...stuff I do and things I like...

At T2 Nils talks about some WebOS and Android vulns this should be quite interesting since he likely will cover the bugs he recently found. T2 is really one of the European cons I want to go to, very high priority! Especially since I can't go to SEC-T this year. hacking the RKF ticket system and How to stay invisible (while still using cellphones) sounds quite interesting.

The BruCON schedule looks quite interesting. GSM Security: Fact and Fiction NFC Malicious Content sharing, the abstract sounds like something I've done some years ago - I wonder what kind of new stuff they found. The Monkey Steals the Berries: The State of Mobile Security So BruCON actually looks quite good, another CON I need to go to at some point.

At SecTor there seems to be a single mobile talk: Black Berry Security FUD Free.

Thats it for August as far as I can see.

Update: I totallty forgot DeepSec. This year it seems like a mobile only security conference. Talks are: Pentesting Internet Handheld Devices Debugging GSM Targeted DOS Attack and various fun with GSM Um Mobile VoIP Steganography: From Framework to Implementation Mobile privacy: Tor on the iPhone and other unusual devices OsmocomBB: A tool for GSM protocol level security analysis of GSM networks Malicious applications for Smartphones All your baseband are belong to us Android: Reverse Engineering and Forensics LTE Radio Interface structure and its security mechanism

A short overview of the talk How to stay invisible (still using cellphones) from PlumberCon. No slides unfortunately.

Some Vulnerable setuid binaries on 4G and HTC Hero (Android phones).

Latest version of Hijacking Mobile Data Connections from the Mobile Security Lab guys this time with iPhone and Android. This was shown at HITB Amsterdam.

EuSecWest moved to June and to Amsterdam but still looks promising. So far two talks look interesting: Immature Femtocels by Ravishankar Borgaonkar & Kevin Redon, Technical University of Berlin and BlackBerry Proof-of-Concept malicious applications by Mayank Aggarwal, SMobile Systems. I hope to see more mobile stuff at EuSec. I would really like to go but I have too many other stuff todo.

Somebody claims to have found a iPhone data protection vulnerability . I haven't checked it out myself.

Waiting to see some of you at Ph-Neutral. Only 2 weeks to go!

Yea I will be going to CanSecWest for the first time this year. I'll have a talk on my favorite subject: Mobile Phone Security (Random tales from a mobile phone hacker). I'm really looking forward to this!

Second, there will be a mobile phone PWN2OWN again this year. They increased the cash pool for mobile devices to $60K, this looks like a statement! The devices/platforms are: iPhone (of course), BlackBerry, S60 (Nokia), Android.

SecurStar did it again in 2006 there was RexSpy and in 2010 we have this mobile phone crypto comparison. But the knowledgeable community is big enough to identify and point out this kind of advertising/scam fast enough.

Conferences, the only interesting talk I found is: iPhone Privacy by Nicolas Seriot at Black Hat DC this week.

In other news, I still need a Nexus One. It is still not available to buy out side of the US. *ARG*

Updated (Feb 2nd):

Something from a few days ago: iPhone PKI handling flaws

I have been busy as hell from mid December to now, this was due to the Chaos Communication Congress (26C3), the fact that I turned 30, and some work stuff. I guess I have missed some interesting stuff in this time. So once again if you have interesting things on mobile security tell me!

Conferences, ShmooCon taks place in February (I always wanted to go - still haven't made it). The New World of Smartphone Security - What Your iPhone Disclosed About You by Trevor Hawthorn. Karsten is doing his GSM: srsly talk again. Bluetooth Keyboards: Who Owns Your Keystrokes? by Michael Ossmann, for some time I did a lot with Bluetooth keyboards so I would really like to see what they show here - especially since Michael Ossmann is one of the guys who really knows about Bluetooth. honeyM: A Framework For Virtual Mobile Device Honeyclients by whole bunch of Military guys (SCNR). Blackberry Mobile Spyware - The Monkey Steals the Berries by Tyler Shields. So it really looks like ShmooCon has some mobile security content this year.

Random news:

Android Phishing app in the Market

Study of BlackBerry Proof-of-Concept Malicious Applications

Fun find:

Abhoersichers Handy (Anti eavesdropping Mobile Phone) apparently this should cost 4800 Euros. The screen shots look interesting. If anyone has any details on this device please tell me.

very short update...

SRI published an analysis of Ikee.B here: www.csl.sri.com/users/porras/iPhone-Bot.

I wrote about this stuff about a year ago here ;-)