Dailydave mailing list archives

Re: Seeking more info on: Devastating mobile attack under spotlight

From: Gadi Evron <ge () linuxbox org>
Date: Tue, 28 Nov 2006 18:37:13 -0600 (CST)

On Tue, 28 Nov 2006, liquidfish wrote:

The following whitepaper written by the OTA Flash Forum details some of the
security considerations made for FOTA and is often used as a reference by
designers of FOTA systems
http://www.otaflashforum.org/documents/downloads/OTAFFwhitepaperSecurity.pdf

If you run a CDMA network on a Motorolla cell phone, and a GSM network on

a Nokia, you will talk to them differently.


Yes but that's like comparing  layer(s) 2/3 protocol(s) with the application
layer protocol (FOTA) that is being used to upgrade the phones.


It is still application specific (each phone stands on its own). Not to
mention software specific with different version for each model. Each
phone released has some.. 7 versions out there (could be dozens, I didn't
count), not to mention country/lanugauge specific versions.

Even if there is a vulnrability in FOTA as you specify, which actually, as
unlikely it it would be, would affect "every" cell phone, it would still
be crazy to exploit and THEN per phone.

Unrelated to the process (which doesn't change, it can run on the Internet
- and it does. It's a whole different level). It's crazy security, and
THEN it is closed source and secret. :P (/cynical)

So, unless you somehow make yourself appear to be the operator or somehow
create a man in the middle situation (same as being the operator), both
impossible [1], this won't happen.
The guy found one vulnerability for one version (which I doubt due to the
"all statement" the guy made. If true anyway, it's cool, but it's simply
impossible [2] beyond that (single implementation attack).

There is crazy security invested in this. You can go and read about it
online. Everything is breakable, but give me a break.

        Gadi.

1 - Nothing is ever impossible. Let's say VERY VERY VERY hard to
virtually impossible.
2 - If you have the resources of a country and can put the equivalent of
hundreds of people on it, you may be able to achieve it. If you are a
country, you can also introduce a backdoor if the vendor agrees/is forced,
but good luck on that. Is your opponent the NSA/equivalent?

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Seeking more info on: Devastating mobile attack under spotlight, (continued)
- Re: Seeking more info on: Devastating mobile attack under spotlight Paul Wouters (Nov 27)
  - Re: Seeking more info on: Devastating mobile attack under spotlight Robert Clark (Nov 27)
    - Re: Seeking more info on: Devastating mobile attack under spotlight liquidfish (Nov 27)
  - Re: Seeking more info on: Devastating mobile attack under spotlight Dave Korn (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Nicolas RUFF (Nov 27)
  - Re: Seeking more info on: Devastating mobile attack under spotlight Roy M. Silvernail (Nov 27)
    - Re: Seeking more info on: Devastating mobile attack under spotlight Gadi Evron (Nov 28)
    - Re: Seeking more info on: Devastating mobile attack under spotlight Matt Richard (Nov 28)
    - Re: Seeking more info on: Devastating mobile attack under spotlight Gadi Evron (Nov 28)
    - Re: Seeking more info on: Devastating mobile attack under spotlight liquidfish (Nov 28)
    - Re: Seeking more info on: Devastating mobile attack under spotlight Gadi Evron (Nov 29)
    - Re: Seeking more info on: Devastating mobile attack under spotlight liquidfish (Nov 29)
    - Re: Seeking more info on: Devastating mobile attack under spotlight Nicolas RUFF (Nov 28)
    - Re: Seeking more info on: Devastating mobile attack under spotlight Gadi Evron (Nov 29)