Saturday, July 5, 2014

Android Kolme

Its been a while since I post anything security related. Mostly because since I work in security I tend to publish hobbie related stuff.
So here's an interesting joint research I was involved with Marco Lux from Curesec.
We investigated the source code of the Android Operating System and its default apps.
It was real interesting, to say the least.
Today we released some details of our findings about CVE-2013-6272 and another one unassigned yet. Basically, did you know an app doesn't really need permissions to make a phone call from your device? ;)

Without going much into details, which you can find here and here, lets just say something is broken in Android. Of course, I guess we all know it deep inside...
Don't get me wrong, I love Android, own a few and I think it's a great OS from the user perspective. The point is that someone, sometime will have to take security more serious in such a widespread mobile OS. Or not...

What do you think about it?

Thursday, June 5, 2014

MicLoc V2

I'm happy to announce that MicLoc is getting its own page!

Due to several requests and incentives I decided to revisit MicLoc and I'm currently working on another prototype. This time, however, I will be documenting the process and releasing all software and hardware plans.
You can follow the developments in this blog, under MicLoc, or directly via link.
As always, suggestions are most welcomed!

My thanks to everyone that showed interest/commented/suggested modifications!