Seeking more info on: Devastating mobile attack under spotlight

["Dude VanWinkle" <dudevanwinkle () gmail com>]

Hi Guys,

I am looking for some opinions or more info on this SMS reprogramming
attack. If anyone has any more info I would appreciate it.


from: http://www.techworld.com/mobility/news/index.cfm?newsid=7425

Mobility & Wireless News

24 November 2006
Devastating mobile attack under spotlight

By Peter Judge, Techworld

All mobile phones may be open to a simple but devastating attack that
enables a third-party to eavesdrop on any phone conversation, receive
any and all SMS messages, and download the phone's address book.

The attack, outlined by a German security expert, would amount to the
largest ever breach of privacy for billions of mobile phone users
across the world. But it remains uncertain exactly how easy and how
widespread the problem could be thanks to a concerted effort by mobile
operators to muddy the issue while they assess its extent.

The official response of the mobile phone operators when asked about
the threat is that the attack is phoney. But despite three days of
inquiries by Techworld, none have provided any evidence that there is
an adequate defence to it. One operator told us all its security
experts were at a meeting in Denmark, although, oddly for mobile
company employees, they were also incommunicado.

Wilfried Hafner of SecurStar claims he can reprogram a phone using a
"service SMS" or "binary SMS" message, similar to those used by the
phone operators to update software on the phone. He demonstrated a
Trojan which appears to use this method at the Systems show in Munich
last month - a performance which can be seen in a German-language
video.
8
Phone operators use SMS messages to make changes to their customers'
phone without user intervention. These changes can vary from small
tweaks to an overhaul of the phone's internal systems. Hafner claims
however that phones do not check the source of such messages and
verify whether they are legitimate, so by sending a bogus message he
is able to pose as a mobile operator and re-program people's mobiles
to do what he wants.

"I found this on a very old Siemens C45 phone, and then tried it on a
Nokia E90 and a Qtek Windows Mobile 2005 phone," said Hafner. "None of
them authenticated the sender of the service SMS. We could not believe
no one had found this possibility before us."

On all these phones, Hafner was able to launch an example Trojan
called "Rexspy", which he says ran undetected. Rexspy copies all SMS
messages to the attacker, and allows the attacker to eavesdrop on any
phone conversation by instructing the phone to silently conference the
attacker into every call.

However, Hafner's demonstration does not constitute proof - it was
done with his own phones, which could have been prepared. Known
software such as Flexispy does the same job as Rexspy, but has to be
installed manually on a phone. Hafner has also refused to provide
Techworld with a demonstration, claiming that he does not want the
code put into the wild. Hafner has also put out a press release about
his alleged discovery which heavily pushes his company's products.


-snip-



-JP<who has been wanting to check in on his ex for a while ;-)>
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave