Forgot your password?
Close
typodupeerror
Android

Submission + - T-Mobile Security Flaw Allowed Eavesdropping of Wi-Fi Calls, Texts (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: A vulnerability discovered by researchers at UC Berkeley enabled attackers to eavesdrop on and modify calls and text messages sent using T-Mobile's "Wi-Fi Calling" feature.

According to Jethro Beekman and Christopher Thompson, both UC Berkeley graduate students, when an affected Android device connected to a server via T-Mobile's Wi-Fi Calling feature, it did not correctly validate the server's security certificate, exposing calls and text messages to a "man-in-the-middle" (MiTM) attack.

In short, by executing a MiTM attack, and using decrypted SIP (Session Initiation Protocol) dialog, an attacker could record all incoming and outgoing calls and text messages. “[An attacker] could record, block and reroute SIP traffic. The attacker could change it by faking a sender or changing the real-time voice data or message content. He could fake incoming traffic and he can impersonate the client with forged outgoing traffic,” the report, released Tuesday, said.

Beekman and Thompson said they notified T-Mobile of their discoveries in December 2012, and worked with the mobile operator to confirm and fix the problem. As of March 18, all affected T-Mobile customers have received the security update fixing the vulnerability, the researchers said.

This is not the first time TLS/SSL issues have come to the forefront of mobile world. Last October, researchers from two universities in Germany published a paper (PDF) that exposed the state of SSL within Android applications, which revealed that many applications failed to properly implement SSL, leaving millions of users exposed to basic Man-In-The-Middle attacks.
Cellphones

Submission + - We Should Be Allowed to Unlock Everything We Own (wired.com)

Submitted by Anonymous Coward
An anonymous reader writes: When cell phone unlocking became illegal last month, it set off a firestorm of debate over what rights people should have for phones they have legally purchased. But this is really just one facet of a much larger problem with property rights in general. 'Silicon permeates and powers almost everything we own. This is a property rights issue, and current copyright law gets it backwards, turning regular people — like students, researchers, and small business owners — into criminals. Fortune 500 telecom manufacturer Avaya, for example, is known for suing service companies, accusing them of violating copyright for simply using a password to log in to their phone systems. That’s right: typing in a password is considered "reproducing copyrighted material." Manufacturers have systematically used copyright in this manner over the past 20 years to limit our access to information. Technology has moved too fast for copyright laws to keep pace, so corporations have been exploiting the lag to create information monopolies at our expense and for their profit. After years of extensions and so-called improvements, copyright has turned Mickey Mouse into a monster who can never die.' We need to win the fight for unlocking phones, and then keep pushing until we actually own the objects we own again.

Comment Re:adult (Score 1) 306

by spanishflies (#12387646) Attached to: The DVD Rental Race Analyzed
Netflix needs something to differentiate itself from Blockbuster.

The "deal" from Blockbuster is already sweeter due to lower cost and the two free in-store rentals. Also, any shipping delays that Blockbuster currently will most likely be minimized as they expand their facilities.

I think the perfect differentiator is porn. As you probably know, Blockbuster will never carry porn (or even NC-17) movies.

Porn rentals lend themselves perfectly to the anonymity of the mail order system. Plus, it would be funny to see the titles that Netflix decides to recommend to you based on your "tastes".

Slashdot Top Deals

You have junk mail.

Close