Just How Many Wireless Technologies Can You Misuse In One Shot?

from the now-that's-talent dept

We’ve seen a lot of stories recently about overhyped wireless “security holes” or “exploits” for both WiFi systems and mobile phones. In almost every case, the story would get a lot of press, but the actual risk was extremely low. The discoveries (and subsequent publications) were mostly designed to get attention for some random security researcher who discovered the supposed problem. Well, now that the obvious security attacks are out of the way, security researchers need to get a bit more creative. They can no longer just pick on a single technology (Bluetooth? WiFi?) and find a security hole. Now, they need to get with the converged times and go for a combined attack. That’s about the only explanation I can come up with for the announcement of this new “vulnerability” that makes use of Bluetooth, WiFi and SMS all in one shot. The article doesn’t do a great job of explaining the attack, but apparently, it works by having someone “bluejack” one of the few phones that are vulnerable to bluejacking (and which haven’t been patched), using that connection to send an SMS to an “anonymous prepaid phone” owned by the attacker. They can then use this to determine if (just maybe) the vulnerable phone is a T-Mobile customer. If it is, they then hijack the vulnerable phone again, and send an SMS to T-Mobile to get login info for hotspots (since T-Mobile now lets users get hotspot login info via SMS). If the user is not a T-Mobile customer, there are other options, but they’re equally convoluted (sometimes involving another associate with another mobile phone sitting at a hotspot). The group that put out the warning admits there’s no evidence that this has been done, and, honestly, it really seems like a security hack for show more than anything else. Of course, now the bar has been set. Who will top it and give us the useless, unlikely security hack that involves four different wireless technologies?

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Just How Many Wireless Technologies Can You Misuse In One Shot?”

Subscribe: RSS Leave a comment
1 Comment
SniffyMcNickles says:

No Subject Given

Hey, it is actually interesting.

I used to do penetration testing. (Bad business, I now do software.) It used to be valuble to companies to pen-test a system. Now that most of the cool systems are national, they’re “too big to fail”. Any vulnerability will either be prosecuted, legislated against, or advertised.
Pen-testing is still a great busines for smaller companies – Hell, I’m trying to figure out the parameters for making a new company, just for that. But, it sucks. And more and more, if you’re a big company, “the law requires you to”…

Look at banking rules.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...