Monday, October 19 2009
Conferences: PacSec 2009 Charlie Miller is giving a talk on iPhone SMS Fuzzing and Exploitation, Rich Cannings & Alex Stamos are giving titled The Android Security Story: Challenges and Solutions for Secure Open Systems, and Yves Younan is giving a talk on Filter Resistant Code Injection on ARM (this sounds interesting). So PacSec seems to be filled with some good mobile security related talks.
Btw. the CanSecWest CfP is open now. I have something to submit but it will be complicated because of some academic conference. Let's see what happens.
Bug watch:
Links:
Wednesday, October 07 2009
So I have a tone of mobile phone numbers, different contracts and
some pre-paid cards. The main problem is that using multiple cards at
the same time is not really possible. There are almost no multi-sim-card
mobile phones and the ones that exist normally take only two (2) cards.
Although I don't want to use a specific multi-sim phone but rather any
phone (so I can always use the latest and greatest). I tried one of these
dual-sim card adapters but it sucked.
So what to do?
What I want is this:
I want to be able to have one (1) SIM card that does not belong to any
operator. Then I want X number of mobile phone numbers with either
a contract or without a contract (pre-paid). Then I just want to be able
to tell the operators to connect the contract/pre-paid numbers to
this one SIM card. The remaining problem would be what actual mobile network
to use, since the phone can only connect to one network at the time. Ideally
this would be solved through some roaming-like-agreement where each provider
just provides bare network access and just deals with the service/contract providers in order to charge for usage.
I guess this kind of idea is not new but today I'm somehow pissed again because
of all the stupid different SIM cards I have.
Tuesday, October 06 2009
the guys from the Mobile Security Lab seem to have a lot of
time recently a couple of days ago they released a short
study on SSL on mobile phones: Tricks for Defeating SSL: effectiveness test on mobile phones.
Tomorrow (7th of October) Hack-in-the-Box
2009 takes place in Malaysia for some reason I always forget HITB. I can't
remember ever reading a CFP or anything. They seem to have a few mobile
security related talks. Here is the Agenda.
Bugs and Kisses: Spying on BlackBerry Users for Fun by Sheran Gunasekera, Side Channel Analysis on Embedded Systems by Job De Haas.
Bug watch:
Palm Pre WebOS <=1.1 Remote File Access Vulnerability
The short description is: The Palm Pre WebOS <=1.1 suffers from a JavaScript injection attack that allows a malicious attacker to access any file on the mobile device. Things get more and more interesting with web stuff on smartphones.
On October 9th the CFP ends for:
26C3: Here Be Dragons (26th Chaos Communication Congress)
December 27th to 30th, 2009 in Berlin, Germany
They always like mobile phone related talks, so go and submit something interesting.