...stuff I do and things I like...

Monday, August 20 2012

Mobile Security News Update August 2012 part

More conferences!
    DeepSec taking place end of November in Vienna has published their schedule. They have a number of mobile talks as usual but unfortunately they also have THE one talk that every conference has this year :-( The talks are: Introducing the Smartphone Pentesting Framework Georgia Weidman (Bulb Security LLC), Pentesting iOS Apps - Runtime Analysis and Manipulation Andreas Kurtz (NESO Security Labs / University of Erlangen-Nuremberg), Hacking the NFC credit cards for fun and debit ;) Renaud Lifchitz (BT (formerly known as British Telecom)), The Security (or Insecurity) of 3rd Party iOS Applications Ilja van Sprundel (IOActive, Inc.).

    EuSecWest happening in late September in Amsterdam. Dragos always had this love for mobile security and this year he is showing this at EuSec. Basically EuSec is a mobile security event this year, especially because of the mobile pwn2own! Talks so far: Mapping and Evolution of Android Permissions - Andrew Reiter & Zach Lanier, APK Infection on Android - Robert McArdle & Bob Pan, NFC For Free Rides and Rooms (on your phone) - Corey Benninger & Max Sobell, Using HTTP headers pollution for mobile networks attacks - Bogdan Alecu , iOS Application Auditing - Julien Bachmann.

    Hack.LU in October also has a mobile talk. Benedikt Driessen -Satellite phone - an analysis of the GMR-1 and GMR-2 standards.

    Hack in The Box Malaysia seems to have a bunch of mobile stuff. But their conference website is so ugly that it is hard to find details :-(

    SEC-T takes place in September in Stockholm - one of my favorit cons!. So far they have: Dead Addict - Mobile PKI UX: the state of shit, Torbjörn Lofterud - iPhone raw NAND recovery and forensics.

T2 does not seem to have any mobile stuff this year.

More upcoming CFPs should include ToorCon in San Diego but sadly it overlaps with BreakPoint. I would really like to go to ToorCon once.

It looks like I will come to NYC in November to give a talk at an event at NY-Poly. It is also likely that I will come to SF early in December.


News:
By now I arrived in Boston and started working at my new job at Northeastern University. So far I haven't done much in the city. I'm still looking for an apartment so if you have good pointers shoot me an email.

Tuesday, August 07 2012

Mobile Security News Update August 2012

This really is the first update since May, wow I have been really busy.

Conferences:
    Toorcamp (takes place as you read) has a few interesting talks on Android. I originally planed to go but didn't have time, very said about it :-(

    Nordic Security Conference is a new event that takes place end of August. Nordic Sec seems to be a very mixed conference but they have some mobile related talks.

    BruCON at the end of September is one of those cons I always wanted to attend once, never made it. They also have just a few mobile related talks. Mobile talks seem to overlap with Nordic Sec :-(

    BreakPoint is also a new event taking place in Melbourne, Australia. This event will have more then a few mobile talks due to the people who are scheduled to speak there. Including myself ;-)

    Source Seattle has a mobile talk.


Open CFPs: 29c3 this year in Hamburg not Berlin, a real bummer. hashdays in Lucerne, Switzerland.

General News:
    Zeus now supports Black Berry in addition to WinMo, Android, and Symbian.

    This is really interesting. I was working on countermeasures against this threat with two of my co-workers at SecT in Berlin. Hopefully our paper gets accepted. I really hope we can help to defend against this threat.


Personal news: I will move to Boston, MA in August to work as a Postdoctoral researcher at Northeastern University. I will continue doing mostly mobile security related work. Please ping me if you are doing similar work and are in the area. It seems like I know a bunch of people but don't actually know where they live.

I hope from now one to continue my biweekly mobile security news update.

Wednesday, August 01 2012

Black Hat USA and Defcon XX

Once again I attended Black Hat USA and Defcon. This year I was actually speaking at Black Hat again. My talk Probing Mobile Operator Networks was received well as what I understood from the feedback. The slides can be downloaded from my project web page. I'm planning a follow up project to extend my work for an academic research paper.

Some personal comments.
    Black Hat: 1. I really liked the track idea, putting related talks into one room. I basically staid in my room "Mobile" for the whole day. 2. The new room layout of Black Hat was good and bad. Moving the vendor area into the back was an good move. Also for some reason the new layout made it impossible to meet people randomly (as confirmed by some people I actually met). 3. The "vendor talk" aka the iOS security talk: I didn't like the talk since it only listed iOS security features. Also the speaker didn't take questions. 4. All in all a good event.

    Defcon: 1. too many people! 2. I saw three talks by accident, the one I liked was Eddie's NFC Credit Card talk, nice work. 3. too many people!


Both events where to crowed with people I know and like that I didn't get the chance to hangout with everyone. I even missed a few people entirely, could even say hi :-(

Best thing this year was playing at HackCup with the good guys from the Intrepidus Group.

Finally, NinjaTel! How cool is this! See here