Collin R. Mulliner

November 2024
Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

November 2024

Sun

Mon

Tue

Wed

Thu

Fri

Sat

CanSecWest is just over - it was a real nice conference and I'm looking forward to come here again.

The slides for my talk Random tales of a mobile phone hacker are available here. The most interesting part should be my mobile phone HTTP header logging and analysis. See also this story.

I've put up a test page where you can check if your operator leaks your private data such as your mobile phone number (MSISDN), IMSI (SIM card ID), or IMEI (phone hardware ID). The test page is here: www.mulliner.org/pc.cgi. I promise that I don't log any data when visiting this page.

02:02 | /security | comments | permanent link | Imprint/Disclaimer

Two stories I want to comment on:

FatSkunk software-based attestation as a solution to mobile malware. Article by the German Technology Review. They promise a lot. I don't think this will work as advertised (I haven't seen this at work - also I can't really find a paper about it).

Smartphone Weather App Builds A Mobile Botnet. So these guys created a classic trojan application (does something very simple and useful but has a malicious part too). Of course people will download the application from some trusted website - nothing to wonder about.

Just found another mobile security talk that will be held at CanSecWest: Stuff we don't want on our Phones: On mobile spyware and PUPs - Jimmy Shah, McAfee, Inc

Update March 9th:
I forgot the Hack-in-the-Box conference in April in Dubai. They have two mobile security related talks: Base Jumping: Attacking GSM Base Stations and Mobile Phone Basebands by the Grugq and Open Sesame: Examining Android Code with undx2 by Marc Schoenefeld.

12:33 | /security | comments | permanent link | Imprint/Disclaimer

...stuff I do and things I like...

Random Tales of a Mobile Phone Hacker

Mobile Security News March 2010