[Security Advisory] Multiple Smartphones MMS Notification Sender Obfuscation

Discovered by: Michael Mueller a.k.a. c0rnholio
Contact: c0rnholio on domain netcologne.de
Vendor Status: not contacted
Fixes / Workarounds: none known
Discovery Date: June, 2008
Public Disclosure: 11.09.2009


Description:

A MMS Notification is part of the MMS communication flow. Usually an originator sends and
mms via a service provider (SP). After uploading the message to the SP, the recipient gets a
MMS notification from the SP with information like originator, subject and URL of the content.
In some mobile carrier networks it is allowed to send MMS notifications directly from one mobile
unit to another.

Some Smartphones fail to properly display the originator of this kind of message which leads
to a sender obfuscation.

Continue reading

[Security Advisory] Multiple Smartphones SMS Sender Obfuscation via WAP Push SI

Discovered by: Michael Mueller a.k.a. c0rnholio
Contact: c0rnholio on domain netcologne.de
Vendor Status: not contacted
Fixes / Workarounds: none known
Discovery Date: June, 2008
Public Disclosure: 11.09.2009


Description:

WAP Push SI (Service Indication) is a special service SMS which allows operators
or everyone else to provide an easy way for alerting the smartphone user about new
services or online resources. (see specification WAP-167 for further details)
Some Smartphones fail to properly display the originator of this kind of message
which leads to a sender obfuscation.

Continue reading

[Security Advisory] Circumvent Device Lock in Blackberry Connect for Windows Mobile

Description:

BBC features a security module that, if configured and activated,
locks the device after a specific amount of time.
In a corporate environment this is usually set up by a security
policy which is pushed to the device via Blackberry Enterprise Server (BES).
If the device is locked the user has to enter a password to unlock the device again.
There are two ways a user can compromise the security implied with the BBC security service.

Continue reading

[Security Advisory] Windows Mobile Security Advisory: Manufacturers leave device open for WAP-Push based attacks

Description:

WAP Push SI (Service Indication) and SL (Service Load) are so called “Service SMS”.
These messages are used by operators to notify about software updates or to deploy
them directly. Microsoft implemented a security policy to ensure that these messages
are accepted only from trusted orginators. This policy is defined in the device registry.
If improper settings are applied to this policy attackers can send malicious content
to the device which then displays or executes the content immediately.
This leaves the device open for further attack scenarios.

Continue reading