Rss

    Archives for : integration

    Corporate Phone Lockdown Links

    Hi,

    I’m looking at some of the techniques used to lockdown the Iphone, Samsung, Sony and HDC mobile phones. I hope others find the links useful.

    Iphone

    Lock down the information on your iPhone and iPod touch
    http://www.touchtip.com/iphone-and-ipod-touch/lock-down-the-information-on-your-iphone-and-ipod-touch/

    iPhone’s PIM lockdown
    http://forum.brighthand.com/showthread.php?t=264166&page=2

    Apple ‘wise’ to lock down iPhone software
    http://www.itnews.com.au/News/44505,apple-wise-to-lock-down-iphone-software.aspx

    iPhone lockdown to boost on-demand services
    http://www.pcmag.co.uk/vnunet/news/2194973/iphone-lockdown-benefits-firms

    Wired’s Easy-Peasy iPhone Lockdown Checklist
    http://www.tuaw.com/2007/09/28/wireds-easy-peasy-iphone-lockdown-checklist/

    Gartner: iPhone 2.0 cuts business mustard
    http://news.cnet.com/8301-1001_3-10016270-92.html

    3G iPhone: The business perspective
    http://news.cnet.com/3G-iPhone-The-business-perspective/2100-1041_3-6243471.html

    What IT staff can do if the CEO gets an iPhone
    http://www.infoworld.com/article/07/07/24/What-to-do-if-the-CEO-gets-an-iPhone_1.html

    Iphone Hacking
    http://www.9to5mac.com/hacked-iphoneOS-beats-Apple%27s-Updated-OS-hands-down-23459856

    Iphone Enterprise
    http://www.apple.com/iphone/enterprise/
    http://www.apple.com/iphone/enterprise/integration.html

    New Specification to Lock Down Mobile Phones
    http://www.cio.com/article/24369/New_Specification_to_Lock_Down_Mobile_Phones

    Samsung

    Sony

    HDC

    ———– Advertisement ———-
    RapidRepair.com RapidRepair.com is dedicated to the service, repair, and modification of ALL iPod, iPhone, Zune, and other small electronic devices.

    VoIP and SIP links

    I’m looking at the Microsoft OCS server and other SIP integration environments. So I thought I would put the links here for others who were interested. I am also considering the issues associated with Mitel VoIP and OCS integration.

    It would be interesting if the Microsoft OCS could seamlessly allow the use of soft phones and the Mitel VoIP system. I assume a trunk needs to be setup between the two… Anyway something to look at.

    http://communicationsserverteam.com/archive/2008/05/23/196.aspx

    Office Communications Server 2007 VoIP Test Set

    OCS Testing Tool

    Connect Mitel and OCS2007

    Mitel 3300 & OCS – Ring on deskphone and softphone

    Connecting Mitel 3300cx and OCS

    VOIP – MITEL 3300 SIP TRUNK TO OCS 2007

    OCS 2007 Best Practices Analyzer

    Serious flaws in bluetooth security lead to disclosure of personal data

    source

     

     

    Summary
    In November 2003, Adam Laurie of A.L. Digital Ltd. discovered that there are serious flaws in the authentication and/or data transfer mechanisms on some bluetooth enabled devices. Specifically, three vulnerabilities have been found:

    Firstly, confidential data can be obtained, anonymously, and without the owner’s knowledge or consent, from some bluetooth enabled mobile phones. This data includes, at least, the entire phone book and calendar, and the phone’s IMEI.

    Secondly, it has been found that the complete memory contents of some mobile phones can be accessed by a previously trusted (“paired”) device that has since been removed from the trusted list. This data includes not only the phonebook and calendar, but media files such as pictures and text messages. In essence, the entire device can be “backed up” to an attacker’s own system.

    Thirdly, access can be gained to the AT command set of the device, giving full access to the higher level commands and channels, such as data, voice and messaging. This third vulnerability was identified by Martin Herfurt, and they have since started working together on finding additional possible exploits resulting from this vulnerability.

