Dr.-Ing. (equiv Ph.D.) (Technische Universität Berlin, Germany)
M.Sc. CS (University of California Santa Barbara, USA)
B.Sc. CS (FH-Darmstadt, University of Applied Sciences, Germany)
I'm a researcher in the lab for Security in Telecommunications (SecT) at the Technische Universität Berlin and Telekom Innovation Laboratories working on mobile device/phone security. My advisor is Prof. Dr. Jean-Pierre Seifert.
My personal weblog www.mulliner.org/blog.
Index
-
Contact
Projects
Publications
Talks and Presentations
In the Media
Services
Advisories
Trivia
Research Interests
-
Cellular device and Smartphone Security including infrastructure (my main focus)
Vulnerability Analysis
Near Field Communication (NFC) Security
Mobile Malware
Privacy
Embedded Systems Security
Network and Wireless Security (GSM/3G/LTE,WLAN,Bluetooth,...)
Operating Systems Security (strong focus on mobile device OSes)
Broader interests: Mobile Services, Mobile Payment (NFC), Location Based Services, Embedded-Linux, Unified Messaging
Projects
-
SMS (Short Message Service) Security Research
-
The official SecT SMS Client Security page.
My private SMS Security Research page.
iPhone Security
-
My iPhone Security Research page
Symbian OS Exploitation and Shellcode Development
-
See my talk on Symbian OS exploitation. My Symbian OS Security Research page
Near Field Communication (NFC) Security
-
Specific interested in the security of NFC mobile phones. My NFC security projects
Android Security
-
Various Android Security related things.
Smartphone and Mobile Phone Honeypots
-
SecT Smartphone Honeypot project.
GPRS HTTP Header Privacy
-
GPRS HTTP Header Privacy project page.
Previous Research Labs
-
Secure Mobile Systems Fraunhofer SIT
SecLab UC Santa Barbara
COSEDA project Fraunhofer IGD, group A8
Contact
-
EMail: collin [AT] sec.t-labs.tu-berlin.de
Phone: +49-30-8353-58585 (work phone)
Fax: +49-30-8353-58409
Address: Ernst-Reuter-Platz 7, 10587, Berlin, Germany
Sek TEL 11
My official lab page
Publications
-
Peer Reviewed Papers
Journal and Magazine Articles
Books / Chapters
Tech Reports
Posters
Peer Reviewed Papers
- Taming Mr Hayes: Mitigating Signaling Based Attacks on Smartphones
To Appear In the Proceedings of the IEEE/IFIP 41st International Conference on Dependable Systems Networks (DSN)
Boston, MA, USA 25-28 June 2012 PDF, BibTeX entry, Slides (acceptance rate / = %)
*William C. Carter Award* - SMS of Death: from analyzing to attacking mobile phones on a large scale In the Proceedings of the 20th USENIX Security Symposium San Francisco, CA, USA 10-12 August 2011 PDF, BibTeX entry, Slides (acceptance rate 35/204=17.2%)
- Rise of the iBots: 0wning a telco network In the Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software (Malware) Nancy, France 19-20 October, 2010 PDF, BibTeX entry, Slides
- Privacy Leaks in Mobile Phone Internet Access In the Proceedings of the 14th International Conference on Intelligence in Next Generation Networks (ICIN) Berlin, Germany 11-14 October, 2010 PDF, BibTeX entry, Slides *Best Paper*
- Injecting SMS Messages into Smart Phones for Security Analysis In the Proceedings of the 3rd USENIX Workshop on Offensive Technologies (WOOT) Montreal, Canada August 2009 PDF, BibTeX entry, Slides(acceptance rate 9/24=37.5%)
- Vulnerability Analysis and Attacks on NFC-enabled Mobile Phones In the Proceedings of the 1st International Workshop on Sensor Security (IWSS) at ARES 2009 Fukuoka, Japan March 2009 PDF, BibTeX entry, Slides
- Vulnerability Analysis of MMS User Agents Proceedings of the Annual Computer Security Applications Conference (ACSAC) Miami, Florida December 2006 PDF, BibTeX entry (acceptance rate 32/135=27%)
- Using Labeling to Prevent Cross-Service Attacks Against Smart Phones Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) Berlin, Germany July 2006 PDF, BibTeX entry, Slides (27% acceptance rate)
Journal and Magazine Articles
- Persönliche Datenspuren bei der mobilen Internetnutzung Datenschutz und Datensicherheit (DuD) Issue 3/2012, pages 180-184 Germany March 2012 Article
- Risiko Smartphone Magazin für Computertechnik | c't (Issue 20) Germany September 2010 1, 2
Books / Chapters
- Mobile Phone Security. The Impact of the Modem.
