31 Years of the Digest ... founded August 21, 1981

Add this Digest to your personal   or  

The Telecom Digest for August 10, 2013
Volume 32 : Issue 169 : "text" Format
Messages in this Issue:
Researchers reveal how to hack an iPhone in 60 seconds (Monty Solomon)
Wolf in sheep's clothing at Black Hat: Getting pwn'd by innocent looking devices (Monty Solomon)
Re: Only Seven Percent of TV Households Rely on Over-the-Air Signals according to CEA Study (Neal McLain)
Newly Discovered SIM Card Vulnerability Could Compromise Millions Of Mobile Phones (Monty Solomon)
Researcher comes forward to claim responsibility for "intrusion" on Apple developer site (Monty Solomon)
Pay phones removed from Brooklyn Federal Courthouse (HAncock4)
Re: Only Seven Percent of TV Households Rely on Over-the-Air Signals according to CEA Study (Doug McIntyre)

====== 31 years of TELECOM Digest -- Founded August 21, 1981 ======

Telecom and VOIP (Voice over Internet Protocol) Digest for the Internet. All contents here are copyrighted by Bill Horne and the individual writers/correspondents. Articles may be used in other journals or newsgroups, provided the writer's name and the Digest are included in the fair use quote. By using any name or email address included herein for any reason other than responding to an article herein, you agree to pay a hundred dollars to that person, or email address owner.
Addresses herein are not to be added to any mailing list, nor to be sold or given away without the explicit written consent of the owner of that address. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome.

We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime.  - Geoffrey Welsh

See the bottom of this issue for subscription and archive details and the name of our lawyer, and other stuff of interest. 




Date: Mon, 5 Aug 2013 01:42:46 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Researchers reveal how to hack an iPhone in 60 seconds
Message-ID: <p06240839ce24eba2b5fa@[10.0.1.5]>

Researchers reveal how to hack an iPhone in 60 seconds

Summary: Three Georgia Tech hackers have disclosed how to hack 
iPhones and iPads with malware in under sixty seconds using a 
"malicious charger." UPDATED.

By Violet Blue for Zero Day
July 31, 2013

Three Georgia Tech hackers have revealed how to hack iPhones and 
iPads with malware imitating ordinary apps in under sixty seconds 
using a "malicious charger."

Today at a Black Hat USA 2013 press conference, the researchers 
revealed for the first time exactly how the USB charger they built 
can compromise iOS devices in less than a minute.

Billy Lau, Yeongjin Jang and Chengyu Song showed how they made an 
ordinary looking charger into a malicious vector for transmitting 
malware using an open source BeagleBoard, available for $125 (similar 
to a Raspberry Pi).

For the demonstration, the researchers used an iPhone. They plugged 
in the phone, and when the passcode was entered, the sign-code attack 
began.

For the demo, the Facebook app was used as an example.

Within seconds of plugging in the charger, the Facebook app was 
invisibly removed from the device and seamlessly replaced with a 
Facebook app imitation with a malicious payload.

The app's icon was in the exact same spot as it was before the attack 
- there is no way of knowing the application is not malware.

...

http://www.zdnet.com/researchers-reveal-how-to-hack-an-iphone-in-60-seconds-7000018822/




Date: Mon, 5 Aug 2013 01:49:33 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Wolf in sheep's clothing at Black Hat: Getting pwn'd by innocent   looking devices
Message-ID: <p0624083cce24ed38154a@[10.0.1.5]>

Wolf in sheep's clothing at Black Hat: Getting pwn'd by innocent 
looking devices

By Darlene Storm

August 1, 2013

A trio of researchers presented "Mactans: Injecting Malware into iOS 
Devices via Malicious Chargers" at Black Hat, demonstrating how an 
"iOS device can be compromised within one minute" after plugging into 
a maliciously crafted charger. Until Apple patches the vulnerability 
that allows the exploit, all iPhone or iPad users are vulnerable as 
the device does not need to be jailbroken for the attack to work. It 
takes advantage of an iOS flaw that allows pairing without any 
notification to the user.

Their proof-of-concept charger, dubbed Mactans, was built using a $45 
BeagleBoard. As soon as an iOS device is plugged in, the fake charger 
instantly captures the Unique Device Identifier (UDID). Then it 
connects to Apple's developer support website and submits that UDID 
for a "provisioning profile." The charger installs code and the 
attacker now has full control of the device. GTISC associate director 
Paul Royal said, "Getting the UDID is trivial, and getting a 
provisioning profile is easy and automated."

