GlobeTrotter Mobility Manager - security issue
Discovered by Damian Zelek -> [03 April 2006]
Published -> [23 June 2006]
Vendor was informed -> [24 April 2006]
Vendors answer -> "We will talk with our Department of Software" :-D
Summary:
GlobeTrotter Mobility Manager is a unique PC software solution that
enables fast, simple and easy access to wireless data whilst hiding from the
user the complexity of the underlying wireless technologies. GlobeTrotter
Mobility Manager seamlessly controls both wireless Internet and fixed line
dial-up connections to remote networks with support for 3G, E-GPRS, GPRS/GSM,
WLAN/Wi-Fi, ADSL and standard PC modem connections. More info about software:
http://www.option.com/news/detail.cfm?newsitemgroup_id=84
Details:
There's a security issue in the implementation of virtual-keyboard.
As we all know virtual-keyboards should prevent from "keyloggers". In
GlobeTrotter Mobility Manager [GTMM] implementation of virtual-keyboard when we
"click" on some figure [for example when we are typing our PIN code] we can see
effect of "active button", so good keylogger which can makes screenshoots will
"sniff" that codes even when there's a virtual-keyboard.
Good virtual-keyboard shouldnt change view/size/depth/color/etc of button when
someones is "clicking" on it [it should have "stoned-face"]. That issue/problem
was mentioned many times, for example on SecurityFocus [publication, arts].
When I was making tests, my own short-coded keylogger easily "catched" [via
screenshoots] all PIN codes that I was typing throught "bad" implementation of
virtual-keyboard [in GlobeTrotter implementation of virtual-keyboard when we
"click" on button it changes its color + we can see depth-effect]. As soon as
it's possible Option Wireless Technology should fix that issue in software.
When we have a good implementation of virtual-keyboard, when we click on some
button that button doesnt change color/size or other effects of "active
button". So even if keylogger is making a good screenshoots we do know nothing
about typing password (especially when user likes to "fly-only" [even
unintentionally] over many buttons, but click only 4 of them).
Developers should read this: http://www.securityfocus.com/infocus/1829 [section
Preventing Keystroke Capture.]
BTW. I didnt published it earlier because I thought that vendor will quickly
fix it, but when I saw on the Internet that many "bad programms" are already
waiting for GTMM, I decided to inform all of You (especially GTMM users).
Beware :-D
PoC screenshoot ::
http://img45.imageshack.us/my.php?image=poc7ik.jpg