SVH Verlag
Germany 2012
ISBN: 978-3-8381-3289-1 Amazon - Contribution to Chapter 7. Mobile Malware Attacks and Defense USA November 2008 Amazon
- Kapitel 7. Iomega ZIP-Drive Howto Linux HOWTOs: Die besten Loesungen der Linuxgemeinde. (Marco Budde Hrsg.) Germany 1999 Amazon
Tech Reports
- Countering SMS Attacks: Filter Recommendations Technical Report: 2011-09 ISSN: 1436-9915 Berlin, Germany April 2011 PDF
- Smartphone Honeypots In Proceedings of the Sixth GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING) Technical Report SR-2011-01, GI FG SIDAR Bochum, Germany 21-22 March 2011 PDF, Slides
- Smartphone Botnets In Proceedings of the Fifth GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING) Technical Report SR-2010-01, GI FG SIDAR Bonn, Germany 7th July 2010 PDF, Slides
- Blueprinting - Remote Device Identification based on Bluetooth Fingerprinting Techniques 21st Chaos Communication Congress (21c3) Berlin, Germany December 2004 PDF
Posters
- Poster: Towards Detecting DMA Malware 18th ACM Conference on Computer and Communications Security (CCS) Chicago, IL, USA October 17-21 2011Poster abstract PDF (acceptance rate 41/62=66.1%)
- Poster: HoneyDroid - Creating a Smart Phone Honeypot IEEE Security and Privacy Oakland, CA, USA May 22-25 2011Poster abstract PDF (acceptance rate 18/34=53%)
Conference Talks and Presentations
- Probing Mobile Operator Networks CanSecWest 2012 Vancouver, Canada March 7-9, 2012PDF, project page
- Hacking your NFC phone and service: the good news and the bad news The 7th Workshop on RFID security and privacy (RFIDsec11) Amherst, MA, USA June 27-28th 2011
(invited) - Hacking NFC and NDEF NinjaCon / BSides Vienna 2011 Vienna, Austria June 18th 2011PDF, project page
- SMS-o-Death: from analyzing to attacking mobile phones on a large scale CanSecWest 2011 Vancouver, Canada March 9-11 2011PDF, project page
- SMS-o-Death: from analyzing to attacking mobile phones on a large scale 27th Chaos Communication Congress (27c3) Berlin, Germany December 27-30 2010
- Angriff aufs Smartphone Cisco-Expo Berlin, Germany December 1-2 2010
(invited) - Consumer Electronics Security Lab CAST Workshop - Embedded Security Darmstadt, Germany August 26th 2010
(invited) - Random tales from a mobile phone hacker CanSecWest 2010 Vancouver, Canada March 24-26th, 2010 PDF
- Fuzzing the Phone in your Phone 26th Chaos Communication Congress (26c3) Berlin, Germany December 28th 2009 PDF, project page
- Sicherheit von mobile Devices: Risiken von iPhone, Android & Co TelekomForum Mobilfunktrends 2010 Bonn, Germany September 2009
(invited) - Smart Phone Security from the Attacker's Perspective 5th Annual Mobile Device Management and Security Forum Berlin, Germany September 2009
(invited) - Fuzzing the Phone in your Phone SEC-T Stockholm, Sweden September 2009 project page (invited)
- Fuzzing the Phone in your Phone Black Hat USA 2009 Las Vegas, Nevada, USA July 2009 PDF, project page
- Data leaks through mobile phone web access PH-Neutral 0x7d9 Berlin, Germany May 2009 project page
- Exploiting Symbian 25th Chaos Communication Congress (25c3) Berlin, Germany December 2008 PDF, project page
- Attacking NFC Mobile Phones 25th Chaos Communication Congress (25c3) Berlin, Germany December 2008 PDF, project page
- Exploiting Symbian BlackHat Japan Tokyo, Japan October 9th 2008 PDF, project page
