...stuff I do and things I like...

Saturday, March 27 2010

Random Tales of a Mobile Phone Hacker

CanSecWest is just over - it was a real nice conference and I'm looking forward to come here again.

The slides for my talk Random tales of a mobile phone hacker are available here. The most interesting part should be my mobile phone HTTP header logging and analysis. See also this story.

I've put up a test page where you can check if your operator leaks your private data such as your mobile phone number (MSISDN), IMSI (SIM card ID), or IMEI (phone hardware ID). The test page is here: www.mulliner.org/pc.cgi. I promise that I don't log any data when visiting this page.

Tuesday, March 09 2010

Mobile Security News March 2010

Two stories I want to comment on:

FatSkunk software-based attestation as a solution to mobile malware. Article by the German Technology Review. They promise a lot. I don't think this will work as advertised (I haven't seen this at work - also I can't really find a paper about it).

Smartphone Weather App Builds A Mobile Botnet. So these guys created a classic trojan application (does something very simple and useful but has a malicious part too). Of course people will download the application from some trusted website - nothing to wonder about.

Just found another mobile security talk that will be held at CanSecWest: Stuff we don't want on our Phones: On mobile spyware and PUPs - Jimmy Shah, McAfee, Inc

Update March 9th: