[Dailydave] Seeking more info on: Devastating mobile attack under spotlight
Roy M. Silvernail
roy at rant-central.com
Mon Nov 27 17:46:12 EST 2006
Nicolas RUFF wrote:
> - "Over The Air" (OTA) update of Java applets is possible. There is a
> "secret" password which for some manufacturers is the same across the
> whole product line.
> http://www.gemplus.com/techno/ota/
I take two points from that page. First, the SIM is fully manipulable
through the OTA interface. Second, all the "security" in the system is
concentrated in the OTA Gateway, vis:
"In this step the OTA Gateway is also responsible for the
integrity and security of the process."
This implies that the handsets do little or nothing to contribute to
security. If you can spoof the gateway...
--
Roy M. Silvernail is roy at rant-central.com, and you're not
"It's just this little chromium switch, here." - TFT
CRM114->procmail->/dev/null->bliss
http://www.rant-central.com
More information about the Dailydave
mailing list