[Dailydave] Seeking more info on: Devastating mobile attack under spotlight
liquidfish
liquidfish at gmail.com
Mon Nov 27 15:32:37 EST 2006
It is possible for carriers to send and install a new firmware image to a
mobile phone using SMS messages. The system is called Firmware Over The Air
(FOTA) technology. Mobile carriers use this tech to send updates to
customers without requiring customer intervention. So whether or not it is
possible to update a mobile station's entire firmware image is not in
question. It IS possible because the carriers have designed systems to make
it possible. The question that needs to be answered is whether or not (and
possibly how) those systems validate the legitimacy of the FOTA messages
they recieve. Something like the 3GPP EAP-SIM standard would be a very
applicable (although a pain in the butt i imagine given the dependency on
SMS messages for FOTA) method for validation that could possibly resolve the
alleged vulnerability (if it exists)
-p
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20061127/5b0227ec/attachment.htm
More information about the Dailydave
mailing list