OnQ Blog

Qualcomm Mobile Security Summit 2015 agenda announcement

Mar 13, 2015

Qualcomm products mentioned within this post are offered by Qualcomm Technologies, Inc. and/or its subsidiaries.

I’m pleased to announce the lineup for Qualcomm Mobile Security Summit 2015. Following is a brief overview of the sessions/presentations. For more details, click the downloadable PDF at the bottom of this post.

Thursday, April 30, 2015 – Summit Presentations

Attackgraphy with Kyle Riley and Bernard Wagner

Kyle Riley and Bernard Wagner—a duo of MWR Labs winners of mobile Pwn2Own 2014—aim to engage you with a fresh perspective on how attackers are targeting Android devices. Various remote attack vectors will be discussed, ranging from leveraging application vulnerabilities through to advanced attack chains.

Digging for Android Kernel Bugs with James Fang and Sen Nie

Since Android 4.4, SELinux is enforced by default and efficiently mitigated threats from user space. However, by attacking kernel, an attacker can still obtain full system control. James Fang and Sen Nie of Keen Team will discuss the tools and methods they used to discover multiple kernel vulnerabilities in commercial devices.

Mobile Malware: A Network View with Kevin McNamee

Mobile devices are becoming the target of choice for cybercriminals. Kevin McNamee, director of Alcatel-Lucent’s Motive Security Labs, will provide an in-depth view on the mobile malware that is currently active on the Internet, how it is monetized and the impact it has on network resources and the user experience.

Testing WCDMA and LTE Mobile Stacks with Benoit Michau

With the development of more and more hardware and software projects related to wireless communications, it is becoming more affordable for auditors to test the implementation of 3G (WCDMA) and LTE mobile stacks and modems. Telecom industry veteran Benoit Michau will discuss the benefits of testing, using 2013/2014 examples when errors and bugs discovered while evaluating terminals against the basic procedures described in 3GPP standards.

Practical and Efficient Exploit Mitigation for RISC-based Embedded Devices with Collin Mulliner and Mattias Neugschwandter

Learn about a novel approach for exploit mitigation—from a pair of a security researchers—that is specifically tailored toward embedded systems that are based on the common RISC architecture. Their technique borrows ideas from several areas including control flow integrity, system call monitoring, static analysis, and code emulation, and combines them in a low-overhead fashion directly in the operating system kernel.

Android App “Protection” with Tim Strazzere and Jon Sawyer

The Android ecosystem is full of interesting types of “protection” for applications; packers, obfuscators, and tools to mangle everything in between. Tim Strazzere, lead research and response engineer at Lookout Mobile Security, and Jon Sawyer, CTO of Applied Cybersecurity LLC, intend to discuss the characteristics of these protections, how to both implement and defeat them, and the usage and prevalence of these tactics in the wild.

Android Security State of the Union with Adrian Ludwig

The world of security is riddled with assumptions and guesses. Using data collected from hundreds of millions of Android devices, Adrian Ludwig will establish a baseline for the major factors affecting security in the Android ecosystem.

Android Security Modules with William Enck

Android, iOS, and Windows 8 are changing the application architecture of consumer operating systems. These new architectures required OS designers to rethink security and access control. While the new security architectures improve on traditional desktop and server OS designs, they lack sufficient protection semantics for different classes of OS customers (e.g., consumer, enterprise, and government). This presentation from William Enck, an assistant professor in the Department of Computer Science at NC State University, will motivate OS security extensibility in the Android OS.

Friday, May 1, 2015 – Device Security Update Presentations and Breakout Sessions

An Update on Android Security Updates with Jon Larimer

The Android Security Team has been doing extensive analysis of CTS and device data to understand which Android devices are updated and how often. Jon Larimer, a senior security engineer on the Android Security Team, will share his findings and suggest changes to the current patch management process that may improve the responsiveness of the Android ecosystem to security issues.

Let's Patch: An analysis on Android challenges in distributing open source patches on proprietary hardware with Patrick McCanna

PC’s get patches every month. Apple has been very efficient in creating and distributing security patches. The AOSP source is updated regularly. Why is Android patch distribution so delayed?  Shouldn’t it be easy to distribute the AOSP source changes as updates to launched devices? Patrick McCanna of AT&T will illustrate the various challenges in distributing updates to the end user—insightful for anyone in the field of mobile security.

Xiaomi device OTA update for security patches with Juhu Nie and Yang Zhang

The device security update is one of the most critical steps to address security vulnerabilities in end-user devices. In this presentation, Xiaomi security researchers Juhu Nie and Yang Zhang share the findings and lessons learned from a real-world security update program involving Xiaomi and Qualcomm; introduce the Xiaomi device update mechanism and process; and share statistics on the scope and timeline of security-related device updates.

