Peaches Posted January 2, 2009 Report Share Posted January 2, 2009 1 January 2009, 17:3725C3: SMS killer application for many Nokia mobiles Some of the SMSs expected to be sent to mobile phones in the New Year period are unlikely to contribute to their recipients' holiday joy. The Chaos Computer Club (CCC) is warning, in at least one vulnerability report, of dangerous emails, sent as SMSs, that block reception of further SMSs or MMSs on many current Nokia mobile phones. Tobias Engel, a member of CCC, discovered the security leak and baptized it the "Curse of Silence because it shuts off the channel for incoming SMSs on the attacked mobile phone. The CCC has also issued a demo video; Engel said on Tuesday at the 25th Chaos Communication Congress (25C3) in Berlin that SMS standards are expressed in broad terms, which means a number of different types of short messages can be sent. Although the relevant functions have rarely, if ever, been used by mobile owners, they are nevertheless in the standards. That makes it possible in principle to send, for example, emails as SMSs. If a short message is identified as an email in accordance with the standards, the sender's email address instead of the phone number is displayed to the addressee. Engel said Nokia implemented this feature in 2002 or 2003 without pursuing it further or advertising it, and while doing so they allowed an error to slip in. The SMS standard says a sender's address must not exceed 32 characters. If an email address is of greater length, the SMS into which the email is converted remains in intermediate memory. Any further SMSs or MMSs can then only be received following a factory reset.More at Heise Security: http://www.heise-online.co.uk/security/25C...s--/news/112335http://www.heise-online.co.uk/security/25C...s--/news/112335 Quote Link to post Share on other sites
Peaches Posted January 2, 2009 Author Report Share Posted January 2, 2009 25C3: Many RFID cards poorly encrypted Karsten Nohl, the security investigator who had a big hand in cracking NXP's Mifare Classic chips, says many RFID smartcards from other manufacturers are also vulnerable to a simple hacker attack. He told the 25th Chaos Communication Congress (25C3) in Berlin that "Almost all RFID cards use weak proprietary encryption systems" and only the latest types were any better. For example, several generations of Legic, HID and Atmel cards have holes in their armour.RFID cards are used today to control access to buildings, rooms, cars or electronic devices. Mifare chips are also widely used in payment systems, such as those in short-distance public transport. The general expectation is that such RFID tags, all operating on the same frequency of 13.56 MHz, will evntually be used as generic identifiers for products and people, and they are already in use in passports and credit cards. However, said Nohl, the chip manufacturers have so far criminally neglected the standard of encryption used by these chips and the standard of the reading systems, which ought to satisfy the requirements of both data protection and system security.Heise security: http://www.heise-online.co.uk/security/25C...d--/news/112336 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.