...stuff I do and things I like...

Saturday, August 30 2014

Mobile Security News Update August 2014

The Vegas week was as great as it can be as anybody knows who has this ongoing love hate relationship with the yearly pilgrimage.

The Blackphone kinda got rooted, ars on Blackphone root I had to laugh so hard when I saw Jon running around in his new t-shirt.

The SecurityCookies project was a lot of fun. I think people really liked it, likely Guillaume and I had the most fun. We will likely do this again at some point.

The iPhone is finally getting NFC iPhone 6 will reportedly feature NFC and Apple's own mobile payments platform. This should be a lot of fun cause everybody will scramble to actually build and deploy NFC now. I'm not really worried about NFC-payment insecurity but about all the other fun stuff that will be possible. Maybe I have to buy an iPhone 6 and continue my NFC work.

If I actually do get an iPhone I should also get the FLIR ONE an thermal camera case for iPhones. There are various articles about what you could do with this and I think this could be super interesting to play with.

My friend Ravi released darshak an Android app that notifies you if your phone receives silent SMS that are used for tracking your phone. It further displays current network security settings. This can be an indicator about your phone being connected to an IMSI-catcher. So far you need to have a Samsung Galaxy S3 to use this tool, but the S3 is fairly popular. I would like to see vendors providing information about phone network security parameters to the user.

Conferences
    44con September 10-11 London, UK: GreedyBTS: Hacking Adventures in GSM by Hacker Fantastic; Researching Android Device Security with the Help of a Droid Army by Joshua J. Drake (jduck); Manna from Heaven; Improving the state of wireless rogue AP attacks by Dominic White; On Her Majesty's Secret Service: GRX and a Spy Agencyby Stephen Kho; Darshak: how to turn your phone into a low cost IMSI catcher device by Ravishankar Borgaonkar & Swapnil Udar

    SEC-T September 18-19 Stockholm, Sweden: Attacking Mobile Broadband Modems Like A Criminal by Andreas Lind

    T2 October 23-24, Helsinki, Finland: Style over Substance - how OEMs are breaking Android security by Robert Miller; Reversing iOS Apps - a Practical Approach by Patrick Wardle; Darshak: how to turn your phone into a low cost IMSI catcher device by Ravishankar Borgaonkar and Swapnil Udar

    BruCON September 25-26 in Ghent, Belgium: Stealing a Mobile Identity Using Wormholes by Markus Vervier.
Links

August so far was my busiest month of the year, so I guess I missed a lot of what was going on.