Breakout Session: Patching moderated by Arun Balakrishnan

Patching is an important component of securing software & devices. This session will focus on patching security vulnerabilities in the mobile ecosystem. It will build on last year’s Mobile Security Summit session and likely encompass:

  • The state of patching in the mobile ecosystem
  • Understanding the challenges & opportunities specific to mobile ecosystem
  • Exploring steps to make patching more streamlined & ubiquitous

Breakout Session: Open Source and Security moderated by Renwei Ge and Neil Lofland

Use of open source code & libraries is ubiquitous in today’s projects. We have been seeing the impact of security vulnerabilities in popular open source libraries on product security. This session will likely deal with:

  • The role of open source
  • Initiatives to secure core libraries
  • Approaches to working with open source community

That’s the recap. We look forward to seeing you at the Qualcomm Mobile Security Summit 2015, April 30 & May 1. To request an invitation, please contact secsummit@qualcomm.com.

For a complete agenda and more details about the sessions and speakers click:


Engage with us on


Alex Gantman

Vice President of Engineering

More articles from this author

About this author

Related News


Secure boot and image authentication in mobile tech

Ensuring that a device runs only authorized and trusted software is crucial to end users, device manufacturers (OEMs), and carriers alike. OEMs may want to protect their devices from running unauthorized software. Software that is not authentic could degrade carrier network or device performance. Malicious software can potentially compromise anything from a user’s private or financial data to irreparably damaging the physical device itself. There are many risks and potential consequences in executing untrusted software — more than we can enumerate here.

Consider an attacker who attempts maliciously inject or modify the software images in storage.  The earlier in the chain of loaded software that an attacker can compromise an image, the more control they gain. Device software is usually loaded in stages where each software image is often configured to have less authority and control than the previous image in the chain. Specifically, the first software image which is loaded has nearly complete control of the device. These first images to be loaded are called bootloader images.

If an attacker can replace the first software image to execute with their own malicious image, then they control the rest of the device’s execution. This makes the integrity of the boot chain critical. Replacing a bootloader image in storage with a malicious image could result in a persistent exploit that would control execution in that software image and any image to be run after it. 

Implementing a “secure boot” chain is designed to ensure that each of these images are unmodified, and is one way of deterring malicious or dangerous software from executing. Qualcomm Technologies products offer a secure boot implementation and have for many years.

Secure boot is defined as a boot sequence in which each executable software image is authenticated by previously verified software. This sequence is engineered to prevent unauthorized or modified code from running. We build our chain of trust according to this definition, starting with the first piece of immutable software running out of read-only-memory (ROM). This first ROM bootloader cryptographically verifies the signature of the next bootloader in the chain, then that bootloader cryptographically verifies the signature of the next software image or images, and so on.

The diagram above depicts an example of a secure boot sequence. The three images verified by the operating system have been authenticated by a chain of trust that leads back to the first ROM bootloader in hardware. Each image in this chain has been cryptographically verified by a certificate chain anchored to the root certificate, which is also anchored in hardware. Any attempt to inject potentially harmful code into the image will be thwarted.

For more information on the Qualcomm Technologies secure boot and image authentication process, download our Qualcomm Technologies Secure Boot whitepaper. This whitepaper provides an in-depth look at our signed ELF images format, the process of loading and authenticating those images, certificate chain contents, and supported signature algorithms.

Learn more about Qualcomm Product Security


Jan 17, 2017

Qualcomm releases whitepaper detailing pointer authentication on ARMv8.3

ARM recently announced ARMv8.3-A, the 2016 additions to the ARMv8-A architecture. These additions include pointer authentication instructions: “a mechanism for enhanced security associated with pointer authentication.” It is very exciting to see the technology, refined and expanded through discussions and contributions from ARM and its partners, making it into the architecture as the new pointer authentication instructions.

The pointer authentication scheme added to the ARMv8 architecture is a software security primitive that makes it much harder for an attacker to modify protected pointers in memory without being detected. In a new Qualcomm whitepaper, we describe the pointer authentication mechanism including the design criteria, provide a security analysis, and discuss the implementation of certain software security countermeasures such as stack protection and control flow integrity using the pointer authentication primitives.

These new instructions provide a way for quickly verifying the integrity of pointers and data in memory. In addition to the use cases described in the whitepaper, we expect these primitives to pave way to new techniques and opportunities to improve the memory safety of programs and runtime environments.

Download the whitepaper here


Jan 10, 2017