Dailydave mailing list archives
Re: Seeking more info on: Devastating mobile attack under spotlight
From: liquidfish <liquidfish () gmail com>
Date: Tue, 28 Nov 2006 17:29:18 -0800
I must apologize if it appeared as if I was stating or confirming that there is a vulnerability in FOTA. This is not the case. Rather, I was stating that it seems the alleged vulnerability is in the design of FOTA system, or more specifically the researcher seems to claim that FOTA systems are not designed to have mobile stations authenticate or validate that the updates they recieve are from the carrier.
"I found this on a very old Siemens C45 phone, and then tried it on a Nokia E90 and a Qtek Windows Mobile 2005 phone," said Hafner. "None of them authenticated the sender of the service SMS. We could not believe no one had found this possibility before us."
Whether or not this is true, and how widespread the effectiveness is in the case that it IS true, is what is in question. Note that I base the assumption that FOTA is the attack vector on the following statement from the TechWorld article,
Wilfried Hafner of SecurStar claims he can reprogram a phone using a "service SMS" or "binary SMS" message, similar to those used by the phone operators to update software on the phone.
It seems the alleged vulnerability is in the DESIGN of the system, not in the implementation. It's more like saying that the design of some protocol is insecure, not the different drivers each system uses to support that protocol and technology. Also keep in mind that different vendors and carriers may implement FOTA in different ways. If the vulnerability is in FOTA, it may only be in a specific vendors implementation. Given that the researcher is from Germany we could try making some assumptions as to which mobile carrier he was allegedly testing on. -p
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Seeking more info on: Devastating mobile attack under spotlight, (continued)
- Re: Seeking more info on: Devastating mobile attack under spotlight Robert Clark (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight liquidfish (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Dave Korn (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Robert Clark (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Nicolas RUFF (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Roy M. Silvernail (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Gadi Evron (Nov 28)
- Re: Seeking more info on: Devastating mobile attack under spotlight Matt Richard (Nov 28)
- Re: Seeking more info on: Devastating mobile attack under spotlight Gadi Evron (Nov 28)
- Re: Seeking more info on: Devastating mobile attack under spotlight liquidfish (Nov 28)
- Re: Seeking more info on: Devastating mobile attack under spotlight Gadi Evron (Nov 29)
- Re: Seeking more info on: Devastating mobile attack under spotlight liquidfish (Nov 29)
- Re: Seeking more info on: Devastating mobile attack under spotlight Roy M. Silvernail (Nov 27)
- Re: Seeking more info on: Devastating mobile attack under spotlight Nicolas RUFF (Nov 28)
- Re: Seeking more info on: Devastating mobile attack under spotlight Gadi Evron (Nov 29)