...stuff I do and things I like...

Tuesday, April 28 2009

Mobile Security News April 2009 part 2

just a quickie, the slides from BlackHat Europe are up for a few days. Here are the slides for Hijacking Mobile Data Connections and for Passports Reloaded Goes Mobile (clone a RFID passport using an NFC mobile phone). So far Charlie Miller and Vincenzo Iozzo only put up a whitepaper of their OS X and iPhone talk.

If you can understand German (spoken word) you might want to listen to Chaosradio Express episode 120 which is about OpenBSC and generally about building GSM networks or actually the software to run a network in your cellar/garage.

In the last week there was a short buzz about a old Nokia phone (Nokia 1100) that could be reprogrammed to sniff SMS messages. The story really sounds like a hoax since the whole subscriber ID stuff is handled through the SIM card rather then through the phone itself. There are not many details just the story. F-Secure has something in their blog about this too.

Yesterday the new Android version cupcake was released for developer phones, get your cupcake while its still warm :-) Get it from here.

Btw the Technology Review article citing me is only in the next issue (06.2009).

Monday, April 27 2009

PhD Student at TU-Berlin

starting May I'll be a PhD student at TU-Berlin / T-Labs. I'll be working in the area of Security in Telecommunications with Prof. Jean-Pierre Seifert. I'll basically do the research I've been doing already: I'll break smart phones and try to make them more secure in the process. Because of this I'll also move to Berlin shortly.

Saturday, April 18 2009

Android Rant!

so I've been using my Android phone (ADP1) as my primary phone for a week now here some things I have noticed.

    Keyboard is really good for writing emails (the current version of K-9 is actually usable)
    IM always on, works really nice, this is what I want.
    Maps is not as good as on the iPhone.
    Headset is to big and ugly, sometimes function is not everything.
    Can't use headset while charging (e.g. while you sit on the train).
Stuff that needs to change or need to exist (also 3rd party stuff)
    Headset use while charging!
    Headset that has a smaller mic and button (like the one from the iPhone) or headset adapter for the iPhone headset (mic and button need to work!).
    K-9 mail should not download the attachments by default.
I want sync without Google or any 3rd party. I know about Funambol, does it work well? I want to import vCards/.vcf files, I have tried ImportContacts but it couldn't import my test contact.

So far I don't really miss my iPhone but rather have cool new features that I didn't have with the iPhone.

Mobile Security News April 2009

BlackHat Europe brought some new stuff:

First the guys from the Mobile Security Lab showed us that the OMA provisioning functionality can be easily abused to reconfigure the Internet connection settings on many mobile phones. Although the attack requires some user interaction and therefore some social engineering the attack is quite cool. Technology Review has an article on their work. Nice Work guys!

The second mobile device related piece from BlackHat Europe is that Charlie Miller showed a workaround for the non-executable memory of the iPhone. I haven't see the slides of his talk but NetworkWorld has an article on Charlie's iPhone find.

I was interviewed by the German version of Technology Review on the subject of smart phone security and malware. As far as I know the article citing me should be in the current issue (05.2009).

Otherwise not much happened in the world of mobile device security.