Tuesday, February 24 2009
SIMKO2 is the new super secure smart phone for German government
officials. According to heise.de
the device is based on HTC touch pro and runs a hardened version of Windows Mobile. The device and all it's communication with the outside is going to be
encrypted using a micro-sd smartcard (see here). Also the SIMKO2 devices
seem far from being deployed since they seem to have some performance
issues with the encryption, see here, also heise.de reports that the SIMKO2 devices are
faster then the original touch pro. If you can read german you should check out these three links: 1 2 3.
Sexy View is the first signed Symbian worm (makes it the first effective worm for S60 3rd edition).
The worm spreads through simple social engineering, it sends a SMS to every contact in the contact list of an infected phone. The SMS simply contains a URL to
the worm's SIS file on the internet. What I find interesting is the payload of the worm, since it doesn't seem to send any premium rate SMS or MMS but collects information about the phone (IMEI) and the SIM card (probably IMSI and MSISDN).
This makes me wonder what these information are being used for or maybe used for
in the future. Fortinet thinks that the worm could be the first step of a mobile botnet, also there is no proof yet that the worm contains any update or remote control
mechanism. This could be a really interesting thing in the near future.
The mobile bug of the week is a XSS attack against a HSDPA router using SMS, see
here. Like most routers
the Huawei E960 is controlled via a web interface. The interesting feature of the
E960 seems to be that it displays un-escaped SMS messages in the web interface and therefore can be exploited through SMS messages containing HTML and JavaScript. The attack is really funny, also I think it is quite impractical since the
victim would need to load the router configuration page in his web browser in order to trigger the
attack. Never the less this is a great attack!