poniedziałek, 14 marca 2011

Posiadasz telefon komórkowy? Lepiej uważaj!

Etykiety: , , , , ,
Wewnętrzny Dział Bezpieczeństwa Niekoniecznika przesyła informację o krytycznym błędzie w telefonach komórkowych. Smaczku dodaje fakt, że temat ów jest pomijany przez większość tzw. portali poświęconych bezpieczeństwu teleinformatycznemu. Jako pierwsi publikujemy oficjalne advisory. Advisory jest w języku angielskim ponieważ zamierzamy wysłać je także na listę gdzie tacy specjaliści jak my takie rzeczy jak ta wysyłają - czyli na listę marchewq.


NSA-1D-10T-001(Niekoniecznik Security Advisory)

I.   Background

Each of us uses a mobile phone. Some even two. Sometimes three.
We use them at work and at home. When we go on vacation we turn
off the phone. But they then call us anyway for they don't give
a shit about our vacation.

II.  Problem Description

At the time of acquisition of a mobile phone attackers can
execute an attack on owner's privacy. For this purpose,
the attacker changes in the phone book entry of owner's number
eg +46600000000 to eg "Mom" and then text him "buy sugar. "
At the moment when owner reads this message, he imediatelly goes
to buy a sugar. It is easy to imagine how in the era of the sugar
crisis, this attack could affect our country.
Sugar would be even more expensive!

III. Impact

This privacy corruption can be exploited by an local attacker
that has a physical access to the owner's mobile phone.

NOTE: While mobile phones without untrusted local users
(attackers) are not affected by the security aspects of this issue,
the potential for privacy corruption if - for instance you meet
someone in the bar, or on a pool.
-
implies that this should still be treated as critical!

IV.  Workaround

No workaround is available.

V.   Solution

Perform one of the following:

1) Sell out your mobile phone.

2) Delete all your files (including your favourite ring tones) and
wait to see what happens.

3) Add several phone book entries for your number.
Change their names every 4 hours.

4) Have your mobile phone always turned off and never turn it on,
even if you want to use it.

VII. References

It's not a CV goddamnit, why to put references here?
Autor: sigkill o 3/14/2011 02:10:00 PM

5 komentarzy:

  1. Sam z Casablanki14 marca 2011 15:34

    Hide your kids, hide your wife, and hide your husband!!!!!!111

    OdpowiedzUsuń
  2. Anonimowy14 marca 2011 16:01

    Shit, I gotta kill my gf because of her ignorance!

    OdpowiedzUsuń
  3. Anonimowy14 marca 2011 21:33

    Eee, ja mam Kasperskyego Mobile więc nic mi nie grozi.

    OdpowiedzUsuń
  4. Anonimowy5 kwietnia 2011 21:15

    great post as usual!

    online pharmacy

    OdpowiedzUsuń
  5. Anonimowy9 kwietnia 2011 13:34

    Pretty nice post. I just stumbled upon your blog and wanted to say that I have really enjoyed browsing your blog posts. In any case I’ll be subscribing to your feed and I hope you write again soon!

    Aromatherapy Training

    OdpowiedzUsuń

Subskrybuj: Komentarze do posta (Atom)