...stuff I do and things I like...

Funny story on stealing SIM cards from traffic lights, Schneier has a few nice pointers on the story: here.

Don't Sacrifice Security on Mobile Devices by Chris Palmer (@ EFF) makes a nice read. Spontaneous idea: what about something like hardened android?

A story on mobile phone forensics.

A Android trojan with botnet-like features?

Conferences:

The ShmooCon schedule. The BlackHat DC slides. A few notes to some slides. A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications this is what every serious GSM hacker/security research has in his lab - no rocket science - but nice roundup for noobs and beginners. Exploiting Smart-Phone USB Connectivity For Fun And Profit fun read, good job.

Upcoming events for myself: Mobile World Congress, I'll be there for all four days. Catch me at Hall: 2 Booth: H04 (City of Berlin -> Technische Universitaet Berlin and others)

I've decided to setup a TAC (Type Allocation Code) database for research purposes. I do this because there is no such thing right now. Every TAC database I know is not public and just allows queries instead of just downloading the whole thing to use it with your own software.

My database is available here: www.mulliner.org/tacdb. The database is just a collection of CSV files, to make it really easy to use. Further the database relys on YOUR contribution, so please consider sending new entries.

Right now the database has about ~27K entries. But most of them only contain the TAC, Manufacturer, and the Model name. What I would like to have in addition is the Type of hardware (smartphone,mobile phone, modem, devices, ...), the OS, and the manufacturing date.

I hope this thing enables some new features in projects like osmocom. It will defently help my own research.

Happy new year mobile phone security enthusiasts!

Conferences:

Black Hat DC Itzhak Avraham's talk: Popping Shell on A(ndroid)RM Devices; Rob Havelt, Bruno Goncalves de Oliveira: Hacking the Fast Lane: security issues with 802.11p, DSRC, and WAVE (not directly mobile phones); David Perez, Jose Pico talk about: A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications; Angelos Stavrou, Zhaohui Wang talk on: Exploiting Smart-Phone USB Connectivity For Fun And Profit; Ralf-Philipp Weinmann's talk on: The Baseband Apocalypse (exploiting baseband software)

Shmoocon as a number of talks but sadly no abstracts online. Also I wont be able to attend. Here are some talks that have interesting titles: Defeating mTANs for profit by Axelle Apvrille and Kyle Yang, something about smart phone botnets (the news part of the site gone now).

Bugs:

On Android SMS are intermittently sent to wrong and seemingly random contact. This could go bad. Not a real security bug - but a bad bad fuckup.

Finds:

ClamTXT a service for bombing mobile phones with hundreds of text messages. via Mikko Hypponen

the 27th Chaos Communication Congress (27c3) was awesome altogether. I met all my buddies from around the world and had a great time. This year -- due to the ticketing system -- the congress seemed less crowded, very nice! Talks were still packed but not crazy packed.

Talks:

The keynote by Rob was very nice -- I even saw it again as recording.

Karsten and Sylvain's talk on Wideband GSM sniffing was quite nice - as they combined "Karsten's" A5/1 project with Sylvain's awesome sniffer :)

DJB's talk on High-speed high-security cryptography: encrypting and authenticating the whole Internet was quite entertaining but certainly not new. I saw more or less the same talk at USENIX WOOT'09. Still very awesome of him to come to 27c3!.

Renaud Lifchiz did a great presentation on Android geolocation using GSM network. He explained the whole Android geolocation system in great detail and showed how to recover previous locations of a phone. For me this talk was the best in terms of expectations to delivery!

Ilja van Sprundel gave a talk on hacking smart phones. I must sadly say this was not very good -- sorry Ilja. Many previously known stuff (without citing them).

Bruce Dang and Peter Ferrie did a nice job with their talk Adventures in analyzing Stuxnet.

Thanks again CCC for this nice congress!

Sadly I totally missed out going to berlinsides. I registered and everything but I just didn't make it :-( I especially wanted to see Travis' talk on the IM-ME (I just bought it for that reason).