History of Mobile Security
- The cellular revolution: https://www.youtube.com/watch?v=VZE3OKrHlDM
- Prince Charles on mobile phones: https://www.youtube.com/watch?v=icc2pHEj_xg
- Steve Jobs on Blueboxing: https://www.youtube.com/watch?v=HFURM8O-oYI
The Mobile Industry
- R&TTE Directive: https://ec.europa.eu/enterprise/sectors/rtte/index_en.htm
- EMC Directive: https://ec.europa.eu/enterprise/sectors/electrical/emc/
- OWASP Mobile Security Project: https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
Attacks Against Mobile Devices – The Threat Landscape
- Voicemail hacking and the ‘phone hacking’ scandal – how it worked, questions to be asked and improvements to be made: https://blog.mobilephonesecurity.org/2011/07/voicemail-hacking-and-phone-hacking.html
- Compromising Voice Messaging Systems: http://pdf.textfiles.com/academics/compromising_voice_messaging.pdf
- Attacking NFC Mobile Phones, Collin Mulliner, EUSecWest, 2008: https://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf
Wireless Bearer Security
- Algorithms: http://www.gsma.com/technicalprojects/fraud-security/security-algorithms/
- OpenBSC: https://openbsc.osmocom.org/trac/
- OpenBTS: http://openbts.sourceforge.net/
- SAE/LTE security
– TS 33.401: Security Architecture for LTE
– TS 33.402: Security aspects of non-3GPP accesses
– TS 33.102: Includes backhaul issues
- Home (e)NB security
– TR 33.820: Study on Security of Home (e) Node B (informative)
– TS 33.320: Security Aspects of Home (e) NodeB (normative)
- Comp-128-1 cloning http://www.isaac.cs.berkeley.edu/isaac/gsm-faq.html
Application Security, Signing and App Store Security
- Apple in-app purchase hack fixed: https://www.zdnet.com/apple-adds-unique-identifiers-to-fight-ios-in-app-purchase-hack-7000001162/
- Dissecting the Android Bouncer: https://jon.oberheide.org/files/summercon12-bouncer.pdf
- Challenges for Dynamic Analysis of iOS Applications: https://iseclab.org/papers/iphone-dynamic.pdf
- Wholesale Applications Community: https://www.wacapps.net/
Native Applications, Platforms and Mobile Web Application Security
- Apple: https://images.apple.com/iphone/business/docs/iOS_Security_May12.pdfhttp://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Introduction.html
- Android: http://developer.android.com/guide/topics/security/security.html
- Firefox OS security model: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model
- BlueVia: https://bluevia.com/en/
- WAC Billing API: https://www.wacapps.net/payment-api
Software Development and Product Security Management for Mobile
- SAFEcode forum: https://www.safecode.org/index.php
- DexGuard: https://www.saikoa.com/dexguard
- Android apps leak personal details article: https://www.bbc.co.uk/news/technology-20025973
- The Developer is the Enemy: https://people.scs.carleton.ca/~paulv/papers/nspw08gw.pdf
- Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security: https://www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf
- The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software: https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
- Android Secure Codi
ng Guide: http://developer.android.com/guide/practices/security.html
Mobile Malware
- North Carolina State University, Android Malware Genome Project: https://www.malgenomeproject.org/
- What next for mobile security companies? https://www.guardian.co.uk/media-network/media-network-blog/2012/feb/29/mobile-security-droiddream-fear-uncertainty
- F-Secure analysis of hidden data within application: https://www.f-secure.com/weblog/archives/00002305.html
- RuFraud: https://www.theregister.co.uk/2012/05/24/angry_birds_sms_scam_firm_fined/
- MAAWG analysis of ggtracker: https://2011.cert.org.cn/slides/23.pdf
- Analysing Android malware: https://www.fortiguard.com/sites/default/files/hashdays.pdf
Building Trust in Mobile Devices – Hardware Security
- TR 33.820 (release 8), 3GPP, December 2008: https://www.3gpp.org/ftp/Specs/archive/33_series/33.820/
- TS 33.320 (release 11), 3GPP, June 2011: https://www.3gpp.org/ftp/specs/archive/33_series/33.320/
- Advanced Trusted Environment: OMTP TR1, OMTP, updated May 2009: https://www.omtp.org/Publications/Display.aspx?Id=3531a022-c606-42ad-bf02-4c8d10dc253e#
- Trusted Environment: OMTP TR0, OMTP, updated May 2009: https://www.omtp.org/Publications/Display.aspx?Id=4e5c11e5-4779-4775-ac5a-cfad53f6aa36#
- Security Threats on Embedded Consumer Devices, OMTP, updated May 2009: https://www.omtp.org/Publications/Display.aspx?Id=57664db6-5feb-4476-ab0c-cf2891732a0c#
- Trusted Computing Group work: https://www.trustedcomputinggroup.org/developers/mobile
- OpenBSC: https://openbsc.osmocom.org/trac/
- OpenBTS: https://openbts.sourceforge.net/
Mobile Handset Forensics
- Mobile leave no hiding places: https://www.guardian.co.uk/uk/2004/aug/15/ukcrime.mobilephones
Privacy, Child Protection and Workplace Policies
- Vodafone Privacy Guidelines: https://developer.vodafone.com/develop-apps/privacy/
- GSMA Privacy Guidelines: http://www.gsma.com/publicpolicy/mobile-and-privacy/
Mobile Phone Theft
- Immobilise: https://www.immobilise.com
- Mobile Phone (Re-programming) Act 2002: https://www.legislation.gov.uk/ukpga/2002/31/contents
- NMPCU: https://www.met.police.uk/mobilephone/
- MICAF: https://www.micaf.co.uk/home.asp
- 9 Principles: https://www.gsma.com/publicpolicy/wp-content/uploads/2012/10/Security-Principles-Related-to-Handset-Theft-3.0.0.pdf
Incident Handling and Responsible Disclosure
- Organization for Internet Safety, Guidelines for Security Vulnerability Reporting and Response: http://www.symantec.com/security/OIS_Guidelines%20for%20responsible%20disclosure.pdf
- Full Disclosure list example: https://lists.grok.org.uk/full-disclosure-charter.html
- Microsoft Disclosure Policy: https://www.microsoft.com/security/msrc/report/disclosure.aspx
- RFPolicy (Full Disclosure): http://www.wiretrip.net/p/libwhisker.html
- Google Vulnerability Reward Programme: https://www.google.com/about/company/rewardprogram.html
- Facebook Security Bug Bounty Scheme: https://www.facebook.com/whitehat/bounty/
Cyber Security for Mobile
- UK Cyber Security Strategy: https://www.cabinetoffice.gov.uk/resource-library/cyber-security-strategy
- USSD attack: https://blog.mobilephonesecurity.org/2012/09/samsung-galaxy-siii-data-wiping-on.html