| New User, Welcome! Login |
mobile phone
--- BEGIN ADVISORY ---
Manufacturer: Nokia (www.nokia.com)
Device: Nokia 6131 NFC
Firmware: V 05.12, 19-09-07, RM-216
Device Type: mobile phone
OS: Symbian Series40
Subsystem: Near Field Communication
-----------------------------
--- BEGIN ADVISORY ---
Manufacturer: Nokia (www.nokia.com)
Device: Nokia 6212 Classic
Firmware: V 05.16, 29-09-08, RM-396
Device Type: mobile phone
OS: Nokia Series40
Subsystem: Near Field Communication
-----------------------------
Program:
Attacking Telco Core Network - Philippe Langlois (TSTF)
Real World Kernel Pool Exploitation - Kostya Kortchinsky (Immunity)
Cyber Crime: Follow the Money - Pedro Bueno (McAfee)
The Powerful Evil on Mobile Phone - Nanik (COSEINC)
Securing Your Web Application Codes - Kurt Grutzmacher (Pacific Gas)
Hacking RFiD Devices: Octopus Card?? - Adam Laurie (RFIDI0T.org)
Attacking Anti-Virus - Sowhat (Nevis Lab)
Anti-Forensic: Leaving the Police No Trails (the Grugq)
Media Security in VOiP Systems - Shao Weidong (Secure Minded Consulting)
#2009-014 Android denial-of-service issues
Description:
Android, an open source mobile phone platform, is affected by two bugs
that lead to denial-of-service (DoS) conditions.
Two separate DoS issues have been independently reported to oCERT.
The most recent report concerns Android handling of SMS messages: a
and in the end, compare:
STAT {{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{.}}}]}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
hovever in vsftpd, command lenght is allowed to 4096 bytes. So it's no problem to create request with a huge complexity
To bypass max_per_ip, use ISP with dynamic ip. Disconnect and connect (example for bt mobile phone):
cx@cx64:~$ hciconfig hci0 down
cx@cx64:~$ hciconfig hci0 up
and connect again.
HTC devices running Android 2.1 and Android 2.2 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and read arbitrary files, via a ../ in a pathname.
Description:
In the present HTC / Android phones include a Bluetooth stack, which provides Bluetooth communications with other remote devices. The File Transfer Profile (OBEX FTP) is one among all the Bluetooth services that may be implemented in the stack.
The OBEX FTP service is a software implementation of the File Transfer Profile (FTP). The File Transfer Profile (FTP) is intended for data exchange and it is based on the OBEX communications client-server protocol. The service is present in a large number of Bluetooth mobile phones. This service can be used for sending files from the phone to other remote devices and also allows remote devices to browse shared folders and download files from the phone.
In HTC / Android phones, the default directory of the OBEX FTP Server is the SDCard. Only files placed in the directory of the SDCard can be shared. The user cannot select other directory so sensitive files related to the operating system are not exposed.
There exists a Directory Traversal vulnerability in the OBEX FTP Service in the Bluetooth Stack implemented in HTC devices running Android 2.1 and Android 2.2. The OBEX FTP Server is a 3rd party driver developed by HTC and installed on HTC devices running Android operating system, so the vulnerability affects to this vendor specifically.
Where: Remote (man-in-the-middle)
3) Vendor's Description of Service
"LiqPAY is global open high-secure payment system that lets anyone
easily send money using mobile phones, Internet and payment cards
worldwide.
...
LiqPAY Benefits: Strong security. Strong identification and
verification using the OTP technology."
CSRF can be used to cause denial-of-service attacks against mobile phones by
flooding the phone with SMS and service messages.
Mobile phone service providers in Israel, and throughout the world, provide
a web interface to send SMS messages. Fortunately, they limit the SMS
sending web interface to 20 messages per day, and they also require the user
to authenticate in order to send an SMS.
Unfortunately, at-least when referring to the Israeli providers, they also
give attackers a way to send endless SMS and service messages without any
kind of authentication and with a simple HTTP request.
3.) Fredric Raynal (Head of Research, Sogeti/Cap Gemini) with Arnauld Mascret (Sogeti / Cap Gemini) & Christophe Devaux (Sogeti / Cap Gemini) -- Deception 2.0: Gathering and Exploiting Information
4.) Gynvael Coldwind (Researcher, Hispasec) -- A Case Study of Recent Windows Vulnerabilities
5.) Laurent Oudot (Founder, TEHTRI-Security) -- Silent Steps: Improving the Stealthiness of Web Hacking
6.) Marc Schoenefeld (Independent Network Security Specialist) -- Open Sesame: Examining Android Code with undx2
7.) Shawn Merdinger (Security Researcher) -- We Don't Need No Stinkin' Badges: Hacking Electronic Door Access Controllers
8.) The Grugq (Anti Forensics Specialist) -- Base Jumping: Attacking GSM Base Stations and Mobile Phone Basebands
HITBSecConf2010 - Dubai will also feature a HITB Web Hacking. This years contest will once again include an additional binary reversing challenge as well.
