Thursday, September 17 2009
Lets start with conferences again.
I'll be speaking at the
5th Annual Mobile Device Management and Security Forum this is a more high level non-technical conference, haven't been to stuff like this
so it should be interesting. Another speaking event will be at the
TelekomForum - Mobilfunktrends 2010 in Bonn, lets see how this goes.
Michael Mueller of silentservices.de found some nice SMS/MMS/Wap Push bugs in various smart phones. The bugs
allow to spoof/obfuscate the sender address/number of MMS messages. This
could be used for spam or social engineering I guess. The advisories are
here and here.
The guys from the Mobile Security Lab published
a primer on Service Load (SL) attacks. I haven't had time to read it
yet. You can find it: here
So stuff happens in the mobile security world.
Sunday, September 13 2009
SEC-T was a nice event, I had a good time.
The location was nice, the talks were good and I talked to some interesting
people.
Some highlights: a reverse engineering challenge, a Wifi antenna building contest, and a bar quiz (a nerdy one). The best part, the team I was on won the quiz *G*
Bonus. I had the chance to play with a Nokia N900 (the Nokia Linux smart phone). This is a sweet device.
Monday, September 07 2009
Wednesday, September 02 2009
Upcoming conferences:
#T2 in
Helsinki October 29-30 will have a two talks first Forensics on GSM phones by David Batanero and second
Spying via Bluetooth by
Jamo Niemela. Especially the talk on phone forensics would be very
interesting for me since lately the subject was brought to my attention
by multiple people. David Batanero was also scheduled to talk at
SEC-T in September
but his talk was cancelled, too bad since I'm going to SEC-T but not #T2. As far as I can see my talk is the only mobile security talk at SEC-T this year.
DeepSec in Vienna on November 19-20 will have two mobile security talks. First Hijacking Mobile Data Connections 2.0: Automated and Improved
by Roberto Piccirillo and Roberto Gassir (Mobile Security Lab) and
second A practical DOS attack to the GSM network by Dieter Spaar.
Btw. I'll actually attend DeepSec this year. I'm looking forward to it since
it will be my first time at DeepSec, and Vienna is a fun city.
Other interesting developments:
The various GSM cracking projects seem to be taking off this time around.
The people behind
AirProbe and
Creating A5/1 Rainbow Tables
seem to really want to build something that is easy usable. I really
wait for the day this stuff is done and anybody with a old GSM phone
has to be worried that someone with hardware for about 100 Euros
can listen to his/her phone calls and can read his/her text messages (SMS).
I recently I had a fun idea for this idea I want/need a list of
hardware that has a build-in mobile phone or GSM modem. If you know
of such hardware please tell me (collin[AT]mulliner.org or comment on this post). Please don't tell me about laptop/netbook X with a build in modem but rather
about your fridge or microwave that can call or text. So this is a call for
hardware with embedded mobile phones!