- Data Leaks Through Mobile Phone Web Access PET-Convention 2008.2 Darmstadt, Germany September 30th 2008 project page
- NFC-basierte Handy-Bezahlsysteme CAST Workshop - SmartCards und Bezahlsysteme Darmstadt, Germany July 24th 2008
(invited) - Attacking NFC Mobile Phones EuSecWest London, UK May 2008 PDF, project page
- Advanced Attacks Against PocketPC Phones SyScan Singapore, Singapore July 2007 PDF, project page(invited)
- Advanced Attacks Against PocketPC Phones 23rd Chaos Communication Congress (23c3) Berlin, Germany December 2006 PDF, project page
- Advanced Attacks Against PocketPC Phones DEFCON-14 Las Vegas N.V., U.S.A. August 2006 PDF, project page
- Exploiting PocketPC WhatTheHack! The Netherlands July 2005 PDF, project page
2012
2011
2010
2009
2008
2007
2006
2005
Talks
- NFC Phone and Service Security Digital Footprint in a Mobile Environment Workshop - at the Joint Research Center of the European Commission Ispra, Italy November 28-19. 2011
(invited) - Smartphone Malware/Trojans LKA NRW Duesseldorf, Germany June 20. 2011
(invited) - Random tales of a mobile phone hacker Ruhr-Universitaet Bochum Bochum, Germany June 1. 2011
(invited) - Attacking SMS SISCTI 36 Monterrey, Mexico March 3-5 2011
(invited) - Privacy Leaks with Mobile Phone Internet Access EPFL Lausanne, Switzerland November 3rd, 2010
(invited) - Vulnerability Analysis of SMS Implementations on Mobile and Smart Phones Columbia University New York City, New York, USA August 9th, 2010 project page
- Vulnerability Analysis of SMS Implementations on Mobile and Smart Phones Stanford University Palo Alto, CA, USA August 5th, 2010 project page(invited)
- Vulnerability Analysis of SMS Implementations on Mobile and Smart Phones Samsung R&D San Jose, CA, USA August 4th, 2010 project page
- Mobile Botnets T-Labs Workshop Berlin, Germany December 14th 2009
- Fuzzing the Phone in your Phone Recurity Labs Security Symposium (RSS) Berlin, Germany October 27th 2009 project page(invited)
- Injecting SMS Messages into Smart Phones for Security Analysis T-Labs Scientific Workshop Berlin, Germany July 2009 project page
- Exploiting Symbian Nokia Research Center Helsinki, Finland April 2009 project page(invited)
- Mobile Sicherheit Intensivseminar Hacking - Angriffe und Abwehrstrategien (Fraunhofer SIT) Darmstadt, Germany September 18th 2008
- The Home InfoPanel MetaRheinMain ChaosDays 111b Darmstadt, Germany September 5-7 2008PDF(not security research related)
- More Fun with Blue Radio Waves MetaRheinMain ChaosDays 110b Darmstadt, Germany September 14-16 2007PDF
- Exploiting PocketPC Graduate Colloquium Department of Computer Science, California State University Channel Islands, USA March 2006 project page(invited)
2011
2010
2009
2008
2007
2006
Ph.D. Thesis
- On the Impact of the Cellular Modem on the Security of Mobile Phones Ph.D. Thesis Technische Universität Berlin, Germany December 2011 PDF Advisor: Jean-Pierre Seifert
Master Thesis
- Security of Smart Phones Master's Thesis University of California Santa Barbara, U.S.A. June 2006 PDF Advisor: Giovanni Vigna
Bachelor Thesis
- IPSec Protokoll Implementierung Bachelor Thesis FH-Darmstadt, Germany April 2003 PDF Project at: Fraunhofer IGD
Advisor: Woldemar Fuhrmann
In the Media (selection)
-
2012
O2 Says Sorry For Mobile Web Privacy Error 01.26.2012 (SKY News UK) [TV interview]
Britische O2-Handys verrieten Handynummern 01.27.2012 (Spiegel Online)
