Thursday, March 26 2009
Saturday, March 21 2009
few things happened besides Pwn2Own. One thing I missed about the mobile pwn2own is that Sergio Alvarez apparently
tried to own a BlackBerry device but failed due to device/software mismatch. Hey at least he seems
to have a exploitable bug for BlackBerry, nice!
Since today the slides for CanSecWest are
online. The mobile security stuff is here:
At the upcoming BlackHat Europe some guys from the Mobile Security Lab will give a talk on Hijacking Mobile Data Connections . This sounds interesting too bad I can't go.
Feedback is welcome, any good sources to recommend? Any mailing lists?
Wednesday, March 11 2009
so it looks like Pwn2Own mobile failed the first time it was around. This is
a surprise for me.
I would have guessed that the iPhone would be have
been taken even it's Non-Exec-Memory since many more people try to
break it in comparison with the other mobile platforms.
Symbian was the only mobile platform somebody tried to pwn?
This is a bigger surprise to me. Especially since Pwn2Own only offers a
Nokia N95, a device that has Non-Exec memory. I tried to closely follow
Pwn2Own mobile so when I first saw that Symbian was in the game I thought
this will be uninteresting since they will take a brand new device with Non-Exec memory. When I read about the Nokia E61 in this announcement I
was really happy since this device doesn't have Non-Exec memory. In the latest
announcement the E61 seems to have been removed. Possible because
the figured out that it was way to old, bummer.
I actually predicted that somebody will own the Windows Mobile device and the
Android G1 but they all survived. Maybe all the bugs were already
reported to the manufacturers before mobile pwn2own was announced so they
could not be cashed (I at least know about one case). So I guess people
will hold on to their (mobile) bugs until next year's CanSecWest/Pwn2Own.
Especially now that some well known people called for their no more free bugs campaign. One last point that I found nice was that for mobile pwn2own the goal was
not necessary code execution but 1) loss of information (user data) OR 2) incur financial cost. My iPhone phone call bug would probably have counted, so I guess I should also keep bugs for
I had the chance to play with the Samsung SGH-X700N, one of Samsung's NFC
mobile phones. The hardware is OK not as crappy as the Motorola L7.
The software part is rather sad since there is no NFC support in the basic
phone applications this seems to be something only Nokia manages to do. The
only piece of NFC software I found was a simple demo application. Sadly the
demo application could not read my NDEF formated Mifare tags. The demo app
shows an access error so I guess they haven't implemented NDEF and therefore
they don't know the NDEF Mifare-keys.
I haven't bothered looking at their SDK.
I gladly borrow NFC phones from anybody (and any company who is not afraid about honest reviews).
yesterday I got a HTC Touch 3G that I bought to play with a recent version of Windows Mobile (Windows Mobile 6.1 and WinCE Kernel 5.x). The Touch is my first
encounter with TouchFLO the HTC specific user interface for Windows Mobile.
TouchFLO is a nice idea but the device is way to slow to make usable, otherwise
this could really be something. Behind TouchFLO everything else is still
the old WinMobile where you need to use a pen to be able to hit the small buttons.