Home page logo

fulldisclosure logo Full Disclosure mailing list archives

[US-CERT VU#584363] Pwning a complete fleet of GSM/Tablets
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml () tehtri-security com>
Date: Mon, 21 Nov 2011 18:55:24 +0100


Feel free to read US-CERT VU#584363 related to our recents 0days
allowing skilled attackers to take the complete control of a fleet of
GSM/Tablets (Symbian, iPhone/iPad, BlackBerry, Windows Mobile, Android,
etc), thanks to vulnerabilities in Mobile Device Management (MDM).

This could lead to the shred of the complete fleet of devices (might be
long to recover/reinstall hundreds or thousands of devices worldwide..).
Of course, this could also lead to remote spying on those devices, etc.

MDM is essentially related to large scale companies or governments, that
really need this kind of tools to manage big fleets properly.

We suggest these organization to contact their (really technical)
security partners in order to launch advanced penetration tests, as it
will definitely become a nice vector of intrusion in a short future.

Pwning thousands of devices is more interesting for evil attackers,
compared to powning 1 device sometimes by coming in the same cellphone
area, etc.


Best regards,

Laurent Oudot, CEO TEHTRI-Security - tehtris.com - "This is Not A Game"

*Next live hacking sessions to join us*

--DEC 2011 / Black Hat / Abu Dhabu, UAE
 Training: "Advanced PHP Hacking"
 [w] http://www.blackhat.com/

--FEB 2012 / Hack In The Box GSEC / Mumbai, India
 Training "Strategic Cyber Attacks,Advanced Persistent Threats & Beyond"
 [w] http://gsec.hitb.org/?p=134

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [US-CERT VU#584363] Pwning a complete fleet of GSM/Tablets Laurent OUDOT at TEHTRI-Security (Nov 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]