MOSEC

The Mobile Security Conference (MOSEC) is organized by Team Pangu and PoC and was first started in 2015. MOSEC focuses on cutting-edge research topics the area of mobile security, fosters information exchange among researchers and practitioners, and received high praise from both the attendees and the community.

MOSEC 2017 will be held on Friday, June 23rd, 2017 at the Grand Kempinski hotel, at Shanghai, China. Following the success of the past events, MOSEC 2017 will continue to facilitate the most advanced knowledge and technology sharing. MOSEC 2016 will bring excellent security researchers to present their frontier studies to the world.

Organizers

Founded by Team Pangu, the Pangu Lab is a security laboratory consisting of many senior security professionals with rich experience across a wide range of security research and industrial development. The members of the Pangu Lab discovered hundreds of 0day vulnerabilities in major operating systems and applications, and presented many papers and talks at the premier forums such as Black Hat, CanSecWest, Syscan, RUXCON, HITCon, PoC, XCon , IEEE S&P, USENIX Security, ACM CCS, and NDSS.

Pangu Lab’s current research focuses on mobile security. Team Pangu is known for its multiple releases of untethered jailbreak tools for iOS 7, iOS 8, and iOS 9. Team Pangu was also the first to jailbreak iOS 8 and iOS 9 in the world. Besides iOS, Pangu Lab also made great progress in Android security research, and developed various products for discovering vulnerabilities in Android apps, detecting malicious Android apps, and mining mobile threat information.

POC started in 2006 and has been organized by Korean hackers & security experts. It is the biggest international security & hacking conference in Korea. POC concentrates on technical and creative discussion and shows real hacking and security. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer. POC has been making a history with sincere staffs, hackers from the world, and sponsors since 2006.

Speakers
Topic Pwning Apple Watch
Time 2017/06/23
Introduction

Apple Watch was introduced in 2015 and became a popular device. Apple Watch is running watchOS, which is modified version of 32 bit iOS operating system.

In this talk I will show how to compromise an Apple Watch. I will make an overview of watchOS security mechanisms, like codesign enforcement, sandboxing, memory protections etc.

I will cover a sequence of vulnerabilities and exploitation details that were used for initial kernel memory dump, sandbox bypassing, kernel level ASLR bypassing, kernel level code execution and finally setting up an SSH tunnel on a watch.

Current talk also will focus techniques used in a process of making a Apple Watch jailbreak. This includes kernel symbolication tools, patchfinder or a kernel structures analyzer.

And, following its security issues, compromised Apple Watch can spy on a user. Watch jailbreak does not require a phone jailbreak, so spyware can run autonomously only on a watch.

I will make a demo on how jailbroken watch can access user data, such as messages, contacts, gps or activate microphone without any indication it is happening.

Speaker

Max is a Staff Security Researcher at Lookout who has more than ten years experience in areas as mobile security, security protocols design and analysis, mobile security research, tools and techniques development for vulnerability assessment and post-exploitation, reverse engineering mobile\desktop platforms and penetration testing. Max was a lead security researcher at Pegasus malware investigation.

In the past few years, Max was a speaker on various security and engineering conferences, including BlackHat, CCC, Defcon, Ruxcon, RSA, UIKonf, Mobile Central Europe.

Max holds a Masters degree in Computer Science and currently is PhD student at the National Technical University of Ukraine “Kyiv Polytechnic Institute” where he’s working on dissertation in code obfuscation and privacy area.

Topic Revisiting the Kernel Security Enhancements in iOS 10
Time 2017/06/23
Introduction

Apple improves iOS kernel security in iOS 10 more than its previous releases. Efforts were put in different angles, including patching several critical vulnerabilities along with iOS 10 release, better handling in some key mechanism, introducing more exploitation mitigations, etc. Furthermore, those enhancements were continued and strengthened by Apple during 10.1-10.3.x releases.

In this topic, we will discuss about the research findings by Keen Lab for iOS 10 kernel security from three perspectives: Vulnerability, mechanism and exploitation mitigations.

Speaker

Liang Chen is co-founder of Tencent Keen Security Lab (Previously known as KeenTeam). He is leading the Pwn2Own contest project in Keen Lab. His major focus includes advanced exploitation techniques of modern browsers, Apple operating system (macOS/iOS) bug hunting and exploitation, etc. He is a winner for iOS category in Mobile Pwn2Own 2013, as well as OS X category in Pwn2Own 2014. He led the team in Keen Lab, united with Tencent PC Manager team, to win Master of Pwn title in Pwn2Own 2016.

In the past few years, Liang Chen was invited to talk at several domestic and world-wide security conferences, including Infiltrate 2017, Black Hat USA 2016,RECon 2016,CanSecWest 2015/2016,PoC 2015/2016,Black Hat Europe 2014, XCon2013, etc.

Topic ...
Time ...
Introduction
...
Speaker
...
Topic ...
Time ...
Introduction
...
Speaker
...
Topic ...
Time ...
Introduction
...
Speaker
...
Topic ...
Time ...
Introduction
...
Speaker
...
Topic ...
Time ...
Introduction
...
Speaker
...
Schedule

08:00 - 09:00

On-site Registration

09:00 - 09:10

Welcome Speak

09:10 - 10:00

...

...

10:00 - 10:50

...

...

10:50 - 11:10

Break

11:10 - 12:00

...

...

12:00 - 13:30

Lunch

13:30 - 14:20

...

...

14:20 - 15:10

...

...

15:10 - 15:30

Break

15:30 - 16:20

...

...

16:20 - 17:10

...

...

17:10 - 17:30

Close

Hotel
Grand Kempinski Hotel Shanghai
2017/06/23 (Friday)