GlobeTrotter Mobility Manager - security issue

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: GlobeTrotter Mobility Manager - security issue
From: dzelek@xxxxxxxxx
Date: 23 Jun 2006 21:30:22 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Discovered by Damian Zelek -> [03 April 2006]
Published -> [23 June 2006]
Vendor was informed -> [24 April 2006]
Vendors answer -> "We will talk with our Department of Software" :-D


Summary:
     GlobeTrotter Mobility Manager is a unique PC software solution that 
enables fast, simple and easy access to wireless data whilst hiding from the 
user the complexity of the underlying wireless technologies. GlobeTrotter 
Mobility Manager seamlessly controls both wireless Internet and fixed line 
dial-up connections to remote networks with support for 3G, E-GPRS, GPRS/GSM, 
WLAN/Wi-Fi, ADSL and standard PC modem connections. More info about software:
http://www.option.com/news/detail.cfm?newsitemgroup_id=84


Details:
     There's a security issue in the implementation of virtual-keyboard.

As we all know virtual-keyboards should prevent from "keyloggers". In 
GlobeTrotter Mobility Manager [GTMM] implementation of virtual-keyboard when we 
"click" on some figure [for example when we are typing our PIN code] we can see 
effect of "active button", so good keylogger which can makes screenshoots will 
"sniff" that codes even when there's a virtual-keyboard.

Good virtual-keyboard shouldnt change view/size/depth/color/etc of button when 
someones is "clicking" on it [it should have "stoned-face"]. That issue/problem 
was mentioned many times, for example on SecurityFocus [publication, arts].

When I was making tests, my own short-coded keylogger easily "catched" [via 
screenshoots] all PIN codes that I was typing throught "bad" implementation of 
virtual-keyboard [in GlobeTrotter implementation of virtual-keyboard when we 
"click" on button it changes its color + we can see depth-effect]. As soon as 
it's possible Option Wireless Technology should fix that issue in software. 
When we have a good implementation of virtual-keyboard, when we click on some 
button that button doesnt change color/size or other effects of "active 
button". So even if keylogger is making a good screenshoots we do know nothing 
about typing password (especially when user likes to "fly-only"  [even 
unintentionally] over many buttons, but click only 4 of them).


Developers should read this: http://www.securityfocus.com/infocus/1829 [section 
Preventing Keystroke Capture.]


BTW. I didnt published it earlier because I thought that vendor will quickly 
fix it, but when I saw on the Internet that many "bad programms" are already 
waiting for GTMM, I decided to inform all of You (especially GTMM users). 
Beware :-D


PoC screenshoot ::
http://img45.imageshack.us/my.php?image=poc7ik.jpg

Prev by Date: RE: Bypassing of web filters by using ASCII
Next by Date: RE: Bypassing of web filters by using ASCII
Previous by thread: [ MDKSA-2006:111 ] - Updated MySQL packages fixes authorized user DoS(crash) vulnerability.
Next by thread: Mailenable SMTP Service DoS
Index(es):
- Date
- Thread