...stuff I do and things I like...

SecurStar did it again in 2006 there was RexSpy and in 2010 we have this mobile phone crypto comparison. But the knowledgeable community is big enough to identify and point out this kind of advertising/scam fast enough.

Conferences, the only interesting talk I found is: iPhone Privacy by Nicolas Seriot at Black Hat DC this week.

In other news, I still need a Nexus One. It is still not available to buy out side of the US. *ARG*

Updated (Feb 2nd):

Something from a few days ago: iPhone PKI handling flaws

I have been busy as hell from mid December to now, this was due to the Chaos Communication Congress (26C3), the fact that I turned 30, and some work stuff. I guess I have missed some interesting stuff in this time. So once again if you have interesting things on mobile security tell me!

Conferences, ShmooCon taks place in February (I always wanted to go - still haven't made it). The New World of Smartphone Security - What Your iPhone Disclosed About You by Trevor Hawthorn. Karsten is doing his GSM: srsly talk again. Bluetooth Keyboards: Who Owns Your Keystrokes? by Michael Ossmann, for some time I did a lot with Bluetooth keyboards so I would really like to see what they show here - especially since Michael Ossmann is one of the guys who really knows about Bluetooth. honeyM: A Framework For Virtual Mobile Device Honeyclients by whole bunch of Military guys (SCNR). Blackberry Mobile Spyware - The Monkey Steals the Berries by Tyler Shields. So it really looks like ShmooCon has some mobile security content this year.

Random news:

Android Phishing app in the Market

Study of BlackBerry Proof-of-Concept Malicious Applications

Fun find:

Abhoersichers Handy (Anti eavesdropping Mobile Phone) apparently this should cost 4800 Euros. The screen shots look interesting. If anyone has any details on this device please tell me.

This is for educational purposes only! I just did this to get it working not for abusing the Kindle's Internet capabilities.

First enable USB networking, if you have firmware 2.3 than see my older post here. Now you can login to your Kindle 2 via SSH.

Copy tcpdump to your Kindle 2. Login to the Kindle and run tcpdump -nAi ppp0 -s0 than browse the web using your Kindle's web browser. Search the output of tcpdump for the x-fsn header. The x-fsn header seems to be used for authenticating to the Kindle HTTP proxy (fints-g7g.amazon.com).

HTTP header as sent to the proxy by the Kindle's browser (NetFront):

GET http://www.heise.de HTTP/1.1
Accept: image/png, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Host: www.heise.de
User-Agent: Mozilla/4.0 (compatible; Linux 2.6.22) NetFront/3.4 Kindle/2.3 (screen 600x800; rotate)
Proxy-Connection: Keep-Alive
Accept-Encoding: deflate, gzip
x-fsn: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
x-appNamespace: WEB_BROWSER
x-appId: Kindle_2.2

Install the Modify Headers Firefox plugin. The plugin allows to add arbitrary HTTP headers to Firefox. Now add the x-fsn header with the value observed through looking at your own traffic.

Finally login and port forward a local port on your computer to Amazon's Kindle proxy (fints-g7g.amazon.com = 8099:72.21.210.242). Do this via: ssh -L 8099:72.21.210.242:80 root@192.168.2.2. Now configure a HTTP proxy in your Firefox preferences (127.0.0.1 at 8099).

Now you should be able to browse the web using your Kindle's 3G connecting. Of course you shouldn't do this regularly, just once for the fun.

Today I've done some hacking on my Kindle 2. I have done this and that nothing really cool yet. The first thing I needed to do was to re-enable USB networking since this is disabled in 2.3. The link below enables SSH and telnet on the 2.3 firmware. The second link is a presentation from OSCON, the interesting things are the infos about the framebuffer and the keyboard. Have fun!

Re-enable usbNetwork on Kindle 2 firmware 2.3 usbnetwork23-0.10.tar.gz

Hacking your Kindle a talk from OSCON.

very short update...

SRI published an analysis of Ikee.B here: www.csl.sri.com/users/porras/iPhone-Bot.

I wrote about this stuff about a year ago here ;-)

so I was quite busy with various projects therefore this update is really really late.

The most interesting thing that happened recently was the jailbroken iPhone SSH fuck up. See: 1 and 2. There are many other stories on this all over the net, also by now this is kind of old. The interesting thing actually is that I investigated this jailbroken iPhone SSH problem in August of this year. Including a nice statistic and some measurement. I'm planning to show this stuff together with some other work at some conference (academic and hacker) next year (talks/papers are submitted).

Conferences, I attended DeepSec in mid November, this was great fun. Including some good mobile phone security talks. At the upcoming 26C3 there will also be a bunch of talks on mobile phone security. Location tracking does scale up, GSM: SRSLY?, Playing with the GSM RF Interface, Using OpenBSC for fuzzing of GSM handsets, and SCCP hacking, attacking the SS7 & SIGTRAN applications one step further and mapping the phone system.

I actually planed to not attend 26C3 because last year kind of sucked, especially because there were way too many people. So this year I will go to some talks but not hangout at the conference. If you want to hangout during CCC give me a call or write me an email. Although my talk on SMS fuzzing was rejected I recently was asked if I would do it if they find a spot in the schedule. Of course, I would do it.

Recent papers: iPhonePrivacy.pdf shows some privacy issue with the iPhone platform. Nothing really surprising, but a good read.

I know I missed several things in this post but I kind of have info overkill in the last weeks. Please send me hints hints hints!!!

I was busy as hell the last couple of weeks and therefore I missed updating my mobile security news as well as answering many emails. I'm slowly catching up so if you haven't heard from me in the last weeks please be patient or better write me again.