There has been some excitement lately about the fact that more and more phones are now getting embedded SE’s (eSE’s), associated to a NFC interface. Some of this excitement came from the ability to manage third-party applications on this embedded SE, as enabled by a whole range of GlobalPlatform specifications, and by the emergence of […]
Category Archives: Discussions
Best wishes and post-holiday rant
First, since this is my first post of the year, let me wish you all the best for 2012, hoping that it will bring a lot of interesting things around mobile security, Java Card, and all these things. My first post will be a rant about something that is very-much holiday-related for me: package deliveries. […]
The misuse of bytecode verification
Bytecode verification has been an interesting debate since the very beginning of Java Card. Back then, in 1997, Java was very much about Java applets, and the bytecode verifier was the essential piece of software that allowed untrusted code to run in a browser efficiently (i.e., without doing expensive runtime checks, and without having to […]
Hijacking NFC Tags
I have been thinking about tags for as a background task for a while, and one of my directions has been to look at the “hijacking” of tags. Here, I am not talking of replacing some tags by other tags (for instance pushing toward a competitor of a smart poster’s rightfful owner), as thie defnitely […]
Open Source, GlobalPlatform, and Java Card
The two concepts of open source and smart cards have not gone well together. There are some projects about specific applications and corresponding terminal-side software, such as the Muscle project for Linux, and the JMRTD library for e-passports (if you have one that you want me to mention, let me know). However, there are really […]
It can’t happen here
The sentence It can’t happen here is the latest motto of the French government, to which they add because our nuclear plants are the safest in the world. My point is not here to discuss politics or nuclear engineering, but to focus on risk analysis. I only did a few risk analyses, but it taught […]
Android Malware, Permissions, and Side Channels
New Android malware keeps popping up, and the latest one to be publicly discussed is very typical of what we are seeing these days. And frankly, I haven’t found them very impressive. In short, the attack consists in recording phone calls, identifying calls to credit card support lines, then analyzing the recording to identify the […]
2011: The year of mobile malware? Nope.
One of the discussion topics at this week’s Mobile Security Barcamp in Sophia Antipolis was mobile malware, with some people claiming that 2011 will be the year of mobile malware. I agree with them that, as mobile takes more and more power, and as platforms like iOS and Android become more and more common, they […]
The Mobile Trust Manifesto
Mobile computing is at a turning point, as the past few years have seen numerous improvements of the capacities of mobile devices. Here are a few of the main characteristics that have dramatically improved: Personal. Mobile phones are becoming some kind of personal hub, on which all communications means are concentrated, in particular around social […]
LG Thinq and smart appliances
Beside Motorola’s Atrix 4G and the many tablets, one of the very nice announcements of CES is LG’s Thinq, with significant press coverage. Connecting home appliances sounds kind of obvious, and the ubiquitous availability of smartphones and tablets makes it even more obvious. I have many times left my clean laundry sit in the washer […]