mailing list archives
[US-CERT VU#584363] Pwning a complete fleet of GSM/Tablets
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml () tehtri-security com>
Date: Mon, 21 Nov 2011 18:55:24 +0100
Feel free to read US-CERT VU#584363 related to our recents 0days
allowing skilled attackers to take the complete control of a fleet of
GSM/Tablets (Symbian, iPhone/iPad, BlackBerry, Windows Mobile, Android,
etc), thanks to vulnerabilities in Mobile Device Management (MDM).
This could lead to the shred of the complete fleet of devices (might be
long to recover/reinstall hundreds or thousands of devices worldwide..).
Of course, this could also lead to remote spying on those devices, etc.
MDM is essentially related to large scale companies or governments, that
really need this kind of tools to manage big fleets properly.
We suggest these organization to contact their (really technical)
security partners in order to launch advanced penetration tests, as it
will definitely become a nice vector of intrusion in a short future.
Pwning thousands of devices is more interesting for evil attackers,
compared to powning 1 device sometimes by coming in the same cellphone
Laurent Oudot, CEO TEHTRI-Security - tehtris.com - "This is Not A Game"
*Next live hacking sessions to join us*
--DEC 2011 / Black Hat / Abu Dhabu, UAE
Training: "Advanced PHP Hacking"
--FEB 2012 / Hack In The Box GSEC / Mumbai, India
Training "Strategic Cyber Attacks,Advanced Persistent Threats & Beyond"
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- [US-CERT VU#584363] Pwning a complete fleet of GSM/Tablets Laurent OUDOT at TEHTRI-Security (Nov 21)