Please send data to cfp@toorcon.org :
000. Name (or leet alias, non-leet aliases are subject to heckling)
001. Email Address
010. Mobile Phone Number (In case we need to contact you at the con)
011. Brief Bio
100. Title of the Talk
101. Brief Abstract
110. Any supporting materials, links, outlines, etc
111. What talk format are you submitting for:
Please send data to cfp@toorcon.org :
00. Name
01. Email Address
02. Mobile Phone Number
03. Brief Bio
04. Title of the Talk
05. Brief Abstract
06. Any supporting materials, links, outlines, etc
07. What talk format are you submitting for:
Strom Carlson - Why your mother will never care about Linux (a rant)
Stephan Chenette - Ultimate Script Deobfuscation: Browser Hooking versus simulation
Luiz "effffn" Eduardo - a 30,000 feet look at wi-fi, the freezing spot
Adam Cecchetti - Nunchaku: Attack, Defense, and a lot of arm flailing
Dan Griffin - Hacking SharePoint
Zane Lackey & Luis Miras - Mobile Phone Messaging Anti-Forensics
Dan Hubbard - P0wn the Cloud. The good, the bad, and the pugly of Cloud Computing
Tom Stracener - Advanced Cross-Site Scripting Scenarios, Filter Evasion and Browser Exploits
Thomas Ristenpart - Privacy-preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs
Dean Pierce - Seeds of Contempt
Zax - How did that Nigerian do that?! Artificial Intelligence and You
[*] Attacking Hardware
* Drone hacking: Tic-Tac-Toe in the sky with Reaper and Raptor
* Robots MCU infection: STDs for Petman and Bigdog?
* Attacking Wireless Sensors and their underlying networks.
* Hardware reverse engineering (and exploitation + backdooring)
* LTE mobile phone attack
* eNode-B hacking
* Hacking UEFI & Secure Boot
* Gnu Radio hacking applied to new domains
* RFID exploitation
* Hacking radio protocols, specifications and implementations
#2009-011 Android improper camera and audio permission verification
Description:
Android, an open source mobile phone platform, improperly checks permissions
when applications access the camera and audio resources.
The permissions are Manifest.permission.CAMERA and
Manifest.permission.AUDIO_RECORD respectively.
#2009-006 Android improper package verification when using shared uids
Description:
Android, an open source mobile phone platform, improperly checks developer
certificates when installing packages that request the shared user identifier
(uid) permission.
Normally, Android applications will be allowed to share a uid if the
packages are all signed by the same developer certificate and request
Please send data to cfp@toorcon.org :
000. Name (or leet alias, non-leet aliases are subject to heckling)
001. Email Address
010. Mobile Phone Number (In case we need to contact you at the con)
011. Brief Bio
100. Title of the Talk
101. Brief Abstract
110. Any supporting materials, links, outlines, etc
111. What talk format are you submitting for:
Vendor: Pantech (http://www.pantechusa.com)
Product: Link P7040P, others may be vulnerable
Version affected: JLUS040201 confirmed, others may be vulnerable
Product description:
The Pantech Link is a mobile phone supporting a 2.4" LCD screen and full
keyboard that facilitates simple text messaging.
Credit: Paul Kehrer of Trustwave SpiderLabs
Finding: Vulnerability in Pantech Web Browser SSL Implementation
Please send data to cfp@toorcon.org :
0. Name
1. Email Address
2. Mobile Phone Number
3. Brief Bio
4. Title of the Talk
5. Brief Abstract
6. Any supporting materials, links, outlines, etc
7. What talk format are you submitting for:
We aim to show that it is possible to find and exploit bugs on Symbian
smartphones, even in preinstalled system applications, without having
access to special development hardware, and that exploits and worms
similar to those found on desktop systems may be possible on Symbian.
The bugs listed in this paper have been sent to Nokia and are currently
under review. Mobile phone manufacturers should be aware that remote
vulnerabilities of the kind discussed in this paper could be used in
targeted attacks to remotely compromise a smartphone (track GPS, turn on
mic, etc.), or as a means of propagation for mobile network worms.
--
For ToorCamp we will be having 50-minute talks on Thursday, 20-minute talks on Friday, and then hands-on workshops throughout the weekend. To submit a talk for the conference, please fill out the information below and email to cfp@toorcamp.org:
0. Name
1. Email Address
2. Mobile Phone Number
3. Brief Bio
4. Title of the Talk
5. Brief Abstract
6. Any supporting materials, links, outlines, etc
7. What talk format are you submitting for:
Notes:
** - Speaker changed due to the fscking ash cloud mess!
## - Grugq was stopped by his employer COSEINC from presenting his
original 'Attacking GSM Base Stations and Mobile Phone Basebands'
presentation - WTF?! #fail!!!
See you guys at HITBSecConf2010 - Amsterdam (June 29th - July 2nd at the
NH Grand Krasnapolsky)
modern society.
Dave 'h1kari' Hulton is a seasoned 'hardware hacker' and the organizer
of the annual Toorcon (www.toorcon.org) security conferences in
Seattle and San Diego. David will be presenting on intercepting mobile
phone and GSM traffic utilizing techniques and hardware that until
recently had been priced out of the range of most individuals and
companies.
John 'jur1st' Benson is a lawyer from Kansas City, MO who specializes
in electronic discovery and is also the chairman of the Kansas City
====================================================
3) Summary
The Web Browser for S60 (formally called Nokia Mini Map Browser) is a web
browser for the S60 mobile phone platform developed by Nokia.
It is built upon S60WebKit, a port of the open source WebKit project to the S60
platform. According to several sources, the S60 software on Symbian OS is the
world's most popular software for smartphones.
This version of the Nokia Mini Map Browser does not properly validate JavaScript
|
|
|
