...stuff I do and things I like...

Thursday, September 17 2009

Mobile Security News September 2009 p2

Lets start with conferences again. I'll be speaking at the 5th Annual Mobile Device Management and Security Forum this is a more high level non-technical conference, haven't been to stuff like this so it should be interesting. Another speaking event will be at the TelekomForum - Mobilfunktrends 2010 in Bonn, lets see how this goes.

Michael Mueller of silentservices.de found some nice SMS/MMS/Wap Push bugs in various smart phones. The bugs allow to spoof/obfuscate the sender address/number of MMS messages. This could be used for spam or social engineering I guess. The advisories are here and here.

The guys from the Mobile Security Lab published a primer on Service Load (SL) attacks. I haven't had time to read it yet. You can find it: here

So stuff happens in the mobile security world.

Sunday, September 13 2009

SEC-T was real good!

SEC-T was a nice event, I had a good time. The location was nice, the talks were good and I talked to some interesting people.

Some highlights: a reverse engineering challenge, a Wifi antenna building contest, and a bar quiz (a nerdy one). The best part, the team I was on won the quiz *G*

Bonus. I had the chance to play with a Nokia N900 (the Nokia Linux smart phone). This is a sweet device.

Monday, September 07 2009

The latest shit from me :-)

Vorsicht - ansteckend! (in German) something about mobile phone malware, this was even printed *G*

Researchers discuss iPhone, SMS bug Interview done by NetworkWorld at Black Hat this year.

I rather should be doing slides but I don't want to right now.

Wednesday, September 02 2009

Mobile Security News September 2009

Upcoming conferences:

#T2 in Helsinki October 29-30 will have a two talks first Forensics on GSM phones by David Batanero and second Spying via Bluetooth by Jamo Niemela. Especially the talk on phone forensics would be very interesting for me since lately the subject was brought to my attention by multiple people. David Batanero was also scheduled to talk at SEC-T in September but his talk was cancelled, too bad since I'm going to SEC-T but not #T2. As far as I can see my talk is the only mobile security talk at SEC-T this year.

DeepSec in Vienna on November 19-20 will have two mobile security talks. First Hijacking Mobile Data Connections 2.0: Automated and Improved by Roberto Piccirillo and Roberto Gassir (Mobile Security Lab) and second A practical DOS attack to the GSM network by Dieter Spaar.

Btw. I'll actually attend DeepSec this year. I'm looking forward to it since it will be my first time at DeepSec, and Vienna is a fun city.

Other interesting developments:

The various GSM cracking projects seem to be taking off this time around. The people behind AirProbe and Creating A5/1 Rainbow Tables seem to really want to build something that is easy usable. I really wait for the day this stuff is done and anybody with a old GSM phone has to be worried that someone with hardware for about 100 Euros can listen to his/her phone calls and can read his/her text messages (SMS).

I recently I had a fun idea for this idea I want/need a list of hardware that has a build-in mobile phone or GSM modem. If you know of such hardware please tell me (collin[AT]mulliner.org or comment on this post). Please don't tell me about laptop/netbook X with a build in modem but rather about your fridge or microwave that can call or text. So this is a call for hardware with embedded mobile phones!