Thursday, December 30, 2010

Notes from 27th Chaos Communications Congress

From McAfee blog:
The 27th Chaos Communications Congress (27C3), a computer security conference held in Berlin, has offered several good mobile and embedded security talks in the past few days. SMS-based vulnerabilities, vulnerabilities in mobile phone radios, and laptop rootkits that infect peripheral chips instead of the main CPU were among some of the new research presented.
[...]

Collin Mulliner and Nico Golde demonstrate maliciously crafted SMS message attacks against a collection of feature phones.
[...]

Ilja van Sprundel describes how to reliably identify mobile phone OS versions using a maliciously crafted MMS message and a web server.

[...]

Ralf-Philipp Weinmann explains the process he used to discover vulnerabilities in the code running on Baseband processors.

[...]
The conference continues
The Chaos Communications Congress is an annual event that ends the year with a lot of good research and food for thought. 27C3 ends this Thursday, but the talks I’ve cited, or any others you might be interested in, will be available online soon
at No comments:

Monday, December 13, 2010

"‘Antid0te’ Coming to Boost Security for Jailbroken iPhones"

From McAfee blog:
"Jailbreaking your iOS device used to simply be about gaining some freedom–getting root access, installing native apps, and adding or modifying themes. The worst that could happen would be running into a slightly malicious installation package. Then we met the OSX/RRoll family of worms that actively went after jailbroken devices. Part of the risk came from insecure defaults and reduced security caused by the jailbreaking process.

The entire insecurity situation is about to change with the release of the new security tool Antid0te. Created by security researcher Stefan Esser, the Antid0te adds Address Space Layout Randomization (ASLR) to jailbroken iOS devices.  Esser will present the technical background for Antid0te on Tuesday at the Power of Community conference (POC 2010) in Seoul, South Korea."
[...]
"The initial release of Antidote is scheduled for December 24, but Esser is not stopping with adding ASLR to jailbroken iOS devices. In upcoming releases, Antid0te will also re-enable code signing and other protections. With these changes we will eventually see an overall increase in the security of jailbroken iOS devices–resulting in their becoming as secure as, if not more so than, stock iOS devices."
at No comments:
Subscribe to: Posts (Atom)

Auto "Kill Switch", solving the wrong problem?

Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...