I'm finally back from my two weeks in the US of A where I attended Black Hat and Defcon (19) in Vegas. This was very exhausting as always, no surprise there. But I must say the talk quality was not that high and again too many parallel tracks at Black Hat. As I see it now I will probably skip Black Hat and Defcon in the near future. After Vegas I travelled to USENIX Security in San Francisco to finally present our paper on SMS insecurity on feature phones. USENIX was quite okay - but I didn't get to enjoy it in full due to the one week of Las Vegas before :-/ To compensate for the stressful travel I attended the last two days of the CCCamp outside of Berlin. Also I only attended the lasts days the CCCamp rocked! Still one of the best events ever!
So Palm is finally dead now that HP killed their WebOS devices. Although I've read something about HP wanting to continue with developing WebOS as a platform but this is kinda useless if they don't intend to sell devices running WebOS. Sad sad thing.Conferences:
DeepSec that takes place in Vienna in November has a bunch of mobile related talks. Intelligent Bluetooth fuzzing - Why bother? by Tommi Mäkilä (Codenomico; Windows Pwn 7 OEM - Owned Every Mobile? by Alex Plaskett (MWR InfoSecurity); SMS Fuzzing - SIM Toolkit Attack by Bogdan Alecu (Independent security researcher); Extending Scapy by a GSM Air Interface and Validating the Implementation Using Novel Attacks by Laurent 'kabel' Weber (Ruhr Uni Bochum); Attack vectors on mobile devices by Tam Hanna (Tamoggemon Limited); Defeating BlackBerry Malware & Forensic Analysis by Sheran A. Gunasekera (ZenConsult Pte. Ltd.)
T2 in October in Helsinki. Sofar they have only one talk on mobile security. Windows Pwn 7 OEM - Owned Every Mobile? by Alex Plaskett (MWR InfoSecurity).
Hack.lu in September in Luxenburg. They seem to have a few interesting talks. Project Ubertooth: Building a Better Bluetooth Adapter by Michael Ossmann. Extending Scapy by a GSM Air Interface and Validating the implementation Using Classical and Novel Attacks by Laurent Weber. Locating a GSM phone in a given area without user consent by Iosif Androulidakis.Weaponizing the Smartphone: Deploying the Perfect WMD by Kizz Myanthia.
Hack in the Box Malaysia in October. Some talks: Packets in the Dark - Pwning a 4G Device for the Lulz by biatch0 & RuFI0. Satellite Telephony Security: What is and What Will Never Be by Jim Geovedi. Femtocells: A Poisonous Needle in the Operator's Hay Stack by Kevin, Ravi, and Nico (SecT - TU Berlin). All Your Base Stations are Belong to Us: Extending Scapy with a GSM Air Interface - Laurent 'Kabel' Weber. Blackbox Android: Breaking "Enterprise Clas" Applications and Secure Containers by Marc Blanchou, Justine Osborne & Mathew Solnik (Security Consultants, iSEC Partners). Attacking The GPRS Roaming eXchange (GRX) by Philippe Langlois. Hacking Androids for Profit by Riley Hassell. iPhone Exploitation: One ROPe to Bind Them All? by Stefen Esser.
hashdays in October. Talks: Tobias Ospelt - Reversing Android Apps - Hacking and cracking Android apps is easy.
Thats this for now. I guess I missed a bunch of things during the last three weeks (two weeks of travel and one week of recovery!). If something major had happened in the mobile sec world I guess I would have heard about it ;-)