Together with my former colleagues Ravi, Patrick, Jean-Pierre from
TU Berlin / SecT I have
been working on an enhancement for mobile phones in order
to protect SMS messages especially mTANs against trojans.
We investigated several ways to improve mTAN security and finally
came to the conclusion that we just need to change the SMS routing
on the mobile phone itself.
Basically we remove SMS messages
that contain mTANs from the normal delivery queue and only deliver them
to a special application. This way no other program (including trojans)
can access the SMS message.
NoSuchCon finally released their agenda.They have an interesting lineup but no mobile talk.
SourceDublin Android application reverse engineering & defensesi by Patrick Schulz & Felix Matenaar.
SummerCon has posted it's schedule. I'll present some work I've done on Dynamic Dalvik Instrumentation.
REcon has stared to post talks. Reversing HLR, HSS and SPR: rooting the heart of the Network and Mobile cores from Huawei to Ericsson by Philippe Langlois. Reversing and Auditing Android's Proprietary Bits by Joshua J. Drake.
Shakacon Deviant Ollam - Android Phones Can Do That?!? Custom Tweaking for Power Security Users. Max Sobell - Android 4.0: Ice Cream "Sudo Make Me a" Sandwich. Andreas Kutz - Pentesting iOS Apps - Runtime Analysis & Manipulation.
Some interesting upcoming talks! I guess everybody else an their moms are waiting to hear back from the Black Hat USA CfP.
SyScan was a totally awesome event. Really good talks and lots of them.
My favorite talk was: Bochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns by Mateusz Jurczyk and Gynvael Coldwind.
Android Apps: What are they doing with your precious Internet?
The majority of Android apps are not malicious, but use internet access in ways that are not compatible with the user's interests.
Amy Tang (University of California Berkeley), Ashwin Rao (INRIA), Justine Sherry (University of California Berkeley), Dave Choffnes (University of Washington)