31 Years of the Digest ... founded August 21, 1981
The Telecom Digest for August 10, 2013
====== 31 years of TELECOM Digest -- Founded August 21, 1981 ======
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Bill Horne and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using any name or email address
included herein for any reason other than responding to an article
herein, you agree to pay a hundred dollars to that person, or email address
Addresses herein are not to be added to any mailing list, nor to be sold or given away without the explicit written consent of the owner of that address. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. - Geoffrey Welsh
See the bottom of this issue for subscription and archive details and the name of our lawyer, and other stuff of interest.
Date: Mon, 5 Aug 2013 01:42:46 -0400 From: Monty Solomon <firstname.lastname@example.org> To: email@example.com. Subject: Researchers reveal how to hack an iPhone in 60 seconds Message-ID: <firstname.lastname@example.org> Researchers reveal how to hack an iPhone in 60 seconds Summary: Three Georgia Tech hackers have disclosed how to hack iPhones and iPads with malware in under sixty seconds using a "malicious charger." UPDATED. By Violet Blue for Zero Day July 31, 2013 Three Georgia Tech hackers have revealed how to hack iPhones and iPads with malware imitating ordinary apps in under sixty seconds using a "malicious charger." Today at a Black Hat USA 2013 press conference, the researchers revealed for the first time exactly how the USB charger they built can compromise iOS devices in less than a minute. Billy Lau, Yeongjin Jang and Chengyu Song showed how they made an ordinary looking charger into a malicious vector for transmitting malware using an open source BeagleBoard, available for $125 (similar to a Raspberry Pi). For the demonstration, the researchers used an iPhone. They plugged in the phone, and when the passcode was entered, the sign-code attack began. For the demo, the Facebook app was used as an example. Within seconds of plugging in the charger, the Facebook app was invisibly removed from the device and seamlessly replaced with a Facebook app imitation with a malicious payload. The app's icon was in the exact same spot as it was before the attack - there is no way of knowing the application is not malware. ... http://www.zdnet.com/researchers-reveal-how-to-hack-an-iphone-in-60-seconds-7000018822/
Date: Mon, 5 Aug 2013 01:49:33 -0400 From: Monty Solomon <email@example.com> To: firstname.lastname@example.org. Subject: Wolf in sheep's clothing at Black Hat: Getting pwn'd by innocent looking devices Message-ID: <email@example.com> Wolf in sheep's clothing at Black Hat: Getting pwn'd by innocent looking devices By Darlene Storm August 1, 2013 A trio of researchers presented "Mactans: Injecting Malware into iOS Devices via Malicious Chargers" at Black Hat, demonstrating how an "iOS device can be compromised within one minute" after plugging into a maliciously crafted charger. Until Apple patches the vulnerability that allows the exploit, all iPhone or iPad users are vulnerable as the device does not need to be jailbroken for the attack to work. It takes advantage of an iOS flaw that allows pairing without any notification to the user. Their proof-of-concept charger, dubbed Mactans, was built using a $45 BeagleBoard. As soon as an iOS device is plugged in, the fake charger instantly captures the Unique Device Identifier (UDID). Then it connects to Apple's developer support website and submits that UDID for a "provisioning profile." The charger installs code and the attacker now has full control of the device. GTISC associate director Paul Royal said, "Getting the UDID is trivial, and getting a provisioning profile is easy and automated." In one demonstration of what an attacker could do remotely, the researchers plugged an iPhone 5 into the charger, hid the iPhone Facebook app and installed a malicious copy over it that launched before the legitimate "hidden" copy. The Mactans' malicious payload could be about anything, from allowing "a remote attacker to make an unauthorized phone call from the iOS device" to taking "a screenshot whenever the user enters a password or other sensitive information." Basically it turns an iOS device into a spy tool. ... http://blogs.computerworld.com/cybercrime-and-hacking/22579/wolf-sheeps-clothing-black-hat-getting-pwnd-innocent-looking-devices
Date: Sun, 4 Aug 2013 19:51:34 -0700 (PDT) From: Neal McLain <firstname.lastname@example.org> To: email@example.com. Subject: Re: Only Seven Percent of TV Households Rely on Over-the-Air Signals according to CEA Study Message-ID: <firstname.lastname@example.org> On Sunday, August 4, 2013 9:13:09 AM UTC-5, Telco Guy wrote: > The cable or satellite digital box is the gateway to the primary > big-screen TV in the home. They don't make those boxes with OTA > antenna input and incorporate OTA signals seamlessly into the > channel lineup. Several years ago, there was some talk about a converter design that would do exactly that. The idea was that a single converter would have three inputs: VHF-OTA, UHF-OTA, CATV. The tuning circuitry would integrate the three signals into a single channel lineup, switching among inputs as necessary. In situations where a CATV signal and an OTA signal occupied the same channel, both would be presented in sequence with some sort of identifying suffix such as 4A (for OTA) and 4C (for CATV). The idea was to provide a way for CATV operators to avoid retransmission-consent fees by integrating OTA signals with CATV signals. The broadcast industry was quick to claim that even if a broadcast signal were picked up off the air, if it passed through a CATV-company-provided converter, retransmission consent would still apply. It seemed to me that one way to get around that problem would be for an independent company (like Radio Shack) to manufacture and sell them. In any case, the idea never went anywhere. No manufacturer -- either CATV or independent -- picked up the idea. In retrospect, it probably would have been an expensive, low-volume product. Furthermore, having two same-frequency signals running around inside the same box would have presented some complicated shielding problems. But I still think it would have been a neat product! Neal McLain
