nanog mailing list archives

Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks

From: "Jay R. Ashworth" <jra () baylink com>
Date: Tue, 19 Jul 2016 23:55:40 +0000 (UTC)

Heap overflow bug in either a widely used ASN.1 library from Objective Systems,
apparently popular with cell-radio industry people.  Not sure if this will 
leak over into NANOG land -- but neither are you, and that's most of my point.

DO *you* know if this library is used in your routers?  Can you find out?

How easily and quickly?

Cheers,
-- jra

----- Forwarded Message -----

From: "PRIVACY Forum mailing list" <privacy () vortex com>
To: privacy-list () vortex com
Sent: Tuesday, July 19, 2016 7:12:47 PM
Subject: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks

Critical bug threatens to bite mobile phones and networks

http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/

      A newly disclosed vulnerability could allow attackers to seize
      control of mobile phones and key parts of the world's
      telecommunications infrastructure and make it possible to
      eavesdrop or disrupt entire networks, security experts warned
      Tuesday.  The bug resides in a code library used in a wide
      range of telecommunication products, including radios in cell
      towers, routers, and switches, as well as the baseband chips
      in individual phones. Although exploiting the heap overflow
      vulnerability would require great skill and resources,
      attackers who managed to succeed would have the ability to
      execute malicious code on virtually all of those devices. The
      code library was developed by Pennsylvania-based Objective
      Systems and is used to implement a telephony standard known as
      ASN.1, short for Abstract Syntax Notation One.

- - -

--Lauren--
Lauren Weinstein (lauren () vortex com): http://www.vortex.com/lauren
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
I have consulted to Google, but I am not currently
doing so -- my opinions expressed here are mine alone.
_______________________________________________
privacy mailing list
http://lists.vortex.com/mailman/listinfo/privacy


-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274

Current thread:

Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks Jay R. Ashworth (Jul 19)
- Re: Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks Michael Thomas (Jul 19)
- Re: Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks Marcin Cieslak (Jul 19)