Twitter

Security and Privacy Events at Mobile World Congress 2015

mobilephonesecurity936843331Leave a comment

We’ve listed out some interesting Security and Privacy events from 2015’s Mobile World Congress in Barcelona. This year sees a general shift in topic focus to Software Defined Networking (SDN), Network Function Virtualisation (NFV) and Internet of Things (IoT). Security still isn’t a ‘core’ part of MWC – it doesn’t have a dedicated zone for example on-site, but as it pervades most topics, it gets mentioned at least once in every session!

Sunday 1st March 
1) Copper Horse Mobile Security Dinner
21:00 – Secret Location in Barcelona

Monday 2nd March
1) UKTI Cyber Security in the Mobile World lunchtime series: Securing the Internet of Things
12:00 – 12:40, Hall 7, Stand 7C40

14:00 – 15:30 Hall 4, Auditorium 3

3) Security and IdM on WebRTC
15:00 – 14:00 Spanish Pavilion (Congress Square)

4) Ensuring User-Centred Privacy in a Connected World
16:00 – 17:30 Hall 4, Auditorium 3

Tuesday 3rd March 
1) GSMA Seminar Series at Mobile World Congress: Mobile Connect – Restoring trust in online services by implementing identity solutions that offer convenience and privacy for consumers and enterprises 
09:00 – 12:00 Theatre 1 CC1.1

2) Mobile Security Forum presented by AVG 
11:45 – 14:00 – Hall 8.0 – Theatre District -Theatre D

3) UKTI Cyber Security in the Mobile World lunchtime series: Mobile Cyber Security for Businesses 12:45 – 13:25 Hall 7, Stand 7C40

4) Mobile, Mobility and Cyber Security
17:00 – 21:00 Happy Rock Bar and Grill, 373-385 Gran Via de les Corts Catalanes 08015

5) Wireless and Internet Security B2B Matchmaking Event 
18:30 – 22:00 CTTI Carrer Salvador Espriu, 45-51 08908 L’Hospitalet de Llobregat

Wednesday 4th March 
1) UKTI Cyber Security in the Mobile World lunchtime series: Innovation in Cyber Security: Secure by Default 
11:40 to 12:20 Hall 7, Stand 7C40

2) The Explosion of Imaging 
14:00 – 15:00 Hall 4, Auditorium 5

3) The New Security Challenges: Perspectives from Service Providers
16:30 – 17:30 Hall 4, Auditorium 4

Thursday 5th March 
1) Everything is Connected: Enabling IoT
11:30 – 13:00 Hall 4, Auditorium 2

If you’d like a meet up with the Copper Horse team to talk mobile security, IoT or drones, please drop us an email or tweet us @copperhorseuk. We’ll also be demonstrating our progress on securing IoT in the Picosec project on the NQuiringMinds stand in Hall 7: 7C70.

Picosec Project

Feel free to leave a comment with information on any presentations or events we may have missed and we’ll look to add them.

Note: update 13/02/15 to correct Monday time order and add Quobis event.

How could voicemail insecurity affect your Facebook, Google or Yahoo! account?

mobilephonesecurity936843331Leave a comment

It is nearly three years since the News of the World voicemail hacking scandal erupted (a case that’s in court right now). The blog and article I wrote at the time are still the most popular posts I’ve written. I was involved in drafting a set of guidelines for network operators which was published very soon after.

I was therefore quite surprised when a friend sent me the following link which explains how web application security researcher Shubham Shah managed to use voicemail vulnerabilities within network operators to exploit two-factor authentication (2FA) for some pretty major services (e.g. Google, Yahoo!, LinkedIn and so on). The way that 2FA is setup sometimes is that it will call your mobile number. Obviously an automated system isn’t usually setup to determine if you actually answered the call, so the code can go through to voicemail. And that’s how the attack goal is achieved. If the attacker can get into your voicemail account via a vulnerability in procedures or via CLI (Calling Line Identity) spoofing (i.e. faking your phone number), then they can get access to the rest of your life. Sounds simple and it is.