    Finally, the current trend for “Bluejacking” is promoting an environment which puts consumer devices at greater risk from the above attacks.
    Vulnerabilities

    The SNARF attack:
    It is possible, on some makes of device, to connect to the device without alerting the owner of the target device of the request, and gain access to restricted portions of the stored data therein, including the entire phonebook (and any images or other data associated with the entries), calendar, real-time clock, business card, properties, change log, IMEI (International Mobile Equipment Identity [6], which uniquely identifies the phone to the mobile network, and is used in illegal phone ‘cloning’). This is normally only possible if the device is in “discoverable” or “visible” mode, but there are tools available on the Internet that allow even this safety net to be bypassed[4]. Further details will not be released at this time (see below for more on this), but the attack can and will be demonstrated to manufacturers and press if required.

    The BACKDOOR attack:
    The backdoor attack involves establishing a trust relationship through the “pairing” mechanism, but ensuring that it no longer appears in the target’s register of paired devices. In this way, unless the owner is actually observing their device at the precise moment a connection is established, they are unlikely to notice anything untoward, and the attacker may be free to continue to use any resource that a trusted relationship with that device grants access to (but note that so far we have only tested file transfers). This means that not only can data be retrieved from the phone, but other services, such as modems or Internet, WAP and GPRS gateways may be accessed without the owner’s knowledge or consent. Indications are that once the backdoor is installed, the above SNARF attack will function on devices that previously denied access, and without the restrictions of a plain SNARF attack, so we strongly suspect that the other services will prove to be available also.

    The BLUEBUG attack:
    The bluebug attack creates a serial profile connection to the device, thereby giving full access to the AT command set, which can then be exploited using standard off the shelf tools, such as PPP for networking and gnokii for messaging, contact management, diverts and initiating calls. With this facility, it is possible to use the phone to initiate calls to premium rate numbers, send sms messages, read sms messages, connect to data services such as the Internet, and even monitor conversations in the vicinity of the phone. This latter is done via a voice call over the GSM network, so the listening post can be anywhere in the world. Bluetooth access is only required for a few seconds in order to set up the call. Call forwarding diverts can be set up, allowing the owner’s incoming calls to be intercepted, either to provide a channel for calls to more expensive destinations, or for identity theft by impersonation of the victim.

    Bluejacking:
    Although known to the technical community and early adopters for some time, the process now known as “Bluejacking”[1] has recently come to the fore in the consumer arena, and is becoming a popular mechanism for exchanging anonymous messages in public places. The technique involves abusing the bluetooth “pairing”[2] protocol, the system by which bluetooth devices authenticate each other, to pass a message during the initial “handshake” phase. This is possible because the “name” of the initiating bluetooth device is displayed on the target device as part of the handshake exchange, and, as the protocal allows a large user defined name field – up to 248 characters – the field itself can be used to pass the message. This is all well and good, and, on the face of it, fairly harmless, but, unfortunately, there is a down side. There is a potential security problem with this, and the more the practice grows and is accepted by the user community, and leveraged as a marketing tool by the vendors, the worse it will get. The problem lies in the fact that the protocol being abused is designed for information exchange. The ability to interface with other devices and exchange, update and synchronise data, is the raison d’être of bluetooth. The bluejacking technique is using the first part of a process that allows that exchange to take place, and is therefore open to further abuse if the handshake completes and the “bluejacker” successfully pairs with the target device. If such an event occurs, then all data on the target device becomes available to the initiator, including such things as phone books, calendars, pictures and text messages. As the current wave of PDA and telephony integration progresses, the volume and quality of such data will increase with the devices’ capabilities, leading to far more serious potential compromise. Given the furore that irrupted when a second-hand Blackberry PDA was sold without the previous owner’s data having been wiped[3], it is alarming to think of the consequences of a single bluejacker gathering an entire corporate staff’s contact details by simply attending a conference or camping outside their building or in their foyer with a bluetooth capable device and evil intent. Of course, corporates are not the only potential targets – a bluejacking expedition to, say, The House of Commons, or The US Senate, could provide some interesting, valuable and, who’s to say, potentially damaging or compromising data.<<<

     

    The above may sound alarmist and far fetched, and the general reaction would probably be that most users would not be duped into allowing the connection to complete, so the risk is small. However, in today’s society of instant messaging, the average consumer is under a constant barrage of unsolicited messages in one form or another, whether it be by SPAM email, or “You have won!” style SMS text messages, and do not tend to treat them with much suspicion (although they may well be sceptical about the veracity of the offers). Another message popping up on their ‘phone saying something along the lines of “You have won 10,000 pounds! Enter this 4 digit PIN number and then dial 0900-SUCKER to collect your prize!” is unlikely to cause much alarm, and is more than likely to succeed in many cases.

