Profile

Cover photo
Joshua J. Drake
Works at Zimperium, Inc.
Attended Central Michigan University
1,289 followers|160,888 views
AboutPostsPhotosVideos

Stream

Joshua J. Drake
moderator

Discussion  - 
11
1
Dorian Cussen's profile photoIdler Fang's profile photo
2 comments
 
>The most noteworthy non-malicious rooting application was PingPong Root, which uses a vulnerability to permanently root the device. 

Good to see root efforts are still officially non-malicious
Add a comment...

Joshua J. Drake
moderator

Discussion  - 
 
 
Some good information on the way bootloaders and boot.imgs work.  A bit light on information, but a great topical overview. 
Booting Android Bootloaders, fastboot and boot images Booting Android 1 Copyright ©2011-2014, 2net Limited
1 comment on original post
15
1
Karl Heimann's profile photo
 
Video?
Add a comment...

Joshua J. Drake

Shared publicly  - 
9
1
Joshua J. Drake's profile photoKristian Hermansen's profile photo
6 comments
 
Well that's expected. The full Android M code will not match the build until after a final public release, sometimes many weeks later in fact. There are lots of modules and bits withheld, not including the radio blobs and other closed hardware support stuff...
Add a comment...

Joshua J. Drake
moderator

Commercial  - 
 
In case any of you missed it, myself and several of my esteemed colleagues finished and published Android Hacker's Handbook this spring. This book is around a year and a half in the making and is well worth the cover price! We hope you find it interesting. Further, we hope the knowledge within will help advance the state of security in the Android ecosystem!

You can pick the book up at any of your favorite [e-]book outlets. Here's a link to the US amazon product: http://www.amazon.com/dp/111860864X
27
1
Paul Clark's profile photodarren shu's profile photoAmir Etemadieh's profile photoDavid Krznar (DirtyDroidX)'s profile photo
4 comments
 
Waiting for mine to arrive. Looking forward to some late night reading.
Add a comment...

Joshua J. Drake

Shared publicly  - 
 
It's official! I'm having another baby!
21
James Boyd's profile photoJoshua J. Drake's profile photoTroy May's profile photoJon Miller's profile photo
7 comments
 
good job! ;)
Add a comment...

Joshua J. Drake
moderator

Discussion  - 
 
We put together some of our thoughts about the WebView.addJavascriptInterface flaws that are still putting users at risk. http://www.droidsec.org/news/2014/02/26/on-the-webview-addjsif-saga.html
14
3
David Krznar (DirtyDroidX)'s profile photoJohn Kozyrakis's profile photoJoshua J. Drake's profile photo
5 comments
 
+John Kozyrakis Yeah. Unfortunately there's not much to recommend :-(
Add a comment...
In his circles
469 people
Have him in circles
1,289 people
Eduardo Escalante's profile photo
‫משה יקים‬‎'s profile photo
Jack Daniel's profile photo
Eetu Hovila's profile photo
robert masaba's profile photo
Jose Olegario's profile photo
Merhaba Glass's profile photo
Ethan Glassman's profile photo
Peter Fry's profile photo

Joshua J. Drake

Discussion  - 
 
Hey! If you landed here, you probably want https://plus.google.com/communities/118124907618051049043 instead!
Android Security Discussions
An active community discussing all things related to Android security. Please limit discussion to Android security related issues.
View community
4
James “bits3rpent” Harshaw's profile photo
Add a comment...

Joshua J. Drake
moderator

Discussion  - 
 
Seems like it's finally happening!

"Although WebView has been based on Chromium since Android 4.4, the Chromium layer is now updatable from Google Play.

As new versions of Chromium become available, users can update from Google Play to ensure they get the latest enhancements and bug fixes for WebView, providing the latest web APIs and bug fixes for apps using WebView on Android 5.0 and higher."

This change closes a huge gap in Android security. Kudos to everyone that pitched in to make it a reality!
57
9
Josh Armour's profile photo
 
I'm also very excited about this.
Add a comment...

Joshua J. Drake
moderator

Discussion  - 
 
This isn't entirely security related, but it certainly has security relevant applications.
 
Introducing Process Explorer for Android, a web-based process & logcat viewer for Android. All Apache-licensed.

There are lots of process visualizers in the app store, but the trouble is you actually have to use your Android user interface to see the stats. Usually I'm interested in viewing the effects of what's going on in Android in the same time as it's doing its thing, not instead of.

APK:
aosp.opersys.com/files/process-explorer-app.apk

Repos:
https://github.com/opersys/process-explorer-web
https://github.com/opersys/process-explorer-app
21 comments on original post
30
7
Adam Outler's profile photoDavid Krznar (DirtyDroidX)'s profile photo
2 comments
 
Wow just seen this, thanks!
Add a comment...

Joshua J. Drake

Shared publicly  - 
 
In case you missed it...
8
2
Kevin Keathley's profile photoAlex Wheeler's profile photoZero Cool's profile photoJoshua J. Drake's profile photo
5 comments
 
I don't. sorry.
Add a comment...

Joshua J. Drake

News & Updates  - 
 
Hey everyone, please take care not to visit URLs from people you do not trust on your Glass until this is fixed!
 
Google Glass Hacked - Web View Browser Exploit exposes Glass to hackers. Oops.

Devs at http://headsupventures.com/ just ran a test to see if this exploit works on Glass...and indeed it does.

Exploit details - here https://github.com/rapid7/metasploit-framework/pull/2942 

Whats the worst that can happen? 
How about taking photos, videos, turning on your microphone remotely without you knowing! 
Your phone and Glass is now vulnerable via browser and Ad Networks, so a compromised wifi hotspot could essentially gain access to your phone. Or just visit a malicious page where the javascript can access your security protected APIs.
+Google Glass +Society of Glass Enthusiasts  #glassexplorers  +Engadget +Gizmodo +GizmodoUK 
View original post
8
Justin Wells's profile photo
 
Thanks for the heads up!
Add a comment...
People
In his circles
469 people
Have him in circles
1,289 people
Eduardo Escalante's profile photo
‫משה יקים‬‎'s profile photo
Jack Daniel's profile photo
Eetu Hovila's profile photo
robert masaba's profile photo
Jose Olegario's profile photo
Merhaba Glass's profile photo
Ethan Glassman's profile photo
Peter Fry's profile photo
Education
  • Central Michigan University
    Math & Computer Science, 1996 - 1998
Story
Tagline
Computer Security Enthusiast
Introduction
I've been into skateboarding since 1988, computers since 1989, and computer security since 1993.
Bragging rights
Pwn2Own 2013 Winner - Java, Defcon 18 CTF Winner, w00w00 affiliate
Work
Occupation
Computer Security Research and Development
Employment
  • Zimperium, Inc.
    Sr. Director of Platform Research and Exploitation, 2015 - present
  • Accuvant, Inc.
    Director of Research Science, 2011 - 2015
    Served as a Team Lead and Senior Research Scientist from 2011 til early 2014.
  • Rapid7
    Lead Exploit Developer - Metasploit, 2009 - 2011
  • VeriSign / iDefense
    Vulnerability Researcher, 2005 - 2009
  • Mannetron, Inc.
    Lead Software Architect, 2003 - 2005
Basic Information
Gender
Male
Other names
jduck
Apps with Google+ Sign-in
  • DEAD TRIGGER 2
  • Portal
  • Beach Buggy Racing