Mobile Security Research
My mobile security research section. This mainly covers PDA, mobile- and smart-phone security.
NOT Bluetooth, WiFi or GSM/3G low-level stuff, since this is covered by others in great
detail.
Feel free to send additions and/or updates to collin-mobilesecurity
mulliner.org
Resources
Mikko Hypponen (F-Secure) on Mobile Malware HITB 2005
Overview of Mobile Malware, how and why it works. Also checkout the video taken from the talk its
very good.
Joe Grand on Mobile Insecurity BlackHat Europe 2004
Very general overview of security problems and specific device vulnerabilities.
SMS Security by Job de Haas HALL 2001
Overview of mobile phone, sms and wap security.
Phenoelit on Embedded Device Security CCC Camp 2003
J2ME bugs on the Siemens S55 and some other interesting stuff.
Phenoelit on Embedded Device Security DEFCON11 2003
GPRS and a little WAP security. Siemens S55 J2ME.
Marko Laakso, Mikko Varpiola on mobile telecommunication/device security AusCERT 2002
Mobile Telecommunication security overview and problem description.
Mayagmar, Gupta 3G Security UIUC 2001
3G Security overview. More at: uiuc.edu.
PocketPC Abuse by Seth Fogie BlackHat 2004
PocketPC security in general, backdoors, DoS, exploits. Some additional stuff.
Symbian Security by Job de Haas BlackHat Amsterdam 2005
Symbian security overview, especial v9.
PDA OS Security: Application execution by Jukka Ahonen 2001
Covers PalmOS, Symbian and PocketPC.
Forensic Examination of a BlackBerry by Michael Burnette 2002
First BlackBerry security paper (as far as I know!)
My PocketPC security stuff and link collection
Since 2004 many people including myself have started to look deeper into WinCE/PocketPC
security and exploitation, therefore there is a special section dedicated to this.
Phenoelit on BlackBerry Security BlackHat Europe 2006 (first shown at: 22c3 2005)
Talk was very good and showed various security issues of the BlackBerry
system.
Umbrella, security for consumer electronics Master Thesis 2005
Security framework for embedded Linux devices (familiar linux). Master Thesis 2005.
Developing StrongARM/Linux shellcode by funkysh Phrack 2001
Shellcode for Linux on ARM/StrongARM.
PalmOS forensics by Richard P. Mislan 2004?
GPRS Security by Ollie Whitehouse/@stake 2002
GPRS Wireless Security: Not ready for prime time.
PDD Palm Forensics by Joe Grand 2002
Digital forensics on PalmOS, memory dumping etc.
Attacks and Counter Measures in 2.5G and 3G Cellular IP Networks by Ollie Whitehouse and Graham Murphy 2004
Attacks and Counter Measures in 2.5G and 3G Cellular IP Networks.
Proceedings of 3rd International Workshop in Wireless Technology Security 2005
A number of interesting papers.
GPRS Overbilling attack using unclosed connections by Eric Gauthier 2003
WinCE/PocketPC virus WinCE4.Dust article by informIT 2004
Some information about the first WinCE/PocketPC virus WinCE4.Dust.
Introduction to Embedded Security by Joe Grand BlackHat 2004
Mostly hardware related, still interesting.
Security Comparison of mobile OSs by Arto Kettula 2000
Covers EPOC, PalmOS, WinCE and Linux.
Security in Mobile Communications: Challenges and Opportunities by Josang and Sanderud 2003
Security in Mobile Communications: Challenges and Opportunities
Authenticating Users on Handheld Devices by Wayne A. Jansen/NIST 2003
About authentication mechanisms for handheld devices.
Combatting Symbian Malware by Jarno Niemelä/F-Secure 2006
Exploiting Embedded Systems by Barnaby Jack BlackHat 2006
Analyzing and hacking embedded devices (ARM). Includes reverse engineering,
shellcode.
Cellular Phone Viruses Paul Haas 2005
Proof-of-Concept Symbian worm, SMS security. Example code.
Exploiting Open Functionality in SMS-Capable Cellular Networks William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta, September 2005
Security in Mobile Communications: Challenges and Opportunities Audun Jøsang and Gunnar Sanderud, 2003
Keywords: Security, usability, heterogeneous networks, mobile devices
Porting NSA Security Enhanced Linux to Hand-held devices Russel Coker, 2003
Porting NSA Security Enhanced Linux to Hand-held device. Porting to Familiar-Linux.
Using Labeling to Prevent Cross-Service Attacks Against Smart Phones (paper) slides Collin Mulliner et al., July 2006 Berlin Germany
Introduction to Cross-Service Attacks, e.g. attack application using wireless lan to access GSM. The
presented system shows a method to prevent this kind of attacks via resource labeling. Also shows
Proof-of-Concept attack against PocketPC-based Smart Phones.
Security of Smart Phones Master's Thesis Collin Mulliner, June 2006
Examples cover PocketPC-based smart phones.
Vulnerability Analysis of MMS User Agents C. Mulliner and G. Vigna, In Proceedings of the Annual Computer Security Applications Conference (ACSAC), IEEE Press, Miami, FL, December 2006.
Example covers PocketPC-based smart phone.
Vorraussetzungen fuer die Entwicklung von Malware unter Windows Mobile 5.0 Boris Michael Leidner Feb. 2007 (Diploma Thesis)
German Diploma Thesis on the basis of malware development for Windows Mobile 5.0. Good read on WinCE 5.0 security.
Exploiting MMS Vulnerabilities to Stealthily
Exhaust Mobile Phone's Battery Radmilo Racic, Denys Ma, Hao Chen 2006
Kernel-Level Interception and Applications on Mobile Devices Michael Becher and Ralf Hund (26th of May 2008)
Detailed tech. report that covers WindowsCE / Window Mobile.
Commercial Information
The Future of Mobile Security - Here Today McAfee 2006
Executive Summary of Mobile Security
updated:
Thu May 29 15:28:43 CEST 2008
-[ Home ]-[ Weblog ]-[ Bluetooth ]-[ Windows Mobile ]-[ Symbian ]-[ PalmOS ]-[ J2ME ]-[ Maemo ]-[ Security ]-[ iPhone ]-[ Android ]-[ NFC ]-[ Contact ]-
