Pwning Android via NFC and Bluetooth – Intelligent Defence Keynote Presentation

Pwning Android via NFC and Bluetooth – Intelligent Defence Keynote Presentation

Pwning Android via NFC and Bluetooth – Intelligent Defence Keynote Presentation

Adam Laurie, Security Researcher and Director, 02 June 2015, 09.10 – 10.10, Infosecurity Intelligent Defence

When I was invited to speak at Infosecurity Intelligent Defence, a new technical research conference at Infosecurity Europe  this year, I was both delighted and frustrated… Delighted, because Infosecurity Europe has been a traditional meeting place for me and a lot of the security / hacking community for more years than I care to remember, and frustrated because I wasn’t allowed to talk about the thing I really wanted to talk about!

However, the organisers were very understanding, and put me in the line-up, even though I couldn’t confirm that I could speak, or even if I could, what it would be about. Now there’s faith for you! 🙂

Well, let’s hope I can live up to their expectations, as I’ve just been given the go-ahead by ZDI/Google to spill the beans on the pwn2own (joint) winning entry in Tokyo last November, in which I pwned Android via NFC & Bluetooth…

I’m not going to give too much away before the event, but suffice it to say I pwned Android hard, and he/she/it loved it 🙂 – I will do a live demo, and it will make you install that system update you’ve been resisting for weeks (if not, don’t forget to come and see me after the show so I can follow you at a discreet distance for a few minutes…).

This was my first entry in pwn2own (or any such competition for that matter), so I’ll talk not only about the hack itself, but also the whole concept of bounties and competitions. I hope this will spark some debate and to turn this into a lively discussion, so if you have a strong opinion on the subject, please come along!

Oh, and bring your Android phone…


For more information about this keynote presentation, please click here:

Pwning Android via NFC and Bluetooth

Not registered for Infosecurity Europe yet? Please register online by Monday 01st June 12:00 BST:

Adam Laurie is a security consultant working the in the field of electronic communications, and a Director of Aperture Labs Ltd. ( who specialise in reverse engineering of secure embedded systems. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. Downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and wrote the world's first CD ripper, 'CDGRAB'. At this point, he became interested in the newly emerging concept of 'The Internet', and was involved in various early open source projects, the most well known of which is probably 'Apache-SSL' which went on to become the de-facto standard secure web server. Since the late Nineties he has focused his attention on security, and has been the author of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities. Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings, and is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security. He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID. He is the author and maintainer of the open source python RFID exploration library 'RFIDIOt', which can be found at

Leave a Comment

Your email address will not be published. Required fields are marked *