Monthly Archives: February 2012
iOS MDM: Preventing Disassociation DOS and Potemkin Devices
I was thinking a couple of weeks ago about additional vulnerabilities in iOS Mobile Device Management, and noticed a couple of problems that I had not considered before. It may be possible for a malicious individual, whether an outside attacker or inside troublemaker, to forge fake responses to the MDM server. They could, it seems: [...]
How to respond to spam…
This is a bit different from our usual blog content. When I need a break, I take a moment and do a bit of creative writing. This writing typically surfaces as a creative response to some targeted spam. This is one of those responses: Please keep in mind I wrote this tongue in cheek and [...]
Bluetooth: Defining NAP + UAP + LAP
Just a quick follow up to last week’s post, defining what NAP, UAP, and LAP actually are and where they come from. They are the 3 components of 6 byte “BD_ADDR” (Bluetooth device address): NAP: “Non-significant Address Part”. 2 bytes. These are assigned by the IEEE and are publicly available here. Depending on who makes [...]
Wallet PIN Storage Best Practices
In light of some recent issues, we thought we’d try to answer the question: “So… where *should* Google Wallet have stored the PIN to protect it on a rooted device?” The answer is… the same place all the other sensitive data is stored! On the Secure Element (SE). Instead of storing the PIN in protected [...]
Google Wallet PIN Brute Forcing
Google Wallet is a project of great interest right now as it is a big shift in how we pay for goods and services in the US (Japan is quite far ahead of everyone on mobile payments). Some researchers have discovered that Google Wallet is storing the PIN for your wallet on the device in [...]
