It is nearly three years since the News of the World voicemail hacking scandal erupted (a case that’s in court right now). The blog and article I wrote at the time are still the most popular posts I’ve written. I was involved in drafting a set of guidelines for network operators which was published very soon after.
So I’ve made a few changes this evening on the blog. You’ll notice a few links above which you can peruse (and there are more to come) and of course, as promised I’m selling the “it’s not f**king phone hacking” t-shirts through the official mobilephonesecurity.org shop. There’ll be more in there soon, but why not treat yourself to a default PIN #hackgate mug? It’s as easy as 1,2,3… (actually I won’t go there).
With the main sessions of Blackhat starting tomorrow morning (Las Vegas time), I’ve posted the mobile-related talks here for those who are interested.
The mobile hacking training course which took place today (I think) was sold out. What has interested me the most is the increase in interest from the security and hacking community in all types of mobile platforms. As you’ll see below, there are really quite a few presentations focussed on mobile. Also, as smartphones become more advanced, a lot of the other presentations not listed here become relevant (for example web application security). I just want to highlight two of the presentations: ‘Aerial Cyber Apocalypse’ which will demonstrate a UAV equipped with WiFi and GSM hacking capabilities (see the picture below) and ‘War Texting: Identifying and Interacting with Devices on the Telephone Network’ which shows attacks on car systems which use SMS to remote control the car. Fun in the sun.
Blackhat USA 2011 (Briefings 3-4th August)
Karsten Nohl + Chris Tarnovsky:
Reviving smart card analysis
Overcoming IOS Data Protection to Re-enable iPhone Forensics
Ravi Borgaonkar + Nico Golde + Kevin Redon:
Femtocells: A poisonous needle in the operator’s hay stack
Richard Perkins + Mike Tassey:
Aerial Cyber Apocalypse: If we can do it… they can too.
Long Le + Thanh Nguyen:
ARM exploitation ROPmap
The Law of Mobile Privacy and Security
Riley Hassell + Shane Macaulay:
Hacking Androids for Profit
Tyler Shields + Anthony Lineberry + Charlie Miller + Chris Wysopal + Dino Dai Zovi + Ralf-Phillipp Weinmann + Nick Depetrillo + Don Bailey:
Owning Your Phone at Every Layer – A Mobile Security Panel
DEFCON19: (4th-7th August)
So, plenty to keep everyone going then! It’ll be interesting to see what the next few weeks bring.