Date: Mon, 5 Aug 2013 01:48:16 -0400 From: Monty Solomon <email@example.com> To: firstname.lastname@example.org. Subject: Newly Discovered SIM Card Vulnerability Could Compromise Millions Of Mobile Phones Message-ID: <email@example.com> Newly Discovered SIM Card Vulnerability Could Compromise Millions Of Mobile Phones July 22, 2013 The United Nation's cybersecurity arm is planning to send out a multinational alert after a German research firm has discovered an encryption flaw that could compromise some types of mobile phones. The flaw, discovered by experts at Security Research Labs (SRL) in Berlin, makes it possible for hackers to remotely gain control of and potentially clone millions of SIM cards, according to Jim Finkle of Reuters. The vulnerabilities could reportedly open up more than half a billion phones to hackers, he added. ... http://www.redorbit.com/news/technology/1112903030/sim-card-vulnerabilities-revealed-072213/
Date: Mon, 5 Aug 2013 01:45:33 -0400 From: Monty Solomon <firstname.lastname@example.org> To: email@example.com. Subject: Researcher comes forward to claim responsibility for "intrusion" on Apple developer site Message-ID: <firstname.lastname@example.org> Researcher comes forward to claim responsibility for "intrusion" on Apple developer site by Erica Ogg JUL. 22, 2013 SUMMARY: A man admits that after reporting a security issue in its developer website to Apple, he went on to download the user information of more than 100,000 developers for testing purposes. Apple said last night its website for third-party developers was accessed by an "intruder." Now a man who calls himself a security researcher says he was the so-called intruder but that he was testing for holes in Apple's system and reported his findings to the company through standard channels. If true, it seems Apple did not appreciate his help. The man, who outed himself in comments on a TechCrunch post, wrote: ... http://gigaom.com/2013/07/22/researcher-comes-forward-to-claim-responsibility-for-intrusion-on-apple-developer-site/
Date: Wed, 7 Aug 2013 07:32:18 -0700 (PDT) From: HAncock4 <email@example.com> To: firstname.lastname@example.org. Subject: Pay phones removed from Brooklyn Federal Courthouse Message-ID: <email@example.com> In the continuing loss of coin telephones, the New York Daily News reported that 25 phones were removed from the Brooklyn federal courthouse. However, 14 still remain. Eastern District of New York court executive Eugene Corcoran said the feds were paying the phone company a monthly fee of $75 per phone. "The ones we took out had virtually no income, $2 or $3 a month," Corcoran told the Daily News. While lawyers may bring cellphones into the building, the general public must check them in the lobby. for full article please see: http://www.nydailynews.com/new-york/brooklyn/cuts-pay-phone-hangup-brooklyn-courthouse-article-1.1419571 There are a number of secured facilities where cell phones are not allowed. How patrons of such facilities will be able to make phone calls without pay phones has not been answered.
Date: Sun, 04 Aug 2013 23:55:39 -0500 From: Doug McIntyre <firstname.lastname@example.org> To: email@example.com. Subject: Re: Only Seven Percent of TV Households Rely on Over-the-Air Signals according to CEA Study Message-ID: <OoGdnakb9YTWrWLMnZ2dnUVZ_tKdnZ2d@giganews.com> Telco Guy <Telco@Guy.com> writes: >Gordon Burditt wrote: > >> Lots of other people with both a cable/satellite/internet source >> of TV programming and and antenna (not necessarily on the same TV) >There's your problem right there. >The cable or satellite digital box is the gateway to the primary >big-screen TV in the home. They don't make those boxes with OTA antenna >input and incorporate OTA signals seemlessly into the channel lineup. DirecTV & Dish does. BUT, nobody knows they do. DirecTV's current line of receiver boxes requires an add-on box (AM21 OTA receiver), that while the installers know they exist, they have never seen them. Thus why would any end-customer actually receive one and use one, since the installers don't have any, nor have installed any... Cable boxes, not so much. >I don't think the average home would find it ergonomic to watch OTA on >the 19" TV in the kitchen when there are issues with the cable/satellite >feed going to the 47" TV in the den. The other factor is that many people don't know that OTA signals still exists, or if they do, they've tried one of the numerous crap antennas on the market, failed to get a decent signal, and gave up. OOTH, the satellite and cable companies have made it easy to have good signal throughput the house, and even have remote DVR access on any TV, without having to go through gyrations to get a different input feed..
TELECOM Digest is an electronic journal devoted mostly to telecom- munications topics. It is circulated anywhere there is email, in addition to Usenet, where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Bill Horne. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. The Telecom Digest is moderated by Bill Horne.
43 Deerfield Road
Sharon MA 02067-2301
bill at horne dot net
This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Copyright (C) 2013 TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA.
Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization.