Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Mobile & Wireless
Showing posts in English
Eric Chien | 15 Jan 2007 08:00:00 GMT | 0 comments

The release of the Apple iPhone immediately raised the eyebrows of those in security. The iPhone's operating system is based on OS X and thus, some observers assumed malicious code would be possible and potentially rampant.

However, these concerns were a bit premature. Steve Jobs has confirmed that consumers will not be allowed to install just any third party applications. “These are devices that need to work, and you can’t do that if you load any software on them,” he said. “That doesn’t mean there’s not going to be software to buy that you can load on them coming from us. It doesn’t mean we have to write it all, but it means it has to be more of a controlled environment.” [New York Times]

The lack of the ability to install just any software will greatly mitigate the risk of malicious code on Apple iPhones. Can malicious software exist? Will malicious software exist? Probably, but the amount of malicious software will definitely not be on the scale as it is today...

Ollie Whitehouse | 12 Jan 2007 08:00:00 GMT | 0 comments

Back in November, I gave a presentation to a cellular industry conference entitled “Overcoming Mobile IM Security Threats.” The purpose of this presentation was to identify the types of threats that IM has faced in the desktop world, discuss how these threats could move to the mobile world, and cover how threats could be mitigated by operators and independent software vendors before services are launched.

The threats that utilize IM are well documented by Symantec and others. An interesting thing about Mobile IM is that users of these devices can and have started popping up on legacy Internet-based IM networks. There had been talk of operators going down the route of closed IM networks for their subscribers, but now it is clear that some operators are choosing public Internet-based IM networks. This means that these Mobile IM clients are going to...

Ollie Whitehouse | 10 Jan 2007 08:00:00 GMT | 0 comments

UMA (Unlicensed Mobile Access) is a set of specifications now known as “Generic access to the A/Gb interface; Stage 2.” The purpose of these specifications is to allow cellular operators to terminate cellular services over unlicensed mediums that utilize IP. The original specifications catered to Bluetooth and WiFi, so the benefits of such a technology should be obvious. In the home or in metropolitan areas, it allows operators to move away from technologies that are costly, slower, higher-latency, or bandwidth-limited. By doing so, they reduce their own costs and improve user experience.

In March 2006, I wrote an internal Symantec paper entitled “UMA Attack Surface Analysis.” The purpose of this paper was to discuss the increased risks that subscribers or operators may be exposed to as a result of deploying UMA...

Ollie Whitehouse | 30 Dec 2006 08:00:00 GMT | 0 comments

Collin Mulliner gave an updated version of his presentation at 23C3 in Berlin titled ‘Advanced Attacks Against PocketPC Phones’ (we originally blogged about it in August). As I previously mentioned, one of the vulnerabilities he discussed had, to my knowledge, still not been patched. Well Collin confirmed this in his presentation and also released a working exploit for the...

Ollie Whitehouse | 15 Dec 2006 08:00:00 GMT | 0 comments

Ciao! Back in May, at the Microsoft Embedded Developer Conference in Las Vegas, Microsoft provided a number of presentations on Windows CE 6. The following is a summary of the improvements in Windows CE 6, which either directly or indirectly impact upon the security. The points below are taken from the slide decks of the presentations and are distilled down with some commentary added. It should be noted that it is not currently clear when or if Windows CE 6 will be adopted by the Windows Mobile Group. This entry follows up on the blog regarding Windows CE/Mobile 5, which I posted earlier this week.

From the talk Windows CE 6 Overview by David Kelly & Tim Kiesow of Microsoft, I have taken the following points away:
  • It supports safe SEH for security compliance (/GS)
  • Secure C Run-Time Libraries (Same...
Ollie Whitehouse | 12 Dec 2006 08:00:00 GMT | 0 comments

Bonjour! Carrying on from my previous blog post, here is some more information on Windows CE/Mobile 5 security.


Windows CE and Mobile, like its desktop cousin, can suffer “shatter attacks” across processes. This includes processes running at different levels of trust (please see my previous blog post and the section on One-tier versus Two-tier). For those of you unfamiliar with what shatter attacks are, there is a Microsoft TechNet bulletin that addresses the original assertion that the shatter attack condition can exist.

There are some complexities...

Brian Hernacki | 29 Nov 2006 08:00:00 GMT | 0 comments

As municipal Wi-Fi networks begin to roll out, I've begun to notice a trend that isn't surprising, but is still a bit worrisome. Business users are beginning to use the muni Wi-Fi in the office. While the signal doesn't often penetrate too deeply into buildings, conference rooms and window offices seem to get a sufficient signal in many cases. The problem is that I see people using the muni Wi-Fi signal instead of the office IT-supported network. Sometimes they just use it because it's more convenient. The office IT network is "secure" and requires extra work, such as entering keys or using a VPN. Sometimes they do it because they explicitly want to avoid the local IT policy controls (access to restricted sites, use of restricted applications, etc.)

So, why is this a problem? First, it exposes the user’s computer to the Internet without the normal protection of the office IT security safeguards (like a firewall). While it's quite possible to secure the...

Ollie Whitehouse | 10 Nov 2006 08:00:00 GMT | 0 comments

Hola again! Well, that’s my Spanish out the way. Oh, wait – dos cervezas por favor ;-). Anyway, I was invited down to Spain by the kind folk of NoConName (thanks to Nico and crew – Majorca is lovely!) to deliver a presentation on some research I had done at the start of the year when I first joined the Advanced Threat Research team (research that I had alluded to in an earlier blog entry on an attack surface analysis of Windows CE 5 and Windows Mobile 5.

This is a rundown of the NoConName version of my presentation:

• Introduction & Context
• Overview of Windows CE
• Windows CE Security Model
• Analysis Findings
• Windows CE and Security Patches

The first three sections are pretty self explanatory and way too long to cover...

Ollie Whitehouse | 03 Nov 2006 08:00:00 GMT | 0 comments

Back in 2004, I presented some research at CanSecWest entitled “Bluetooth Security: Toothless?” One of the items I covered in this presentation was the ability to recover link keys over the air. My research was missing a key feature, which was how to force a re-pair between two devices in order to be able to observe the new pairing to be able to get the required data. Fast-forward to June, 2005, and Yaniv Shaked and Avishai Wool improved the attack in many aspects and released the paper “Cracking the Bluetooth PIN,” including many novel aspects. Well, it’s now 2006 and Thierry Zoller has just given an interesting presentation at the conference (with input from...

Ollie Whitehouse | 01 Nov 2006 08:00:00 GMT | 0 comments

Be warned: this may sound a little odd. Imagine if I told you that some television and radio content is broadcast using IP, over the air. (You'd probably think I’d been working with too much paint thinner over the weekend.) Well, this broadcast method is how a live service in the UK works. It’s called digital audio broadcasting – IP (DAB-IP) and in short, your mobile device just got another network connection.

The UK has just had the “Lobster” (a mobile handset) launched on the Virgin mobile network, which uses DAB-IP for its TV and radio content. DAB is a standard owned by ETSI (the same people who own GSM). With DAB-IP, content is basically being tunneled over IP, over DAB, to your handset. One of the first interesting things I read in relation to this topic was a...