44% Of Used Phones Contain Sensitive Data

In a recent study, researchers were able to garnish all kinds of sensitive data from second hand mobile devices.  Of the units tested, 44% contained information such as salary details, bank account information, business plans, personal medical details, personal insults, and address book data.  Next time you get a used device, take a good look around. You never know what you may find.

[via Zero Day]

22C3 Day 10 And 11 Round Up

bb
Now that the CCC is over, we finally dug ourselves out of a ginormous pile of cables (Kabelsalat ist gesund!) to bring you this round up post about the best stuff from the last two days of the con.

First up on day 10 was I See Airplanes!, Eric Blossom’s excellent speech on creating hardware for making homebrew radars and software using the GnuRadio project. He uses bistatic passive receivers in the 100 MHz range doing object detection using other peoples’ transmitters. The project has a lot yet to accomplish including the use of helical filters (if there are any antenna freaks reading this, contact Eric, he’s looking for a bit of help).

Next on the third day we attended Ilja van Sprundel‘s huge fuzzing  extravaganza. Fuzzers generate bad data that is designed to look like good data and will hopefully break something in an interesting way. Our fav part? When the list of irc clients broken by his ircfuzz tool was so long he had to use 10pt font to get it all on one slide (see slide 53)! His paper can be found here and the slides here.

We then wandered to Harald Welte‘s talk on hacking the Motorola EZX series phones (which we’ve reported on here before). In case you forgot, the EZX series has a linux kernel. Incidentally the phone runs lots of stuff it really doesn’t need (like glibc, 6 threads for just sound processes, and even inetd). He presented the project for the first time in an official context since we saw him at 0Sec in October. Apparently lots of kinks have been worked out and there’s an official code source tree here.

The clincher for day 11 was FX and FtR of Phenoelit‘s semi-controversial talk on Blackberry security (covering both handheld devices and server based RIM products). This talk was a bit of a wake up call for RIM and thus the slides are still not available online so keep a sharp eye out for the video when it’s released by the CCC.

Also available from the CCC are the full proceedings in a downloadable pdf (also available in paper format for you physical-space-doodle-in-the-margin freaks).

Continue reading “22C3 Day 10 And 11 Round Up”