In one demonstration of what an attacker could do remotely, the 
researchers plugged an iPhone 5 into the charger, hid the iPhone 
Facebook app and installed a malicious copy over it that launched 
before the legitimate "hidden" copy. The Mactans' malicious payload 
could be about anything, from allowing "a remote attacker to make an 
unauthorized phone call from the iOS device" to taking "a screenshot 
whenever the user enters a password or other sensitive information." 
Basically it turns an iOS device into a spy tool.

...

http://blogs.computerworld.com/cybercrime-and-hacking/22579/wolf-sheeps-clothing-black-hat-getting-pwnd-innocent-looking-devices




Date: Sun, 4 Aug 2013 19:51:34 -0700 (PDT)
From: Neal McLain <nmclain.remove-this@and-this-too.annsgarden.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Only Seven Percent of TV Households Rely on Over-the-Air  Signals according to CEA Study 
Message-ID: <ddcda473-c3f1-457c-bfea-0d9436f46ee1@googlegroups.com>

On Sunday, August 4, 2013 9:13:09 AM UTC-5, Telco Guy wrote:

> The cable or satellite digital box is the gateway to the primary
> big-screen TV in the home.  They don't make those boxes with OTA
> antenna input and incorporate OTA signals seamlessly into the
> channel lineup.

Several years ago, there was some talk about a converter design that would do
exactly that.  The idea was that a single converter would have three inputs:
VHF-OTA, UHF-OTA, CATV.  The tuning circuitry would integrate the three
signals into a single channel lineup, switching among inputs as necessary.  In
situations where a CATV signal and an OTA signal occupied the same channel,
both would be presented in sequence with some sort of identifying suffix such
as 4A (for OTA) and 4C (for CATV).

The idea was to provide a way for CATV operators to avoid
retransmission-consent fees by integrating OTA signals with CATV signals.  The
broadcast industry was quick to claim that even if a broadcast signal were
picked up off the air, if it passed through a CATV-company-provided converter,
retransmission consent would still apply.  It seemed to me that one way to get
around that problem would be for an independent company (like Radio Shack) to
manufacture and sell them.

In any case, the idea never went anywhere.  No manufacturer -- either CATV or
independent -- picked up the idea.

In retrospect, it probably would have been an expensive, low-volume product.
Furthermore, having two same-frequency signals running around inside the same
box would have presented some complicated shielding problems.

But I still think it would have been a neat product!

Neal McLain




Date: Mon, 5 Aug 2013 01:48:16 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Newly Discovered SIM Card Vulnerability Could Compromise Millions  Of Mobile Phones
Message-ID: <p0624083bce24ecfa06a9@[10.0.1.5]>

Newly Discovered SIM Card Vulnerability Could Compromise Millions Of 
Mobile Phones

July 22, 2013

The United Nation's cybersecurity arm is planning to send out a 
multinational alert after a German research firm has discovered an 
encryption flaw that could compromise some types of mobile phones.

The flaw, discovered by experts at Security Research Labs (SRL) in 
Berlin, makes it possible for hackers to remotely gain control of and 
potentially clone millions of SIM cards, according to Jim Finkle of 
Reuters. The vulnerabilities could reportedly open up more than half 
a billion phones to hackers, he added.

...

http://www.redorbit.com/news/technology/1112903030/sim-card-vulnerabilities-revealed-072213/




Date: Mon, 5 Aug 2013 01:45:33 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Researcher comes forward to claim responsibility for "intrusion"  on Apple developer site
Message-ID: <p0624083ace24ec37d8ec@[10.0.1.5]>

Researcher comes forward to claim responsibility for "intrusion" on 
Apple developer site

by Erica Ogg  JUL. 22, 2013

SUMMARY:
A man admits that after reporting a security issue in its developer 
website to Apple, he went on to download the user information of more 
than 100,000 developers for testing purposes.

Apple said last night its website for third-party developers was 
accessed by an "intruder." Now a man who calls himself a security 
researcher says he was the so-called intruder but that he was testing 
for holes in Apple's system and reported his findings to the company 
through standard channels. If true, it seems Apple did not appreciate 
his help.

