A Postcard From Finland!

Finland is known for many things, its’ fabulous cuisine, the salty liquorish, the tasty Salmiakki and Lunkaros, the saunas and the people’s hospitality. But within the security industry, it is also known for hosting one of the top security conferences in the world!

T2’10 security conference was held in Helsinki at the end of October. This year’s schedule promised technically excellent talks with a great line up of well known security researchers. The schedule lived up to the high expectations, in a very comfortable and relaxing environment where the primary focus was the sharing of information. Talks were always followed up with open discussions between the attendees and the speakers, and there were always opportunities to chat with speakers and attendees, during breaks, lunch and dinner time or at the networking cocktails.

This is the second year that MWR InfoSecurity have presented at the event and this year there were two talks at the conference. The talks were on Mobile technology and Smart Cards. Both talks combined frontline research performed by MWR Labs with real world experience and enabled the audience to understand how findings from the lab can be used to assess security in the field.

Nils’ ground breaking research focused on two popular mobile platforms: Google Android and Palm WebOS. In this presentation it was demonstrated how Palm WebOS hasn’t been designed with a specific security model in mind, and how successful attacks are still feasible against the Google Android platform, which has been build with security features such as a sandbox. The audience was petrified by two live demos in which the Palm and Android mobile devices were turned into perfect bugging devices.

Rafa’s innovative research focused on attacking the smart card software implementation in different operating systems, highlighting the different attack vectors that exist as input data travels from the card through the different software components in the operating system. The presentation included details of the evolution of an attack that can be delivered through a malicious smart card and how fuzzing can be performed of the different components that are handling the smart card data.

Among the other interesting talks were Sami Koivu talking about Java Sandboxing, Timo and Peter solving the t2’10 challenge and Aki talking about Fuzzing. It is not possible to mention all the talks that were presented at T2 in this post but they were very interesting and the feedback from the attendees was that they had a great time and learned a lot.

So mark your calendar for T2’11 from October 27 to 28, 2011! For more information check out the T2 website.