...stuff I do and things I like...

So since I have decided to use Flattr I also decided to put my own Thing for Mobile Security News on Flattr.

At T2 Nils talks about some WebOS and Android vulns this should be quite interesting since he likely will cover the bugs he recently found. T2 is really one of the European cons I want to go to, very high priority! Especially since I can't go to SEC-T this year. hacking the RKF ticket system and How to stay invisible (while still using cellphones) sounds quite interesting.

The BruCON schedule looks quite interesting. GSM Security: Fact and Fiction NFC Malicious Content sharing, the abstract sounds like something I've done some years ago - I wonder what kind of new stuff they found. The Monkey Steals the Berries: The State of Mobile Security So BruCON actually looks quite good, another CON I need to go to at some point.

At SecTor there seems to be a single mobile talk: Black Berry Security FUD Free.

Thats it for August as far as I can see.

Update: I totallty forgot DeepSec. This year it seems like a mobile only security conference. Talks are: Pentesting Internet Handheld Devices Debugging GSM Targeted DOS Attack and various fun with GSM Um Mobile VoIP Steganography: From Framework to Implementation Mobile privacy: Tor on the iPhone and other unusual devices OsmocomBB: A tool for GSM protocol level security analysis of GSM networks Malicious applications for Smartphones All your baseband are belong to us Android: Reverse Engineering and Forensics LTE Radio Interface structure and its security mechanism

In a couple of days I'm travelling to Darmstadt to attend the CAST-Workshop on Embedded Security to talk about our embedded systems security lab.

So the PalmPre seems to have a small problem with vCards? Pwn20wn Nils found a nice little bug that seems to be exploitable. Nice find!

Then we got the first Android trojan that sends premium SMS messages. Jon did a nice decode of the trojan over here.

Since this is now on a public website I want to mention it once: Decrypting GSM phone calls by Karsten and other from the Security Research Labs (Berlin)

So I survived Black Hat and Defcon, it was great fun, f**ing expensive and totally exhausting but totally worth it. Saw a bunch of talks at Black Hat some of which where cool stuff but others sadly where not worth it. Defcon was way too crowded. 12K people I was told. Therefore I couldn't attend any talk :-( Talking to cool (new) people made up for it.

Now I'm at Stanford for a couple of days. Many things planed but ping me if you want to chat.

A short overview of the talk How to stay invisible (still using cellphones) from PlumberCon. No slides unfortunately.

Some Vulnerable setuid binaries on 4G and HTC Hero (Android phones).

Latest version of Hijacking Mobile Data Connections from the Mobile Security Lab guys this time with iPhone and Android. This was shown at HITB Amsterdam.

The final schedule for Defcon is out - with a few more talks that should be interesting for us mobile guys. Also I kind of forgot to post some stuff because of my feature phone rant.

Defcon talks: These Aren't the Permissions You're Looking For by some guys from Lookout. This is about Android security. App Attack: Surviving the Mobile Application Explosion by the CXO guys from Lookout.

Unrelated by cool: Advanced Format String Attacks by Paul Haas who was an undergrad student in the RSL at UCSB while I was there, nice!

Android vs. Jon Oberheide :)

Jon recently did a few cool things with Android. His slides from SummerCon 2010. Two interesting blog posts about Remote Kill and Install possibilities on Android and some insides on the GTalkService Connection that is always active between your Android phone and Google. Nice reads!

PS: I organized that I will be able to attend Black Hat :-) So I will get the full Vegas experience once again.