The man, who outed himself in comments on a TechCrunch post, wrote:

...

http://gigaom.com/2013/07/22/researcher-comes-forward-to-claim-responsibility-for-intrusion-on-apple-developer-site/




Date: Wed, 7 Aug 2013 07:32:18 -0700 (PDT)
From: HAncock4 <withheld@invalid.telecom-digest.org>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Pay phones removed from Brooklyn Federal Courthouse  
Message-ID: <7fe1321e-d29c-43b3-8dd8-05e33d1ac4fd@googlegroups.com>

In the continuing loss of coin telephones, the New York Daily News reported
that 25 phones were removed from the Brooklyn federal courthouse.  However, 14
still remain.  Eastern District of New York court executive Eugene Corcoran
said the feds were paying the phone company a monthly fee of $75 per phone.
"The ones we took out had virtually no income, $2 or $3 a month," Corcoran
told the Daily News.

While lawyers may bring cellphones into the building, the general public must
check them in the lobby.

for full article please see:

http://www.nydailynews.com/new-york/brooklyn/cuts-pay-phone-hangup-brooklyn-courthouse-article-1.1419571

There are a number of secured facilities where cell phones are not allowed.
How patrons of such facilities will be able to make phone calls without pay
phones has not been answered.




Date: Sun, 04 Aug 2013 23:55:39 -0500
From: Doug McIntyre <merlyn@dork.geeks.org>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Only Seven Percent of TV Households Rely on Over-the-Air  Signals according to CEA Study 
Message-ID: <OoGdnakb9YTWrWLMnZ2dnUVZ_tKdnZ2d@giganews.com>

Telco Guy <Telco@Guy.com> writes:
>Gordon Burditt wrote:
> 
>> Lots of other people with both a cable/satellite/internet source
>> of TV programming and and antenna (not necessarily on the same TV)

>There's your problem right there.

>The cable or satellite digital box is the gateway to the primary
>big-screen TV in the home.  They don't make those boxes with OTA antenna
>input and incorporate OTA signals seemlessly into the channel lineup.

DirecTV & Dish does. BUT, nobody knows they do. DirecTV's current line
of receiver boxes requires an add-on box (AM21 OTA receiver), that
while the installers know they exist, they have never seen them. Thus
why would any end-customer actually receive one and use one, since the
installers don't have any, nor have installed any...

Cable boxes, not so much. 

>I don't think the average home would find it ergonomic to watch OTA on
>the 19" TV in the kitchen when there are issues with the cable/satellite
>feed going to the 47" TV in the den.

The other factor is that many people don't know that OTA signals still
exists, or if they do, they've tried one of the numerous crap antennas
on the market, failed to get a decent signal, and gave up. 
OOTH, the satellite and cable companies have made it easy to have
good signal throughput the house, and even have remote DVR access
on any TV, without having to go through gyrations to get a different
input feed.. 






TELECOM Digest is an electronic journal devoted mostly to telecom-
munications topics. It is circulated anywhere there is email, in
addition to Usenet, where it appears as the moderated newsgroup
'comp.dcom.telecom'.

TELECOM Digest is a not-for-profit, mostly non-commercial educational
service offered to the Internet by Bill Horne. All the contents
of the Digest are compilation-copyrighted. You may reprint articles in
some other media on an occasional basis, but please attribute my work
and that of the original author.

The Telecom Digest is moderated by Bill Horne.
Contact information: Bill Horne
Telecom Digest
43 Deerfield Road
Sharon MA 02067-2301
339-364-8487
bill at horne dot net
Subscribe: telecom-request@telecom-digest.org?body=subscribe telecom
Unsubscribe: telecom-request@telecom-digest.org?body=unsubscribe telecom 
This Digest is the oldest continuing e-journal about telecomm-
unications on the Internet, having been founded in August, 1981 and
published continuously since then.  Our archives are available for
your review/research. We believe we are the oldest e-zine/mailing list
on the internet in any category!

URL information: http://telecom-digest.org


Copyright (C) 2013 TELECOM Digest. All rights reserved.
Our attorney is Bill Levant, of Blue Bell, PA.



Finally, the Digest is funded by gifts from generous readers such as
yourself who provide funding in amounts deemed appropriate. Your help
is important and appreciated. A suggested donation of fifty dollars
per year per reader is considered appropriate. See our address above.
Please make at least a single donation to cover the cost of processing
your name to the mailing list. 

All opinions expressed herein are deemed to be those of the
author. Any organizations listed are for identification purposes only
and messages should not be considered any official expression by the
organization.
End of The Telecom Digest (7 messages)

Return to Archives ** Older Issues