Intrepidus Group

Monthly Archives: February 2012

iOS MDM: Preventing Disassociation DOS and Potemkin Devices

Posted: February 22, 2012 – 4:10 pm | Author: | Filed under: iOS, Mobile Device Management

I was thinking a couple of weeks ago about additional vulnerabilities in iOS Mobile Device Management, and noticed a couple of problems that I had not considered before. It may be possible for a malicious individual, whether an outside attacker or inside troublemaker, to forge fake responses to the MDM server. They could, it seems: […]

How to respond to spam…

Posted: February 17, 2012 – 3:57 pm | Author: | Filed under: Uncategorized

This is a bit different from our usual blog content. When I need a break, I take a moment and do a bit of creative writing. This writing typically surfaces as a creative response to some targeted spam. This is one of those responses: Please keep in mind I wrote this tongue in cheek and […]

Bluetooth: Defining NAP + UAP + LAP

Posted: February 13, 2012 – 2:30 pm | Author: | Filed under: Wireless

Just a quick follow up to last week’s post, defining what NAP, UAP, and LAP actually are and where they come from. They are the 3 components of 6 byte “BD_ADDR” (Bluetooth device address): NAP: “Non-significant Address Part”. 2 bytes. These are assigned by the IEEE and are publicly available here. Depending on who makes […]

Wallet PIN Storage Best Practices

Posted: February 10, 2012 – 11:24 am | Author: | Filed under: NFC

In light of some recent issues, we thought we’d try to answer the question: “So… where *should* Google Wallet have stored the PIN to protect it on a rooted device?” The answer is… the same place all the other sensitive data is stored! On the Secure Element (SE). Instead of storing the PIN in protected […]

Google Wallet PIN Brute Forcing

Posted: February 9, 2012 – 10:46 am | Author: , and | Filed under: android, Mobile Security, NFC, Tools

Google Wallet is a project of great interest right now as it is a big shift in how we pay for goods and services in the US (Japan is quite far ahead of everyone on mobile payments). Some researchers have discovered that Google Wallet is storing the PIN for your wallet on the device in […]


This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 24799 items have been purified.