    Workarounds and fixes
    We are not aware of any workarounds for the SNARF or BLUEBUG attacks at this time, other than to switch off bluetooth. For permanent fixes, see the ‘Fixes’ section at the bottom of the page.

    To permanently remove a pairing, and protect against future BACKDOOR attacks, it seems you must perform a factory reset, but this will, of course, erase all your personal data.

    To avoid Bluejacking, “just say no”. :)

    The above methods work to the best of our knowledge, but, as the devices affected are running closed-source proprietary software, it not possible to verify that without the collaboration of the manufacturers. We therefore make no claims as to the level of protection they provide, and you must continue to use bluetooth at your own risk.

    Who’s Vulnerable
    To date the quantity of devices tested is not great. However, due to the fact that they are amongst the most popular brands, we still consider the affected group to be large. It is also assumed that there are shared implementations of the bluetooth stack, so what affects one model is likely to affect others. This table is accurate to the best of our knowledge, but without the cooperation of the manufacturers (which we currently do not have), it is not possible to conduct more extensive validation.

    The devices known to be vulnerable at this time are:

    Vulnerability Matrix (* = NOT Vulnerable)
    MakeModelFirmware RevBACKDOORSNARF when VisibleSNARF when NOT VisibleBUG
    EricssonT6820R1B
    20R2A013
    20R2B013
    20R2F004
    20R5C001
    ?YesNoNo
    Sony EricssonR520m20R2G?YesNo?
    Sony EricssonT68i20R1B
    20R2A013
    20R2B013
    20R2F004
    20R5C001
    ?Yes??
    Sony EricssonT61020R1A081
    20R1L013
    20R3C002
    20R4C003
    20R4D001
    ?YesNo?
    Sony EricssonT61020R1A081???Yes
    Sony EricssonZ1010??Yes??
    Sony EricssonZ60020R2C007
    20R2F002
    20R5B001
    ?Yes??
    Nokia631004.10
    04.20
    4.07
    4.80
    5.22
    5.50
    ?YesYes?
    Nokia6310i4.06
    4.07
    4.80
    5.10
    5.22
    5.50
    5.51
    NoYesYesYes
    Nokia7650?YesNo (+)?No
    Nokia8910??YesYes?
    Nokia8910i??YesYes?
    * SiemensS55?NoNoNoNo
    * SiemensSX1?NoNoNoNo
    MotorolaV600 (++)?NoNoNoYes
    MotorolaV80 (++)?NoNoNoYes

    + We now believe the 7650 is only vulnerable to SNARF if it has already been BACKDOORed.
    ++ The V600 and V80 are discoverable for only 60 seconds, when first powered on or when this feature is user selected, and the window for BDADDR discovery is therefore very small. Motorola have stated that they will correct the vulnerability in current firmware.

    Disclosure
    What is the Philosophy of Full Disclosure, and why are we providing the tools and detailing the methods that allow this to be done? The reasoning is simple – by exposing the problem we are achieving two goals: firstly, to alert users that the dangers exist, in order that they can take their own precautions against compromise, and secondly, to put pressure on manufacturers to rectify the situation. Consumers have a right to expect that their confidential data is treated as such, and is not subject to simple compromise by poorly implemented protocols on consumer devices. Manufacturers have a duty of care to ensure that such protection is provided, but, in practice, commercial considerations will often take precedence, and, given the choice, they may choose to simply supress or hide the problem, or, even worse, push for laws that prevent the discovery and/or disclosure of such flaws[5]. In our humble opinion, laws provide scant consumer protection against the lawless.

    After 13 months, and in consideration of the fact that affected manufacturers had acknowledged the issues and made updated firmware available, Full Disclosure took place at the Chaos Computer Club’s annual congress – 21C3, in Berlin, 2004.

