Monday, August 20 2012
More conferences!
DeepSec taking place end of November in Vienna has published their
schedule. They have a number of mobile talks as usual but unfortunately they also have THE one talk
that every conference has this year :-( The talks are: Introducing the Smartphone Pentesting Framework
Georgia Weidman (Bulb Security LLC), Pentesting iOS Apps - Runtime Analysis and Manipulation
Andreas Kurtz (NESO Security Labs / University of Erlangen-Nuremberg), Hacking the NFC credit cards for fun and debit ;)
Renaud Lifchitz (BT (formerly known as British Telecom)), The Security (or Insecurity) of 3rd Party iOS Applications
Ilja van Sprundel (IOActive, Inc.).
EuSecWest happening in late September in Amsterdam. Dragos always had
this love for mobile security and this year he is showing this at EuSec. Basically EuSec is a mobile
security event this year, especially because of the mobile pwn2own! Talks so far: Mapping and Evolution of Android Permissions - Andrew Reiter & Zach Lanier, APK Infection on Android - Robert McArdle & Bob Pan, NFC For Free Rides and Rooms (on your phone) - Corey Benninger & Max Sobell, Using HTTP headers pollution for mobile networks attacks - Bogdan Alecu , iOS Application Auditing - Julien Bachmann.
Hack.LU in October also has a mobile talk. Benedikt Driessen -Satellite phone - an analysis of the GMR-1 and GMR-2 standards.
Hack in The Box Malaysia seems to have a bunch of mobile stuff. But their conference website is so ugly that it is hard to find details :-(
SEC-T takes place in September in Stockholm - one of my favorit cons!. So far they have: Dead Addict - Mobile PKI UX: the state of shit, Torbjörn Lofterud - iPhone raw NAND recovery and forensics.
T2 does not seem to have any mobile stuff this year.
More upcoming CFPs should include ToorCon in San Diego but sadly it overlaps with BreakPoint. I would really like to
go to ToorCon once.
It looks like I will come to NYC in November to give a talk at an event at NY-Poly. It is also likely
that I will come to SF early in December.
News:
By now I arrived in Boston and started working at my new job at Northeastern University. So far I haven't done much in the city. I'm still looking for an apartment so if you have good pointers shoot me an email.
Tuesday, August 07 2012
This really is the first update since May, wow I have been really busy.
Conferences:
Toorcamp (takes place as you read) has a few interesting talks on Android. I originally planed to go but didn't have time, very said about it :-(
Nordic Security Conference is a new event that takes place end of August. Nordic Sec seems to be a very mixed conference but they have some mobile related talks.
BruCON at the end of September is one of those cons I always wanted to attend once, never made it. They also have just a few mobile related talks. Mobile talks seem to overlap with Nordic Sec :-(
BreakPoint is also a new event taking place in Melbourne, Australia. This event will have more then a few mobile talks due to the people who are scheduled to speak there. Including myself ;-)
Source Seattle has a mobile talk.
Open CFPs: 29c3 this year in Hamburg not Berlin, a real bummer. hashdays in Lucerne, Switzerland.
General News:
Zeus now supports Black Berry in addition to WinMo, Android, and Symbian.
This is really interesting. I was working on countermeasures against this threat
with two of my co-workers at SecT in Berlin. Hopefully our paper gets accepted. I really hope we can
help to defend against this threat.
Personal news: I will move to Boston, MA in August to work as a Postdoctoral researcher at Northeastern University. I will continue doing mostly mobile security related work. Please ping me if you are doing similar work and are in the area. It seems like I know a bunch of people but don't actually know where they live.
I hope from now one to continue my biweekly mobile security news update.
Wednesday, August 01 2012
Once again I attended Black Hat USA and Defcon.
This year I was actually speaking at Black Hat again. My talk
Probing Mobile Operator Networks was received well as what I
understood from the feedback. The slides can be downloaded from
my project web page. I'm
planning a follow up project to extend my work for an academic research
paper.
Some personal comments.
Black Hat: 1. I really liked
the track idea, putting related talks into one room. I basically staid
in my room "Mobile" for the whole day. 2. The new room layout of
Black Hat was good and bad. Moving the vendor area into the back was
an good move. Also for some reason the new layout made it impossible
to meet people randomly (as confirmed by some people I actually met).
3. The "vendor talk" aka the iOS security talk: I didn't like the
talk since it only listed iOS security features. Also the speaker
didn't take questions. 4. All in all a good event.
Defcon: 1. too many people! 2. I saw three talks by accident, the one
I liked was Eddie's NFC Credit Card talk, nice work. 3. too many people!
Both events where to crowed with people I know and like that I didn't get
the chance to hangout with everyone. I even missed a few people entirely,
could even say hi :-(
Best thing this year was playing at HackCup with the good guys
from the Intrepidus Group.
Finally, NinjaTel! How cool is this! See here