...stuff I do and things I like...

Conferences

Kiwicon (going down right now) Wellington, NZ. MitMing GSM with criminal intent by William "AmmonRa" Turner

31C3 Hamburg, Germany. (In)Security of Mobile Banking by Paul Irolla and Eric Filiol; Mobile self-defense by Karsten Nohl; osmo-gmr: What's new? by tnt; SS7: Locate. Track. Manipulate. by Tobias Engel; SS7map : mapping vulnerability of the international mobile roaming infrastructure by Laurent Ghigonis and Alexandre De Oliveira; Unlocking the bootloader of the BlackBerry 9900 by Alex

ShmooCon Washington D.C., Tap On, Tap Off: Onscreen Keyboards and Mobile Password Entry by Kristen K. Greene, Joshua Franklin, and John Kelsey (not all talks posted yet).

31C3 has an impressive number of good mobile security related talks, in addition to a lot of other good looking security talks. This will be good!

We recently finished a research project on end-to-end encryption for mobile messaging apps. The idea was to have a universal "plugin" that encrypts messages before they are handed over to the messaging app. This way you can use any messaging app with the add-on of end-to-end encryption (providing the other end has the same tool installed too). The result was BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications a joint project with my co-researchers and interns at NEU SecLab. The paper is going to be published in January 2015. A pre-print is available here: BabelCrypt.


News / Links

OnlineStatusMonitor is a project that monitored online status of random users of WhatsApp messenger. They show that you can learn a lot about user behavior by just monitoring their online status.

Android Census Vlad updated his Android Census

DynamoRio is working on an ARM port.

OpenBump LG bootloader backdoor to boot unsigned images.

Smartphones (Android) with pre-loaded malware but only on cheap clones

Word on the street is that all the cool kids are getting pagers again!