Posts Tagges "videos"

ABC Action News Smartphone Security Video Posted (with an additional Android exploit demo video)


WFTS posted the video of the Smartphone Security piece that aired last night. You can watch the video below.

Yes, that was my wife sending me the rigged SMS message. Thanks Honey!

In all seriousness, the exploit used in the video utilized the Webkit Floating Point Datatype Remote Code Execution Vulnerability (CVE-2010-1807). I used MJ’s exploit code to compromise a stock Verizon Motorola Droid (A855) running Android Eclair (2.1). The exploit code was about 33% reliable, but I found running it against an Eclair Emulator to be far more reliable (~80%).

You can watch a full length video of the exploit demo below. I had put this together to show Michael George of WFTS how an attack might work. This was against an emulated Motorola Droid (A855) running Eclair (2.1).

If you have any questions about either of the videos, or smartphone security, please post them in the comments below. Also, make sure you read the previous posts on our blog regarding smartphone security:

Shmoocon 2010 Video Online: The New World of SmartPhone Security


When I gave my talk on Saturday morning technical issues prevented the good folks at Shmoocon from streaming my talk live. Since the talk wasn’t streamed to uStream, it is not in the archives. Luckily, was there and capture all but the first fifteen minutes of my talk. Shmoocom gave me permission to post the video so here it is:

The New World of SmartPhone Security by Trevor Hawthorn from Stratum Security on Vimeo.

If you want to fill in the missing gaps, please feel free to download the slides from my talk from this blog post here.