O2 accused of sending your phone number to every website you visit 01.25.2012 (Wired UK)
2011
Android NFC Bug Could Be First Of Many 06.21.2011 (Threatpost)
How to slay a cellphone with a single text - SMS of Death explained 03.21.2011 (The Register)
CanSecWest: Researchers Show Off Method For Disabling Phones Via SMS 03.09.2011 (threatpost)
Hintertüren und Killer-SMS Hacker knacken Handys und Smartphones 03.11.2011 (Der Spiegel)
Auf Nummer sicher 02.07.2011 (Der Tagesspiegel)
"SMS of Death" Could Crash Many Mobile Phones 01.04.2011 (TechnologyReview)
2010
Simplest Phones Open to 'SMS of Death' 12.28.2010 (Wired)
Viele Handymodelle lassen sich per SMS lahmlegen 12.28.2010 (Handelsblatt)
Missing Hotel Room Key? Try Your Phone 11.08.2010 (McAfee)
Designing Smartphone Botnet Command and Control Infrastructure 11.02.2010 (eWeek)
Smartphone vulnerabilities entice hackers 07.21.2010 (Golden Gate XPress)
Researcher: Mobile number leaks common but inappropriate 04.19.2010 (ZDNet)
Is your mobile phone giving out your phone number? 03.26.10 (computerworld.com)
NFC Forum spec adds digital signatures to prevent tag tampering 11.02.2010 (Near Field Communications World)
2009
Alumni-Magazin der Technischen Universität Berlin - Mobil zu telefonieren kann gefährlich sei(Page 8-9) Dec. 2009
Vorsicht - ansteckend! 09.03.09 (Technology Review)
Researchers attack my iPhone via SMS 07.29.09 (cnet.com)
How To Hijack 'Every iPhone In The World' 07.28.09 (forbs.com)
2008
25c3: NFC-Handy-Anwendungen anfällig für Hackerangriffe 12.30.08 (heise security)
Sicherheitslücke: iPhone wählt selbstständig Abzockemmer 11.20.2008 (Computer Bild)
iPhone telefoniert ferngesteuert 11.20.08 (heise security)
Hackers start poking holes in NFC 05.29.08 (The Register)
Attacks on NFC mobile phones demonstrated 05.28.08 (ZDNet)
2007
New Hacking Tools Bite Bluetooth 01.03.07 (DarkReading)
MMS führt (Schad-)Code aus 01.02.2007 (heise security)
2006
23c3: Neue Hacker-Tools für Bluetooth 12.29.06 (heise security)
Defcon: Angriff auf PocketPC-Smartphones mit MMS-Nachrichten 08.07.06 (heise security)
DefCon Delays Can't Stop the Madness 08.05.06 (Washington Post)
Professional Services
-
Program Committee:
- 6th Workshop on Offensive Technologies (WOOT), 2012
- Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2012
- 1st International Workshop on Sensor Security (IWSS) at ARES, 2009
- External Reviewer for the 13th International Symposium on Recent Advances in Intrusion Detection (RAID), 2010
- Reviewer for the Annual Computer Security Applications Conference (ACSAC), 2006
- Reviewer for the International Journal of Information Security, 2012
- Reviewer for the Communications of the ACM, 2010
- Organizer for SPRING 7, SIDAR Graduierten-Workshop über Reaktive Sicherheit, 2012
Reviewer Conference:
Reviewer Journal:
Misc:
Contributions
- Mobile Near Field Communications (NFC) "Tap 'n Go" - Keep it Secure and Private November, 2011
- BlueZ the Linux Bluetooth stack
Trivia
-
My Erdős number is 4.
Here is the path: Paul Erdős (0) -> Noga M. Alon (1) -> Oded Goldreich (2) -> Jean-Pierre Seifert (3) -> me (4)
My Kevin Bacon number is 4.
This is due to being an extra in the German TV show Schwarz greift ein staring Klaus Wennemann who has a distance of 3 to Kevin Bacon.
Erdős-Bacon number is 8(d) = 4 + 4(d)
updated: Wed Apr 25 15:13:54 CEST 2012