Just How Many Wireless Technologies Can You Misuse In One Shot?
from the now-that's-talent dept
We’ve seen a lot of stories recently about overhyped wireless “security holes” or “exploits” for both WiFi systems and mobile phones. In almost every case, the story would get a lot of press, but the actual risk was extremely low. The discoveries (and subsequent publications) were mostly designed to get attention for some random security researcher who discovered the supposed problem. Well, now that the obvious security attacks are out of the way, security researchers need to get a bit more creative. They can no longer just pick on a single technology (Bluetooth? WiFi?) and find a security hole. Now, they need to get with the converged times and go for a combined attack. That’s about the only explanation I can come up with for the announcement of this new “vulnerability” that makes use of Bluetooth, WiFi and SMS all in one shot. The article doesn’t do a great job of explaining the attack, but apparently, it works by having someone “bluejack” one of the few phones that are vulnerable to bluejacking (and which haven’t been patched), using that connection to send an SMS to an “anonymous prepaid phone” owned by the attacker. They can then use this to determine if (just maybe) the vulnerable phone is a T-Mobile customer. If it is, they then hijack the vulnerable phone again, and send an SMS to T-Mobile to get login info for hotspots (since T-Mobile now lets users get hotspot login info via SMS). If the user is not a T-Mobile customer, there are other options, but they’re equally convoluted (sometimes involving another associate with another mobile phone sitting at a hotspot). The group that put out the warning admits there’s no evidence that this has been done, and, honestly, it really seems like a security hack for show more than anything else. Of course, now the bar has been set. Who will top it and give us the useless, unlikely security hack that involves four different wireless technologies?
Comments on “Just How Many Wireless Technologies Can You Misuse In One Shot?”
No Subject Given
Hey, it is actually interesting.
I used to do penetration testing. (Bad business, I now do software.) It used to be valuble to companies to pen-test a system. Now that most of the cool systems are national, they’re “too big to fail”. Any vulnerability will either be prosecuted, legislated against, or advertised.
Pen-testing is still a great busines for smaller companies – Hell, I’m trying to figure out the parameters for making a new company, just for that. But, it sucks. And more and more, if you’re a big company, “the law requires you to”…
Look at banking rules.