|
 |
dilluns, 27 / novembre / 2006 |
|
|
[TechWorld] Devastating mobile attack under spotlight. Un investigador alemany avisa que la xarxa de missatges SMS pot ser utilitzada per realitzar atacs. Concretament s'utilitza un SMS de servei, com els utilitzats pels operadors per modificar la configuració; aquesta mena de missatges no tenen cap mena d'autenticació; senzillament s'executen al moment de rebre'ls. Això permet una completa manipulació de telèfon per tasques com la interceptació de converses (totes les trucades són desviades, de forma oculta, a l'atacant)... o qualsevol altra cosa que permeti la imaginació de l'atacant.
All mobile phones may be open to a simple but devastating attack that enables a third-party to eavesdrop on any phone conversation, receive any and all SMS messages, and download the phone's address book.
The attack, outlined by a German security expert, would amount to the largest ever breach of privacy for billions of mobile phone users across the world. But it remains uncertain exactly how easy and how widespread the problem could be thanks to a concerted effort by mobile operators to muddy the issue while they assess its extent.
(...)
Wilfried Hafner of SecurStar claims he can reprogram a phone using a "service SMS" or "binary SMS" message, similar to those used by the phone operators to update software on the phone. He demonstrated a Trojan which appears to use this method at the Systems show in Munich last month - a performance which can be seen in a German-language video.
"I found this on a very old Siemens C45 phone, and then tried it on a Nokia E90 and a Qtek Windows Mobile 2005 phone," said Hafner. "None of them authenticated the sender of the service SMS. We could not believe no one had found this possibility before us."
On all these phones, Hafner was able to launch an example Trojan called "Rexspy", which he says ran undetected. Rexspy copies all SMS messages to the attacker, and allows the attacker to eavesdrop on any phone conversation by instructing the phone to silently conference the attacker into every call.
|
19:11 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 1996-2006 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
 |
 |
 |
 |
| Novembre 2006 |
| Diu |
Dil |
Dim |
Dim |
Dij |
Div |
Dis |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
|
|
| Oct Des |
Portada
|
 |
 |
 |
 |
|
