Wednesday, April 29 2009
Monday, April 27 2009
just a quickie, the slides from BlackHat Europe are up for a few days. Here are the
slides for Hijacking Mobile Data Connections and for Passports Reloaded Goes Mobile (clone a RFID passport using an NFC mobile phone). So far Charlie Miller and Vincenzo Iozzo only put up
a whitepaper of their OS X and iPhone talk.
If you can understand German (spoken word) you might want to listen to
Chaosradio Express episode 120
which is about OpenBSC and generally about building GSM networks or actually the software to run a network in your cellar/garage.
In the last week there was a short buzz about a old Nokia phone (Nokia 1100) that could be reprogrammed to sniff SMS messages. The story really sounds
like a hoax since the whole subscriber ID stuff is handled through the SIM
card rather then through the phone itself. There are not many details just the
story. F-Secure has something in their blog about this too.
Yesterday the new Android version cupcake was released for developer phones,
get your cupcake while its still warm :-) Get it from here.
Btw the Technology Review article citing me is only in the next issue (06.2009).
Saturday, April 18 2009
starting May I'll be a PhD student at TU-Berlin / T-Labs. I'll be working in the area of Security in Telecommunications with Prof. Jean-Pierre Seifert. I'll basically do the research I've been
doing already: I'll break smart phones and try to make them more secure in
the process. Because of this I'll also move to Berlin shortly.
so I've been using my Android phone (ADP1) as my primary phone
for a week now here some things I have noticed.
Keyboard is really good for writing emails (the current version of K-9 is actually usable)
IM always on, works really nice, this is what I want.
Maps is not as good as on the iPhone.
Stuff that needs to change or need to exist (also 3rd party stuff)
Headset is to big and ugly, sometimes function is not everything.
Can't use headset while charging (e.g. while you sit on the train).
Headset use while charging!
I want sync without Google or any 3rd party. I know about Funambol, does it work well? I want to import vCards/.vcf files, I have tried ImportContacts but it couldn't import my test contact.
Headset that has a smaller mic and button (like the one from the iPhone) or
headset adapter for the iPhone headset (mic and button need to work!).
K-9 mail should not download the attachments by default.
So far I don't really miss my iPhone but rather have cool new features that I didn't have with the iPhone.
BlackHat Europe brought some new stuff:
First the guys from the Mobile Security Lab showed us that the OMA provisioning functionality
can be easily abused to reconfigure the Internet connection settings
on many mobile phones. Although the attack requires some user interaction
and therefore some social engineering the attack is quite cool.
Technology Review has an article on their work. Nice Work guys!
The second mobile device related piece from BlackHat Europe is that Charlie
Miller showed a workaround for the non-executable memory of the iPhone.
I haven't see the slides of his talk but NetworkWorld has an article on Charlie's iPhone find.
I was interviewed by the German version of Technology Review on the subject
of smart phone security and malware. As far as I know the article citing me
should be in the current issue (05.2009).
Otherwise not much happened in the world of mobile device security.