Saturday, March 27 2010
Tuesday, March 09 2010
CanSecWest is just over - it was
a real nice conference and I'm looking forward to come here again.
The slides for my talk Random tales of a mobile phone hacker are
available here. The most interesting part should be my mobile phone HTTP
header logging and analysis. See also this story.
I've put up a test page where you can check if your operator leaks your private data such as your mobile phone number (MSISDN), IMSI (SIM card ID), or IMEI (phone hardware ID). The test page is here: www.mulliner.org/pc.cgi. I promise that I don't log any data when visiting this page.
Two stories I want to comment on:
FatSkunk software-based attestation as a solution to mobile malware. Article by the German Technology Review. They promise a lot. I don't think this will work as
advertised (I haven't seen this at work - also I can't really find a paper
Smartphone Weather App Builds A Mobile Botnet. So these guys created a classic trojan application (does something very simple and useful but has a malicious part too). Of course people will download the application
from some trusted website - nothing to wonder about.
Just found another mobile security talk that will be held at CanSecWest:
Stuff we don't want on our Phones: On mobile spyware and PUPs - Jimmy Shah, McAfee, Inc
Update March 9th: