[US-CERT VU#584363] Pwning a complete fleet of GSM/Tablets

[Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml () tehtri-security com>]

Gents,

Feel free to read US-CERT VU#584363 related to our recents 0days
allowing skilled attackers to take the complete control of a fleet of
GSM/Tablets (Symbian, iPhone/iPad, BlackBerry, Windows Mobile, Android,
etc), thanks to vulnerabilities in Mobile Device Management (MDM).

This could lead to the shred of the complete fleet of devices (might be
long to recover/reinstall hundreds or thousands of devices worldwide..).
Of course, this could also lead to remote spying on those devices, etc.

MDM is essentially related to large scale companies or governments, that
really need this kind of tools to manage big fleets properly.

We suggest these organization to contact their (really technical)
security partners in order to launch advanced penetration tests, as it
will definitely become a nice vector of intrusion in a short future.

Pwning thousands of devices is more interesting for evil attackers,
compared to powning 1 device sometimes by coming in the same cellphone
area, etc.

References:
http://www.kb.cert.org/vuls/id/584363
http://www.tehtri-security.com/en/news.php

Best regards,

Laurent Oudot, CEO TEHTRI-Security - tehtris.com - "This is Not A Game"

*Next live hacking sessions to join us*

--DEC 2011 / Black Hat / Abu Dhabu, UAE
 Training: "Advanced PHP Hacking"
 [w] http://www.blackhat.com/

--FEB 2012 / Hack In The Box GSEC / Mumbai, India
 Training "Strategic Cyber Attacks,Advanced Persistent Threats & Beyond"
 [w] http://gsec.hitb.org/?p=134
 [t] #HITBGSEC

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/