Wednesday, September 29 2010
Friday, September 24 2010
Tuesday, September 14 2010
So from now on I will include academic publications to my
news updates. I screen the stuff anyway so why keep it only for me.
(7) A Methodology for Empirical Analysis of the Permission-Based Security Models and its Application to Android
David Barrera, H. Gunes Kayacik, Paul C. van Oorschot, Anil Somayaji
(8) Mobile Location Tracking in Metropolitan Areas: malnets and others
Nathanial Husted, Steve Myers
(9) On Pairing Constrained Wireless Devices Based on Secrecy of Auxiliary Channels: The Case of Acoustic Eavesdropping
Tzipora Halevi, Nitesh Saxena
(10) PinDr0p: Using Single-Ended Audio Features to Determine Call Provenance
Vijay A. Balasubramaniyan, Aamir Poonawalla, Mustaque Ahamad, Michael T. Hunter, Patrick Traynor
A funny bug in the Nokia E72: Nokia E72 Keyboard Password bypass
Upcoming is the 27C3 it's CFP runs until October 9th. I will try to also do a talk this year again.
Saturday, September 11 2010
Sooooooo I finally release BlueDrift a
Bluetooth OBEX file-transfer sniffer that is based on the frontline bluetooth sniffer firmware for
CSR bluecore-4 chips. The original slides from 2007 had the awesome title: More Fun with Blue Radio Waves. The project and it's
name was inspired by of Driftnet.
You need the Frontline firmware image in order to turn your Bluetooth USB adapter into a sniffer. Don't
ask me for this firmware, buy it!
Friday, September 10 2010
Together with Daniel Bachfeld from heise I wrote the artikel Risiko Smartphone which will be published in the upcoming issue 20 of the c't magazin (German only). First time
mass media publication :-)
Monday, September 06 2010
Mobile phone HTTP header privacy issue in Spain  xuf got them to fix it .
In October I will present two papers. First, Privacy Leaks in Mobile Phone Internet Access which is about mobile phone HTTP header leakage. Second, Rise of the iBots: 0wning a telco network a paper on smartphone botnet C&C.
The Osmocom people have added a security section to their wiki. One really interesting part is the
section on Will my Phone Show An Unencrypted Connection?
Conferences: ToorCon has a nice lineup sofar.
Real Men Carry Pink Pagers. The Carmen San Diego Project. iPhone Rootkit? There's an App for That. The Hidden Nemesis: Backdooring Embedded Controllers. Smartphone Ownage: The State of Mobile Botnets and Rootkits. Moving Target: Location-Based Threats and Mitigations. Black Hat Abu Dhabi Mobile Phony: Why You Can't Trust Mobile Phone Networks For Critical Infrastructure.
Need some hints
I'm looking for a number of statistics. 1) How many people update their
mobile phones (I don't care about smartphones such as iPhone or Android).
2) The most popular mobile phones around the world. There should be
some sales stats on this, right? Any help will be very welcome. Email:
The thing called a phone by Scott Adams. I almost never use it as a phone.
I've been playing with Android desktop widgets in the past days - so here is
my first widget. IP Addr Widget: is a simple widget that displays the IP address of
the current default route (the network interface that currently is in use). You can tap/click the widget to resolve the external/public IP address and
FQDN of your phone.
I know there are about 10 other widgets that do the same. I just wrote it
for practice. So enjoy!