funsec mailing list archives
Re: Mobile phones face hacking threat, experts say
From: Vitaly Osipov <vosipov () hutchison com au>
Date: Thu, 04 Jun 2009 21:29:14 +1000
This is just so theoretical... for starters they cannot really hijack an APN without a lot of work, APN name is resolved by closed-off pseudo-DNS system under operator's control. Often phone's traffic simply cannot get out to the Interned without the help of an operator's proxy, that is what the proxy is there for. All this attack will achieve is to disable the phone's data connection, unless the operator has put in specific measures to make the exploit work :) Bank accounts? SSL anyone? The phones are much more picky about fake certificates than any Windows box, so even if an attacker manages to pull all of the above, they need to pull off a MITM with a phone screaming "bad cert". Finally, they say "Proper filtering of OMA Provisioning messages would entirely block the attack" - I believe this is a simple filter on SMSC, same as with the last December's Nokia "email message" bug that turned out to be a non-event, partly because it was so easy to filter out. V. On 4/06/09 8:00 PM, "Juha-Matti Laurio" <juha-matti.laurio () netti fi> wrote:
"Accessing your bank account using your mobile phone might seem safe, but security experts say would-be hackers can access confidential information via a simple text message seemingly from your service provider. People in the industry aware of the risk see it as extremely small, as only a few people use handsets to access their bank accounts, but it is growing as mobile Internet usage rises. In April, the flaw -- which enables criminals to access a cellphone data connection, steal data or install or remove programmes -- gained wider attention at the BlackHat Europe security conference. "The hacker does not have to be especially skilled to do this," said Jukka Tuomi, chief technology officer at Finnish software firm ErAce Security Solutions. ErAce said that in some phones using Microsoft's Windows software, users cannot block the attack, while Symbian phone users can block malicious messages." --clip-- More at http://www.guardian.co.uk/business/feedarticle/8535233 Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Mobile phones face hacking threat, experts say Juha-Matti Laurio (Jun 04)
- Re: Mobile phones face hacking threat, experts say Vitaly Osipov (Jun 04)