Video Screencast Help
Security Response
Showing posts tagged with Mobile & Wireless
Showing posts in English
Ollie Whitehouse | 14 Jul 2006 07:00:00 GMT | 0 comments

I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include:
a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free.
b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down.
c) There is no need to complicate things as people still fall for e-mail phishing.

These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is starting to be used...

Ollie Whitehouse | 06 Jul 2006 07:00:00 GMT | 0 comments

HD Moore and the MetaSploit project have gone to town with their toolbox of fuzzers and insight. They have unleashed a raft of security vulnerabilities on the world, in major browsers across many different platforms, one a day for an entire month (it is now day five of the Month of Browser Bugs as I write this).

While I think it's awesome that HD and the project team have made such a concerted effort to investigate most of the major sub-systems used in today's browsers (I don't want to detract from their initiative, motivation, or skill) it should be noted they were not the first to take a look at them, thinking that, aside from ActiveX (for a change) they could be fuzzed with high yield results. Similar methods were used by the illustrious group at Oulu university in 2001...

Ollie Whitehouse | 28 Jun 2006 07:00:00 GMT | 0 comments

These days, I spend a lot of my time looking at mobile devices and wireless technologies from a security perspective. I am particularly interested in the convergence of technology, and something that recently made me sit up and say “Here we go again!” is Wireless USB.

A development group has written a specification document for Wireless USB. The collaborative group (made up of representatives from Agere, Hewlett-Packard, Intel, Microsoft, NEC, Philips, and Samsung) is confident in the development of Wireless USB because they believe that it is a logical evolution of the ubiquitous technology of wired USB. The specification document states that Wireless USB can utilize the existing USB infrastructure and the USB model of smart host and simple device, but I am more interested in the security...

Ollie Whitehouse | 02 Jun 2006 07:00:00 GMT | 0 comments

So, it's started. In terms of security, we are seeing first generation mobile operating systems transition into second generation mobile operating systems. While the threats mobile embedded devices face today are relatively small, they are very real threats. We often see samples of backdoors, spyware, worms, Trojans, and arbitrary code execution for either one or both of two key commercial mobile operating systems (Symbian and Windows Mobile).

What strikes me, however, is that the vendors seem to be learning from the tribulations in the desktop space. What I mean to say is, they could sit around and wait for these issues to become as rampant as they are today in the desktop arena before they addressed security in the mobile environment; however, initial evidence suggests that mobile OS companies like Symbian, Microsoft, and ARM are becoming more proactive with security.

With the release of Symbian 9 we are seeing a more granular permissions model. With the...

Ollie Whitehouse | 16 May 2006 07:00:00 GMT | 0 comments

So, it's started. We are starting to see the arrival of Linux in the cellular device/handset market (to be honest, it's been a year or two since they first emerged, but they are now starting to become more prevalent) and along with them the attendant security issues.

While I wish to avoid a war in regards to different operating systems and security (I don't want to antagonize the Slashdot crowd again), the following is true: the vendors who are gaining direct benefits from the adoption of open source software (OSS) within their devices and products (such as low cost and quicker product development) are not addressing the security with the same aggression. If Symantec were a non-OSS company, people (myself for one) would be quick to point this out and remind them of their obligations to end-user security.

Let me explain what I mean. Currently we expect big OS vendors like Microsoft, Apple, and Sun to typically provide an easy way to implement upgrades that...

Ollie Whitehouse | 12 May 2006 07:00:00 GMT | 0 comments

I’ve had my head in Windows CE and Windows Mobile for what feels like months, looking at the security architecture and the types of threats that will affect these types of devices now and in the future (plug: paper coming soon). As I was drawing to a close on finalizing some last minute edits, I noticed that Microsoft had launched a small sub-section on their Windows Embedded site dedicated to security [1]. Digging a little further, I noticed that in order to access details of the patches available for vulnerabilities in Windows Mobile you needed an OEM agreement in place with Microsoft [2].

This got me really interested. I originally wanted to see if some of the issues Symantec had identified were patchable already. WIth a little more digging I found that you could access the QFE Updates (like Service Packs to the development environment) for Windows CE Platform Builder without needing an OEM agreement [3] (this I presume is due to the fact that anyone can get...

Ollie Whitehouse | 01 May 2006 07:00:00 GMT | 0 comments

Recently the issue of Bluetooth security raised its head once again. For such a young protocol, Bluetooth has had one rough ride. This time, however, it was for two very separate reasons. The first was a protocol fuzzer (an automated test harness) for the L2CAP protocol that was released by Pierre Betouin [1] (I later helped out with the project adding certain functionality). The author of the tool used this to discover multiple unauthenticated denial of service conditions in common top-tier cellular handsets. (It has always amused me that we have to classify remote device crashes as denial of service only, as we simply don’t have the visibility into a lot of these proprietary devices in order to gain a full understanding as to the degree of exploitability.)

The second reason was the OSX.Inqtana.A worm[2][3]. What I found interesting about this was that it was the first worm to my knowledge that actually exploited a Bluetooth vulnerability to aid in its propagation....