    Slides from the disclosure talk can be found here: http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf

    Tools
    Proof of concept utilities have been developed, but are not yet available in the wild. They are:

    • bluestumbler – Monitor and log all visible bluetooth devices (name, MAC, signal strength, capabilities), and identify manufacturer from MAC address lookup.
    • bluebrowse – Display available services on a selected device (FAX, Voice, OBEX etc).
    • bluejack – Send anoymous message to a target device (and optionally broadcast to all visible devices).
    • bluesnarf – Copy data from target device (everything if pairing succeeds, or a subset in other cases, including phonebook and calendar. In the latter case, user will not be alerted by any bluejack message).
    • bluebug – Set up covert serial channel to device.
      Tools will not be released at this time, so please do not ask. However, if you are a bona-fide manufacturer of bluetooth devices that we have been otherwise unable to contact, please feel free to get in touch for more details on how you can identify your device status.

    Credits
    The above vulnerabilities were discovered by Adam Laurie, during the course of his work with A.L. Digital, in November 2003, and this announcement was prepared thereafter by Adam and Ben Laurie for immediate release.

    Adam Laurie is Managing Director and Chief Security Officer of A.L. Digital Ltd.

    Ben Laurie is Technical Director of A.L. Digital, and author of Apache-SSL and contributor to many other open source projects, too numerous to expand on here.

    A.L. Digital Ltd. are the owner operators of The Bunker, the world’s most secure data centre(s).
    e: adam@algroup.co.uk
    w: http://www.aldigital.co.uk

    e: ben@algroup.co.uk
    w: http://www.apache-ssl.org/ben.html

    Further information relating to this disclosure will be updated at http://www.bluestumbler.org

    References:
    [1]

    [2]

    [3]

    • www.outlaw.com

    [4]

    • bluesniff
    • btscanner
    • redfang

    [5]

    [6]

    New e-Commerce and Payment Technologies Company

    Recently I came across a new e-Commerce company called EFT Networks, which seems to have an exciting future in the Global Payments Market.

    It looks like they have a good mix of consulting and solution design.

    www.eftnetworks.com

    Services

    Electronic Payment

    Designed to enable both credit card and direct debit, EFT Networks electronic payment solutions work effectively across multiple sales channels—including Web, Contact Call Centre, IVR and EFTPOS. Manage your payment processing system in-house or outsource, depending on your business needs.

    Global Payments

    International commerce requires fully integrated global payment and risk management solutions. Requirements span the gamut of payment acceptance considerations from accepting local payment types, pricing in local currencies and dynamically updating prices with changes in exchange rates (dynamic currency conversion), authorising and settling in multiple currencies, to managing fraud and compliance issues such as tax and export regulations. EFT Networks offers a single interface to the global payment network to handle all of these considerations as your business grows.

    ICE – Reporting & Management

    The EFT Networks Enterprise Business Center gives you a single, easy-to-use interface for managing and configuring payment processing services.

    ICE caters for each area of the payment transaction cycle from authentication, authorisation, settlement, dispute resolution and reconciliation – enabling our clients to reduce transaction costs, eliminate fraud, minimise risk, maximise cash flow and increase profitability.

    Integrations

    EFT Networks provides flexible and secure payment and risk management integrations in to host and legacy systems as well as industry-leading software.

    Using industry standards and protocols, our solutions can be customised to suit your exact business requirements

    Products

    ICE (Intelligent Communications Exchange)

    At the core is our Intelligent Communications Exchange (ICE) which enables all known transaction enablers from EFTPOS to eCommerce to be routed directly to a client’s bank without intervention for real time acceptance and authentication.

    The EFT Networks ICE operates under a philosophy of total System and Physical redundancy delivering the highest uptime rates possible, whilst the transaction network is protected using Solid State and Application Firewalls on all points of ingress and egress.

    Every transaction processed through EFT Networks is encrypted using 128 bit Secure Socket Layer (SSL) encryption and submitted for authorisation through EFT Networks “Secure Virtual Private Network” (SVPN).

    Our commitment to security is also reflected in our swift compliance with Card Schemes security initiatives such as VerifiedByVisa and MasterCard SecureCode.

    EFT Networks comprehensive suit of online reporting tools combined with daily transaction reports will ensure that our clients always have access to up-to-date management information allowing Business Managers to make quick and well-informed business decisions. The decision making process is simplified even further with the power of daily reports that are customised to be imported into most existing legacy systems.