Wednesday, April 28 2010
Confidence in Krakow has
a few interesting talks. Especially the GSM/Cell Networks and telephony security by Don Bailey and Nick DePetrillo - this should be the stuff from
SourceBoston. Android Reverse Engineering - Workshop by Jesse Burns. Mobile attacks and preventions - how security will change the mobile market by Tam Hanna. And The Four Horsemen - Malware for mobile by Axelle Apvrille.
I'm seriously considering going there.
Friday, April 23 2010
while going through my morning RSS feeds I stumbled across this simple but cool SMS-based attacks
against WebOS (Palm's PRE). The attacks are
based on simple SMS text messages that contain iframes. The bugs where
found in WebOS 1.3.5 and are fixed in the current version. Read the full details
on the blog of /intrepidus group the researchers who found these bugs. I especially like
the phone dialing stuff where they inject so-call GSM codes in order to switch of the GSM radio. Nice. Too bad I was a little behind with WebOS :-(
Conferences: SourceBoston 2010: Attacking WebOS by Chris Clark and Blackberry Mobile Spyware - The Monkey Steals the Berries (Part Deux) by Tyler Shields.
As usual I call for hints and tips on interesting papers/slides/website on mobile security.
Update:
There seems to be another mobile security related talk at SourceBoston. We Found Carmen San Diego by Don Bailey, iSec Partners & Nick DePetrillo. Reading the abstract this looks like Locating Mobile Phones using Signalling System #7 by Tobias Engel at 25C3 in 2008. He also didn't have direct access to SS7 but used a web-based interface to some parts of SS7.
Update 2:
I just got an email from Michael he discovered that WindowsMobile 6.5 is also vulnerable to
SMS messages that contain HTML and JavaScript. He posted a small advisory yesterday after reading
about the Palm Pre stuff. His advisory is here: XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp.
Friday, April 09 2010
I got an iPad yesterday and played with it all day and night. Here my mini
review.
First, because I live in Germany I can not use my normal AppStore
account right now since the iPad is not officially soled here in Germany
and therefore access is blocked for me. Easy solution is to create a
US AppleID and use the US AppStore. No big problem just a pain in the ass.
The first thing I tried even before creating a US AppleID was the web browser
and the PDF viewer's quality. As reported by other people both are quite good. Web browsing is way more fun then on the laptop. This is just browsing not working or researching something on the net. Safari on the iPad is HTML-5 capable which is really cool. Also more media-heavy sites need to support HTML-5.
Google maps is also really fun on the iPad. Just putting the iPad on a table and pan around is really impressive (I know - no magic here - just a fast CPU).
The iPad AppStore is still pretty weak. A few good apps exist but most of them actually cost money. The comic book stuff looks real good. Also I'm not a big
Marvel fan. The ABC app looks super awesome but since I live in Germany I can't
use it to watch TV shows (I guess I have to get a tunnel to the US to try it).
Finally a small list of stuff I want for the iPad:
- jailbreak - to install what ever I want
- Stand alone PDF viewer - where I can add notes (I would pay for this)
- The browser should NOT advertise itself as a mobile browser. Many sites disable some functionality because of this