lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <4ECA908C.1080209@tehtri-security.com>
Date: Mon, 21 Nov 2011 18:55:24 +0100
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml@...tri-security.com>
To: full-disclosure@...ts.grok.org.uk, 
	Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml@...tri-security.com>
Subject: [US-CERT VU#584363] Pwning a complete fleet of
	GSM/Tablets


Gents,

Feel free to read US-CERT VU#584363 related to our recents 0days
allowing skilled attackers to take the complete control of a fleet of
GSM/Tablets (Symbian, iPhone/iPad, BlackBerry, Windows Mobile, Android,
etc), thanks to vulnerabilities in Mobile Device Management (MDM).

This could lead to the shred of the complete fleet of devices (might be
long to recover/reinstall hundreds or thousands of devices worldwide..).
Of course, this could also lead to remote spying on those devices, etc.

MDM is essentially related to large scale companies or governments, that
really need this kind of tools to manage big fleets properly.

We suggest these organization to contact their (really technical)
security partners in order to launch advanced penetration tests, as it
will definitely become a nice vector of intrusion in a short future.

Pwning thousands of devices is more interesting for evil attackers,
compared to powning 1 device sometimes by coming in the same cellphone
area, etc.

References:
http://www.kb.cert.org/vuls/id/584363
http://www.tehtri-security.com/en/news.php

Best regards,

Laurent Oudot, CEO TEHTRI-Security - tehtris.com - "This is Not A Game"

*Next live hacking sessions to join us*

--DEC 2011 / Black Hat / Abu Dhabu, UAE
 Training: "Advanced PHP Hacking"
 [w] http://www.blackhat.com/

--FEB 2012 / Hack In The Box GSEC / Mumbai, India
 Training "Strategic Cyber Attacks,Advanced Persistent Threats & Beyond"
 [w] http://gsec.hitb.org/?p=134
 [t] #HITBGSEC

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