Wednesday, May 09 2012
Conferences:
Hack in The Box Amsterdam has a number mobile talks this year
SummerCon has some Android related talks by Jon, Charlie, and myself :)
Recon looks pretty good this year: GPUs for Mobile Malware, Mitigation and More Thinking outside-the-CPU by Jared Carlson. Baseband debugging by Ralf-Philipp Weinmann. The other talks also look quite interesting. Happy to attend this year!
Black Hat USA is starting to post talks: most interesting so far is the Windows Phone 7 talk by Tuskasa Oi
Nordic Security Conference seem to be a new conference out in Reykjavik Iceland. They also seem to have some mobile talks.
So I will be going to SummerCon this year after all! I'm staying in NYC for a few days even after SummerCon. Ping me if you want to meet.
Other news:
20 years of SMS I for sure had a lot of fun with SMS over the last years :)
Links:
Some fun:
EOF
Thursday, April 12 2012
It has been a while but I was travelling a lot for work and fun so I really didn't have time.
Conferences:
Hackito Ergo Sum in Paris just started today. This seems to be one of the cool new European Security Cons. I actually wanted to attend but after almost 7 weeks of travelling no chance. The program looks very mixed but they have a few mobile talks: Hacking the NFC credit cards for fun and debit by Renaud Lifchitz, TBD (Android Exploitation) by Georg Wicherski.
SyScan Singapore iOS Kernel Heap Armageddon by Stefan Esser, iOS Applications - Different Developers, Same Mistakes by Paul Craig, and Exploiting the Linux Kernel: Measures and Countermeasures (not a mobile talk but sounds interesting) by Jon Oberheide.
Upcoming in June without program yet: SummerCon in NYC (sadly I can't make it), Recon in Montreal (which I try to make).
On the academic front please consider submitting to WOOT one of my favorite workshops!
Friday, February 10 2012
More conferences, and a lot of mobile stuff :-)
Source Boston in April. Reverse Engineering Mobile Applications, Adam Meyers, Security Researcher; Mobile Snitch - Devices telling the world about you, Luiz Eduardo, Director, SpiderLabs LAC, Trustwave (@effffn) & Rodrigo Montoro, Security Researcher, Trustwave's SpiderLabs, rmontoro@trustwave.com (@spookerlabs); Android Modding for the Security Practitioner, Dan Rosenberg, Senior Security Consultant, VSR (@djrbliss) ; Privacy at the Border: A Guide for Traveling with Devices, Marcia Hofmann, Senior Staff Attorney & Seth Schoen, Senior Staff Technologist, Electronic Frontier Foundation
So SourceBoston actually has some interesting stuff for us mobile people.
Black Hat Europe in Amsterdam. Axelle Apvrille - Guillaume Lovet
An Attacker's Day into Virology: Human vs Computer; Don A. Bailey
War Texting: Weaponizing Machine to Machine Systems; Tyrone Erasmus
The Heavy Metal That Poisoned the Droid; Eric Fulton
Workshop: Mobile Network Forensics Workshop ; Dan Guido - Mike Arpaia
The Mobile Exploit Intelligence Project; Felix Lindner
Apple vs. Google Client Platforms; Simon Roses Femerling
Smartphones Apps Are Not That Smart: Insecure Development Practices;
Thursday, February 09 2012
Conferences:
CanSecWest: OS5 - An Exploitation Nightmare? - Stefan Esser; Probing Mobile Operator Networks - myself; Legal Issues in Mobile Security Research - Marcia Hofmann, EFF; Unveiling LTE Security - Dr. Galina D. Pildush, Juniper; Intro to Near Field Communication (NFC) Mobile Security - Corey Benninger and Max Sobell, Intrepidus Group; Root-Proof Smartphones, and Other Myths and Legends - Scott G. Kelly, Netflix
Interesting lineup for mobile stuff, and the rest looks pretty good too.
SyScan Singapore:
iOS Kernel Heap Armageddon - Stefan Esser; iOS Applications - Different Developers, Same Mistakes - Paul Craig
Troopers (Germany): Welcome to Bluetooth Smart - Mike Ossmann
Links:
An analysis of the GMR-1 and GMR-2 standards for satellite telephony. Really interesting work.
In other news. I'm done with my work in Berlin and looking to move to the US for a postdoc in the near future (location is not yet decided).
Monday, January 16 2012
Conferences:
Infiltrate already passed. But they only had two mobile talk anyway. Secrets in Your Pocket: Analysis of [Your] Wireless Data by Mark Wuergler. Don't Hassle The Hoff: Breaking iOS Code Signing by Charlie Miller.
Shmoocon which I miss again, this is way to early in the year so every year so far I totally miss it. Talks: Building Measurement and Signature Intelligence (MASINT) Capabilities on a Hackers Budget: Tracking and Fingerprinting RF Devices for Fun and Profit by Brad Bowers. Intro to Near Field Communication (NFC) Mobile Security by Corey Benninger and Max Sobell. Android Mind Reading: Memory Acquisition and Analysis with DMD and Volatility by Joe Sylve. Whack-a-Mobile: Getting a Handle on Mobile Testing with MobiSec Live Environment by Tony DeLaGrange and Kevin Johnson. Credit Card Fraud: The Contactless Generation by Chris Paget.
CanSecWest is upcoming. So far no talks have been posted but I'm going speak on "Probing Mobile Operator Networks". This is a long ongoing side project of mine.
Links: Infographics: Mobile Security Android vs. iOS
The video recordings from 28c3 are online. Check out Harald's talk Cellular protocol stacks for Internet, Luca's and Karsten's talk Defending mobile phones, Sylvain's talk Introducing Osmo-GMR.
Monday, January 02 2012
so 2011 is history, it was a fun year for us mobile people. Many things
happened many things got hacked - just great.
In the last few days I have been reading some of those security predictions for 2012 (this year!). Most of them 1 2
3
4
5
are kinda boring since these are things that are already happening. Never the less these will very likely become reality.
In the mobile area these seem to be:
Android as the target for mobile malware attacks. This is already happening
as Android became the major smartphone platform last year.
Mobile Markets such as the AppStore and Android Market as a key issue
problem solver in the mobile field.
More Monetization as mobile malware evolves we will see more
monetization of it. This is especially interesting for everything that involves spending money using a smartphone. Not only SMS, but advertisement, in-App payment, the phone as a credit card, etc..
Happy mobile security research 2012 to everybody!
Tuesday, December 20 2011
There was an awesome SMS bug in Windows Phone 7. This is exactly the bug class I have been looking into in the last two years. Too bad that I didn't have the time to look into Windows Phone 7.
Corrections to a news article about my research. NFC mobile threats on the horizon: What happens when we wave our wallets to pay? The article says ...malicious code could be 'injected' into the device.... I want to say that I never claimed I can do code injection through NFC. They probably misunderstood me when I said that this could be possible in the future.
It is really great to see how NFC security research is taking of this year. If I remember back to early 2008 when I did my research everybody was kinda laughing.
In other news mobile (in)security is further on the rise. So we all never loose our jobs!