...stuff I do and things I like...

The BlackBerry pwnage seems to cause some trouble as RIM seems to not tell the truth (1 2) in their advisory. Lets see what happens here.

Finally the first Android mod with encrypted storage was released by Whisper Systems. This is really really cool. Now they just need to support more Android devices besides the Nexus S. But moxie told me they are adding support for more soon :-)

For those of you interested in NFC there are two interesting papers from this years NFC Conference 1) Security Vulnerabilities of the NDEF Signature Record Type 2) Practical Attacks on NFC Enabled Cell Phones.

CanSec was a blast. I had a real good time. Meeting people I only knew by email and seeing people I only see at cons :-)

Pwn2Own was quite interesting for mobile security folks like me. First, finally BlackBerry was pwnd and this was really hard work since there is no SDK and/or debugger available for BlackBerry (the Java stuff does not count). ZDNet has a longer article on the case. Second, no body was able to pwn Android and Windows Phone 7 - which is quite interesting to. Third, the iPhone (pre 4.3) was pwnd once again.



All in all the talks were quite good and mostly interesting. A collection of reviews on the various talks are here: day I day II day III by talk

March looks busy for mobile security people ;-)

Android Malware becomes serious: The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor. This malware contains a root exploit. Yea, after you install the APK it roots your device.

Interesting papers (from ACM Hotmobile 2011)

MockDroid: trading privacy for application functionality on smart phones It shows a really interesting Android modification where one can selectively fake/mock unavailability of resources such as GPS or network to individual apps.

Mobile Token-Based Authentication on a Budget this is about using a cheap token to authenticate to your smart phone (using the digital compass).

Very brief update, but I'm quite busy at the moment.

News:

Android Trojan found in alternative app markets

ZeuS in the Mobile is back (Man-in-the-Mobile now for Windows Mobile)

Conferences:

LEET'11 has two interesting papers on mobile malware: Why Mobile-to-Mobile Wireless Malware Won't Cause a Storm and Andbot: Towards Advanced Mobile Botnets. I'm looking forward to actually read them.