...stuff I do and things I like...

Monday, January 24 2011

Mobile Security News Update January 2011 Part 2

Funny story on stealing SIM cards from traffic lights, Schneier has a few nice pointers on the story: here.

Don't Sacrifice Security on Mobile Devices by Chris Palmer (@ EFF) makes a nice read. Spontaneous idea: what about something like hardened android?

A story on mobile phone forensics.

A Android trojan with botnet-like features?

    The ShmooCon schedule. The BlackHat DC slides. A few notes to some slides. A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications this is what every serious GSM hacker/security research has in his lab - no rocket science - but nice roundup for noobs and beginners. Exploiting Smart-Phone USB Connectivity For Fun And Profit fun read, good job.

Upcoming events for myself: Mobile World Congress, I'll be there for all four days. Catch me at Hall: 2 Booth: H04 (City of Berlin -> Technische Universitaet Berlin and others)

Wednesday, January 12 2011

My public research TAC Database

I've decided to setup a TAC (Type Allocation Code) database for research purposes. I do this because there is no such thing right now. Every TAC database I know is not public and just allows queries instead of just downloading the whole thing to use it with your own software.

My database is available here: www.mulliner.org/tacdb. The database is just a collection of CSV files, to make it really easy to use. Further the database relys on YOUR contribution, so please consider sending new entries.

Right now the database has about ~27K entries. But most of them only contain the TAC, Manufacturer, and the Model name. What I would like to have in addition is the Type of hardware (smartphone,mobile phone, modem, devices, ...), the OS, and the manufacturing date.

I hope this thing enables some new features in projects like osmocom. It will defently help my own research.

Monday, January 10 2011

Mobile Security News Update January 2011

Happy new year mobile phone security enthusiasts!

    Black Hat DC Itzhak Avraham's talk: Popping Shell on A(ndroid)RM Devices; Rob Havelt, Bruno Goncalves de Oliveira: Hacking the Fast Lane: security issues with 802.11p, DSRC, and WAVE (not directly mobile phones); David Perez, Jose Pico talk about: A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications; Angelos Stavrou, Zhaohui Wang talk on: Exploiting Smart-Phone USB Connectivity For Fun And Profit; Ralf-Philipp Weinmann's talk on: The Baseband Apocalypse (exploiting baseband software)

    Shmoocon as a number of talks but sadly no abstracts online. Also I wont be able to attend. Here are some talks that have interesting titles: Defeating mTANs for profit by Axelle Apvrille and Kyle Yang, something about smart phone botnets (the news part of the site gone now).
Bugs: Finds:

Monday, January 03 2011

27c3 Review

the 27th Chaos Communication Congress (27c3) was awesome altogether. I met all my buddies from around the world and had a great time. This year -- due to the ticketing system -- the congress seemed less crowded, very nice! Talks were still packed but not crazy packed.

    The keynote by Rob was very nice -- I even saw it again as recording.

    Karsten and Sylvain's talk on Wideband GSM sniffing was quite nice - as they combined "Karsten's" A5/1 project with Sylvain's awesome sniffer :)

    DJB's talk on High-speed high-security cryptography: encrypting and authenticating the whole Internet was quite entertaining but certainly not new. I saw more or less the same talk at USENIX WOOT'09. Still very awesome of him to come to 27c3!.

    Renaud Lifchiz did a great presentation on Android geolocation using GSM network. He explained the whole Android geolocation system in great detail and showed how to recover previous locations of a phone. For me this talk was the best in terms of expectations to delivery!

    Ilja van Sprundel gave a talk on hacking smart phones. I must sadly say this was not very good -- sorry Ilja. Many previously known stuff (without citing them).

    Bruce Dang and Peter Ferrie did a nice job with their talk Adventures in analyzing Stuxnet.

Thanks again CCC for this nice congress!

Sadly I totally missed out going to berlinsides. I registered and everything but I just didn't make it :-( I especially wanted to see Travis' talk on the IM-ME (I just bought it for that reason).