Monday, December 07 2009
so I was quite busy with various projects therefore this update
is really really late.
The most interesting thing that happened recently was the
jailbroken iPhone SSH fuck up. See: 1 and 2. There are many other stories on this all over the net, also
by now this is kind of old. The interesting thing actually is that I investigated
this jailbroken iPhone SSH problem in August of this year. Including a nice statistic and some measurement. I'm planning to show this stuff together with
some other work at some conference (academic and hacker) next year (talks/papers are submitted).
Conferences, I attended DeepSec in mid November, this was great fun. Including some good mobile phone security talks. At the upcoming 26C3 there will also be a bunch of talks on mobile phone security. Location tracking does scale up, GSM: SRSLY?, Playing with the GSM RF Interface, Using OpenBSC for fuzzing of GSM handsets, and SCCP hacking, attacking the SS7 & SIGTRAN applications one step further and mapping the phone system.
I actually planed to not attend 26C3 because last year kind of sucked, especially because there were way too many people. So this year I will go to some talks but not hangout at the conference. If you want to hangout during CCC give me a call or write me an email. Although my talk on SMS fuzzing was rejected I recently was asked if I would do it if they find a spot in the schedule. Of course, I would do it.
Recent papers: iPhonePrivacy.pdf shows some privacy issue with the iPhone platform. Nothing really surprising, but a good read.
I know I missed several things in this post but I kind of have info overkill in the last weeks. Please send me hints hints hints!!!