...stuff I do and things I like...

Monday, October 19 2009

Mobile Security News Update October 2009 part 2

Conferences: PacSec 2009 Charlie Miller is giving a talk on iPhone SMS Fuzzing and Exploitation, Rich Cannings & Alex Stamos are giving titled The Android Security Story: Challenges and Solutions for Secure Open Systems, and Yves Younan is giving a talk on Filter Resistant Code Injection on ARM (this sounds interesting). So PacSec seems to be filled with some good mobile security related talks.

Btw. the CanSecWest CfP is open now. I have something to submit but it will be complicated because of some academic conference. Let's see what happens.

Bug watch: Links:

Wednesday, October 07 2009

Changing your mobile phone number sucks!

So I have a tone of mobile phone numbers, different contracts and some pre-paid cards. The main problem is that using multiple cards at the same time is not really possible. There are almost no multi-sim-card mobile phones and the ones that exist normally take only two (2) cards. Although I don't want to use a specific multi-sim phone but rather any phone (so I can always use the latest and greatest). I tried one of these dual-sim card adapters but it sucked.

So what to do?

What I want is this:

I want to be able to have one (1) SIM card that does not belong to any operator. Then I want X number of mobile phone numbers with either a contract or without a contract (pre-paid). Then I just want to be able to tell the operators to connect the contract/pre-paid numbers to this one SIM card. The remaining problem would be what actual mobile network to use, since the phone can only connect to one network at the time. Ideally this would be solved through some roaming-like-agreement where each provider just provides bare network access and just deals with the service/contract providers in order to charge for usage.

I guess this kind of idea is not new but today I'm somehow pissed again because of all the stupid different SIM cards I have.

Tuesday, October 06 2009

Mobile Security News October 2009

the guys from the Mobile Security Lab seem to have a lot of time recently a couple of days ago they released a short study on SSL on mobile phones: Tricks for Defeating SSL: effectiveness test on mobile phones.

Tomorrow (7th of October) Hack-in-the-Box 2009 takes place in Malaysia for some reason I always forget HITB. I can't remember ever reading a CFP or anything. They seem to have a few mobile security related talks. Here is the Agenda. Bugs and Kisses: Spying on BlackBerry Users for Fun by Sheran Gunasekera, Side Channel Analysis on Embedded Systems by Job De Haas.

Bug watch:
Palm Pre WebOS <=1.1 Remote File Access Vulnerability The short description is: The Palm Pre WebOS <=1.1 suffers from a JavaScript injection attack that allows a malicious attacker to access any file on the mobile device. Things get more and more interesting with web stuff on smartphones.

On October 9th the CFP ends for:
26C3: Here Be Dragons (26th Chaos Communication Congress)
December 27th to 30th, 2009 in Berlin, Germany

They always like mobile phone related talks, so go and submit something interesting.