...stuff I do and things I like...

Wednesday, September 29 2010

ISSE GI-Sicherheit 2010

next week I'm going to attend ISSE GI-SICHERHEIT 2010 here in Berlin. Ping me via twitter if you're coming and want to chat.

Friday, September 24 2010

Mobile Security News Update September 2010 part 2

So from now on I will include academic publications to my news updates. I screen the stuff anyway so why keep it only for me.

    (7) A Methodology for Empirical Analysis of the Permission-Based Security Models and its Application to Android David Barrera, H. Gunes Kayacik, Paul C. van Oorschot, Anil Somayaji
    (8) Mobile Location Tracking in Metropolitan Areas: malnets and others Nathanial Husted, Steve Myers
    (9) On Pairing Constrained Wireless Devices Based on Secrecy of Auxiliary Channels: The Case of Acoustic Eavesdropping Tzipora Halevi, Nitesh Saxena
    (10) PinDr0p: Using Single-Ended Audio Features to Determine Call Provenance Vijay A. Balasubramaniyan, Aamir Poonawalla, Mustaque Ahamad, Michael T. Hunter, Patrick Traynor

A funny bug in the Nokia E72: Nokia E72 Keyboard Password bypass

Conferences: Upcoming is the 27C3 it's CFP runs until October 9th. I will try to also do a talk this year again.

Flattr this

Tuesday, September 14 2010


Sooooooo I finally release BlueDrift a Bluetooth OBEX file-transfer sniffer that is based on the frontline bluetooth sniffer firmware for CSR bluecore-4 chips. The original slides from 2007 had the awesome title: More Fun with Blue Radio Waves. The project and it's name was inspired by of Driftnet.

You need the Frontline firmware image in order to turn your Bluetooth USB adapter into a sniffer. Don't ask me for this firmware, buy it!

Saturday, September 11 2010

c't 2010/20 Risiko Smartphone

Together with Daniel Bachfeld from heise I wrote the artikel Risiko Smartphone which will be published in the upcoming issue 20 of the c't magazin (German only). First time mass media publication :-)

Friday, September 10 2010

Mobile Security News September 2010

Mobile phone HTTP header privacy issue in Spain [1] xuf got them to fix it [2].

In October I will present two papers. First, Privacy Leaks in Mobile Phone Internet Access which is about mobile phone HTTP header leakage. Second, Rise of the iBots: 0wning a telco network a paper on smartphone botnet C&C.

The Osmocom people have added a security section to their wiki. One really interesting part is the section on Will my Phone Show An Unencrypted Connection?

Conferences: ToorCon has a nice lineup sofar. Real Men Carry Pink Pagers. The Carmen San Diego Project. iPhone Rootkit? There's an App for That. The Hidden Nemesis: Backdooring Embedded Controllers. Smartphone Ownage: The State of Mobile Botnets and Rootkits. Moving Target: Location-Based Threats and Mitigations. Black Hat Abu Dhabi Mobile Phony: Why You Can't Trust Mobile Phone Networks For Critical Infrastructure.

Need some hints
    I'm looking for a number of statistics. 1) How many people update their mobile phones (I don't care about smartphones such as iPhone or Android). 2) The most popular mobile phones around the world. There should be some sales stats on this, right? Any help will be very welcome. Email: collin[at]mulliner.org

The thing called a phone by Scott Adams. I almost never use it as a phone.

Monday, September 06 2010

Android : IP Addr Widget

I've been playing with Android desktop widgets in the past days - so here is my first widget. IP Addr Widget: is a simple widget that displays the IP address of the current default route (the network interface that currently is in use). You can tap/click the widget to resolve the external/public IP address and FQDN of your phone.

I know there are about 10 other widgets that do the same. I just wrote it for practice. So enjoy!