...stuff I do and things I like...

Thursday, March 17 2011

Mobile Security News Update March 2011 part 2

The BlackBerry pwnage seems to cause some trouble as RIM seems to not tell the truth (1 2) in their advisory. Lets see what happens here.

Finally the first Android mod with encrypted storage was released by Whisper Systems. This is really really cool. Now they just need to support more Android devices besides the Nexus S. But moxie told me they are adding support for more soon :-)

For those of you interested in NFC there are two interesting papers from this years NFC Conference 1) Security Vulnerabilities of the NDEF Signature Record Type 2) Practical Attacks on NFC Enabled Cell Phones.

Monday, March 14 2011

CanSecWest 2011

CanSec was a blast. I had a real good time. Meeting people I only knew by email and seeing people I only see at cons :-)

Pwn2Own was quite interesting for mobile security folks like me. First, finally BlackBerry was pwnd and this was really hard work since there is no SDK and/or debugger available for BlackBerry (the Java stuff does not count). ZDNet has a longer article on the case. Second, no body was able to pwn Android and Windows Phone 7 - which is quite interesting to. Third, the iPhone (pre 4.3) was pwnd once again.

zdi on Twitpic

All in all the talks were quite good and mostly interesting. A collection of reviews on the various talks are here: day I day II day III by talk

Wednesday, March 02 2011

Mobile Security News Update March 2011 (part 1 continued)

March looks busy for mobile security people ;-)

Android Malware becomes serious: The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor. This malware contains a root exploit. Yea, after you install the APK it roots your device.

Interesting papers (from ACM Hotmobile 2011)

Tuesday, March 01 2011

Mobile Security News Update March 2011

Very brief update, but I'm quite busy at the moment.

    LEET'11 has two interesting papers on mobile malware: Why Mobile-to-Mobile Wireless Malware Won't Cause a Storm and Andbot: Towards Advanced Mobile Botnets. I'm looking forward to actually read them.