Dailydave mailing list archives
Seeking more info on: Devastating mobile attack under spotlight
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Mon, 27 Nov 2006 08:21:31 -0500
Hi Guys, I am looking for some opinions or more info on this SMS reprogramming attack. If anyone has any more info I would appreciate it. from: http://www.techworld.com/mobility/news/index.cfm?newsid=7425 Mobility & Wireless News 24 November 2006 Devastating mobile attack under spotlight By Peter Judge, Techworld All mobile phones may be open to a simple but devastating attack that enables a third-party to eavesdrop on any phone conversation, receive any and all SMS messages, and download the phone's address book. The attack, outlined by a German security expert, would amount to the largest ever breach of privacy for billions of mobile phone users across the world. But it remains uncertain exactly how easy and how widespread the problem could be thanks to a concerted effort by mobile operators to muddy the issue while they assess its extent. The official response of the mobile phone operators when asked about the threat is that the attack is phoney. But despite three days of inquiries by Techworld, none have provided any evidence that there is an adequate defence to it. One operator told us all its security experts were at a meeting in Denmark, although, oddly for mobile company employees, they were also incommunicado. Wilfried Hafner of SecurStar claims he can reprogram a phone using a "service SMS" or "binary SMS" message, similar to those used by the phone operators to update software on the phone. He demonstrated a Trojan which appears to use this method at the Systems show in Munich last month - a performance which can be seen in a German-language video. 8 Phone operators use SMS messages to make changes to their customers' phone without user intervention. These changes can vary from small tweaks to an overhaul of the phone's internal systems. Hafner claims however that phones do not check the source of such messages and verify whether they are legitimate, so by sending a bogus message he is able to pose as a mobile operator and re-program people's mobiles to do what he wants. "I found this on a very old Siemens C45 phone, and then tried it on a Nokia E90 and a Qtek Windows Mobile 2005 phone," said Hafner. "None of them authenticated the sender of the service SMS. We could not believe no one had found this possibility before us." On all these phones, Hafner was able to launch an example Trojan called "Rexspy", which he says ran undetected. Rexspy copies all SMS messages to the attacker, and allows the attacker to eavesdrop on any phone conversation by instructing the phone to silently conference the attacker into every call. However, Hafner's demonstration does not constitute proof - it was done with his own phones, which could have been prepared. Known software such as Flexispy does the same job as Rexspy, but has to be installed manually on a phone. Hafner has also refused to provide Techworld with a demonstration, claiming that he does not want the code put into the wild. Hafner has also put out a press release about his alleged discovery which heavily pushes his company's products. -snip- -JP<who has been wanting to check in on his ex for a while ;-)> _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Seeking more info on: Devastating mobile attack under spotlight Dude VanWinkle (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Paul Wouters (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Robert Clark (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight liquidfish (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Dave Korn (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Robert Clark (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Nicolas RUFF (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Roy M. Silvernail (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Gadi Evron (Nov 28)
- Re: Seeking more info on: Devastating mobile attack under spotlight Matt Richard (Nov 28)
- Re: Seeking more info on: Devastating mobile attack under spotlight Gadi Evron (Nov 28)
- Re: Seeking more info on: Devastating mobile attack under spotlight liquidfish (Nov 28)
- Re: Seeking more info on: Devastating mobile attack under spotlight Roy M. Silvernail (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Paul Wouters (Nov 27)