...stuff I do and things I like...

Saturday, August 20 2011

Mobile Security News Update August 2011

I'm finally back from my two weeks in the US of A where I attended Black Hat and Defcon (19) in Vegas. This was very exhausting as always, no surprise there. But I must say the talk quality was not that high and again too many parallel tracks at Black Hat. As I see it now I will probably skip Black Hat and Defcon in the near future. After Vegas I travelled to USENIX Security in San Francisco to finally present our paper on SMS insecurity on feature phones. USENIX was quite okay - but I didn't get to enjoy it in full due to the one week of Las Vegas before :-/ To compensate for the stressful travel I attended the last two days of the CCCamp outside of Berlin. Also I only attended the lasts days the CCCamp rocked! Still one of the best events ever!


News:
    So Palm is finally dead now that HP killed their WebOS devices. Although I've read something about HP wanting to continue with developing WebOS as a platform but this is kinda useless if they don't intend to sell devices running WebOS. Sad sad thing.
Conferences:
    DeepSec that takes place in Vienna in November has a bunch of mobile related talks. Intelligent Bluetooth fuzzing - Why bother? by Tommi Mäkilä (Codenomico; Windows Pwn 7 OEM - Owned Every Mobile? by Alex Plaskett (MWR InfoSecurity); SMS Fuzzing - SIM Toolkit Attack by Bogdan Alecu (Independent security researcher); Extending Scapy by a GSM Air Interface and Validating the Implementation Using Novel Attacks by Laurent 'kabel' Weber (Ruhr Uni Bochum); Attack vectors on mobile devices by Tam Hanna (Tamoggemon Limited); Defeating BlackBerry Malware & Forensic Analysis by Sheran A. Gunasekera (ZenConsult Pte. Ltd.)

    T2 in October in Helsinki. Sofar they have only one talk on mobile security. Windows Pwn 7 OEM - Owned Every Mobile? by Alex Plaskett (MWR InfoSecurity).

    Hack.lu in September in Luxenburg. They seem to have a few interesting talks. Project Ubertooth: Building a Better Bluetooth Adapter by Michael Ossmann. Extending Scapy by a GSM Air Interface and Validating the implementation Using Classical and Novel Attacks by Laurent Weber. Locating a GSM phone in a given area without user consent by Iosif Androulidakis.Weaponizing the Smartphone: Deploying the Perfect WMD by Kizz Myanthia.

    Hack in the Box Malaysia in October. Some talks: Packets in the Dark - Pwning a 4G Device for the Lulz by biatch0 & RuFI0. Satellite Telephony Security: What is and What Will Never Be by Jim Geovedi. Femtocells: A Poisonous Needle in the Operator's Hay Stack by Kevin, Ravi, and Nico (SecT - TU Berlin). All Your Base Stations are Belong to Us: Extending Scapy with a GSM Air Interface - Laurent 'Kabel' Weber. Blackbox Android: Breaking "Enterprise Clas" Applications and Secure Containers by Marc Blanchou, Justine Osborne & Mathew Solnik (Security Consultants, iSEC Partners). Attacking The GPRS Roaming eXchange (GRX) by Philippe Langlois. Hacking Androids for Profit by Riley Hassell. iPhone Exploitation: One ROPe to Bind Them All? by Stefen Esser.

    hashdays in October. Talks: Tobias Ospelt - Reversing Android Apps - Hacking and cracking Android apps is easy.


Thats this for now. I guess I missed a bunch of things during the last three weeks (two weeks of travel and one week of recovery!). If something major had happened in the mobile sec world I guess I would have heard about it ;-)