceString: RIM BlackBerry Device
BuildUserName: ec_agent
BuildDate: Nov 3 2012
…
IsInsecureDevice: false
HWVersionOffset: 0x000000D4
NumberHWVEntries: 0x00000014
MemCfgTableOffset: 0x000000FC
MemCfgTableSize: 0x00000100
Drivers: 0x00000010 [ MMC ]
LDRBlockAddr: 0x2E02FE00
BootromSize: 0x00080000
BRPersistAddr: 0x2E0AFC00
Dissecting Blackberry Z10
22. Firmware from the inside
Pearls inside:
Funny comments (code reviewers will like it)
function setScreenScaling (width, height) { ...
//ZOOM TO POINT IS FULL OF BUGS - Docs state that coordinates should only ever be in center
of screen
… and more
// TODO: Once the QML bug about not being to access the page values that are provided as a
parameter to this slot is fixed ...
// The zipfile.ZipFile.write() method has a bug where it raises struct.error: ushort format requires 0
<= number <= USHRT_MAX
// Too many bytes for PNG signature. Potential overflow in png_zalloc()
22
Dissecting Blackberry Z10
23. Firmware from the inside
Pearls inside:
Facebook – too much;)
23
IDs
Emails
Mobile phones
Secrets
Passwords
Plaintext!
Dissecting Blackberry Z10
24. Agenda
Blackberry OS review
Shell Access
The Approaches
Firmware from the inside
Playing with the browser
Security on the application level
Funny with APIs
MDM capabilities
Efficiency of security features
Future research
24
Dissecting Blackberry Z10
25. Playing with the browser
Webkit rendering engine
Vulnerabilities are just the same (i.e. as for Google
Chrome)
25
Dissecting Blackberry Z10
26. Playing with the browser
Local file access from the browser
HTML page as an email
attachment
file:// nuts
Currently the vulnerability is removed
26
Dissecting Blackberry Z10
27. Agenda
Blackberry OS review
Shell Access
The Approaches
Firmware from the inside
Playing with the browser
Security on the application level
Funny with APIs
MDM capabilities
Efficiency of security features
Future research
27
Dissecting Blackberry Z10
28. Security on the Application Level
BlackBerry Z10 – Vulnerability in BlackBerry Protect
Limited:
by the inability of a potential attacker to force
exploitation of the vulnerability without significant
customer interaction and physical access to the device
Affected Software
BlackBerry 10 OS version 10.0.10.261 and earlier,
except version 10.0.9.2743
BlackBerry Z10 smartphone only
Currently the vulnerability is removed
28
Dissecting Blackberry Z10
29. Security on the Application Level
Special artifacts “.all” as a kind of logs
PATH : /pps/system/<name>/.all
Browsers : history
Networking : ID, flags, MACs
Device IDs : Hardware, PIN, Name, Serials, etc.
Video Chats : params, call details:
BlackBerry Bridge
SapphireProxy
Status, name, address, auth token, key
Autostart param
Routes: BB, BIS, BER: 127.0.0.2:188/189/187
Results : access to internal network, internal storage, media
files, the rest (contacts, cal, .etc) in case of non-QNX device
Currently there is no details if it is solved
Author’s opinion : can’t be solved or cracked in similar ways
29
Dissecting Blackberry Z10
30. Agenda
Blackberry OS review
Shell Access
The Approaches
Firmware from the inside
Playing with the browser
Security on the application level
Funny with APIs
MDM capabilities
Efficiency of security features
Future research
30
Dissecting Blackberry Z10
31. Funny with APIs
Useful ideas that make no enough sense
Merging permissions into one group
No way to emulate hardware inputs but results of
pressing are strongly restricted if there are
Sandbox
Malware is a personal application subtype in terms
of blackberry’s security
Sandbox protects only app data, while user data
stored in shared folders
31
Dissecting Blackberry Z10
32. Funny with APIs
Non-controlled activity by any permission
Accessing to data passed through the clipboard
Access to ‘Accounts’ leads to a ‘read’ access to
contacts,messages, notebooks, calendar by default
MediaPlayer is a great way to access to the FS
Access to file system in many ways and most cases
managing device’s resources
Camera activity,
Contact photos
Calendar event attachments
Message attachments (Email, BBM)
Saving records (camera photos, video, audios)
32
Dissecting Blackberry Z10
33. Agenda
Blackberry OS review
Shell Access
The Approaches
Firmware from the inside
Playing with the browser
Security on the application level
Funny with APIs
MDM capabilities
Efficiency of security features
Future research
33
Dissecting Blackberry Z10
35. Agenda
Blackberry OS review
Shell Access
The Approaches
Firmware from the inside
Playing with the browser
Security on the application level
Funny with APIs
MDM capabilities
Efficiency of security features
Future research
35
Dissecting Blackberry Z10
36. Efficiency of security features
Activity
Common Min/Average/Max quantity :: 2 / 8 / 34
Additional Min/Average/Max quantity :: 0 / 2 / 7
Derived Min/Average/Max quantity :: 3 / 31 / 116
Permission
Common Min/Average/Max quantity :: 0 – 1 – 3
Additional Min/Average/Max quantity :: 1 – 0 – 1
Derived Min/Average/Max quantity :: 4 – 4 – 8
APIs
Common / Significant quantity :: 100 – 61
The most security unit is LED activity
36
Dissecting Blackberry Z10
37. Efficiency of security features
Ratio of common activities to permissions
34
35
30
25
21
20
18
17
14
15
10
6
6
5
5
0
8
7
4
1
3
3
2
1
1
1
2
Q. of m.+a. activity
37
4
3
2
2
4
4
2
1
1
Q. of m.+a. permission
Dissecting Blackberry Z10
1
4
4 3
1
1
2
2
5
1
38. Efficiency of security features
Ratio of derived activities to permissions
116
120
100
89
80
59
60
47
46
40
24
23
11
7
6
0
19
16
20
1
4
3
3
1
3
3
1
2
Q. of derived activities
38
2
9
3
2
1
2
Q. of derived perm
Dissecting Blackberry Z10
27
25
24
8
1
1
1
2
25
1
40. Agenda
Blackberry OS review
Shell Access
The Approaches
Firmware from the inside
Playing with the browser
Security on the application level
Funny with APIs
MDM capabilities
Efficiency of security features
Future research
40
Dissecting Blackberry Z10
41. Future research
Image parser fuzzing
Jailbreak
IOCTL / syscalls further research
Play more with SSH
Blackberry Balance is not available yet
Permission collision
Overpemissioning by system applications and
services
Bypassing MDM features by both of previous
41
Dissecting Blackberry Z10
42. Full articles
… are available here (no SMS to send is required! Free for
a very limited time!)
Blackberry Z10 research
Blackberry and more
42
http://goo.gl/dP9iR
http://goo.gl/PpXxg
Dissecting Blackberry Z10