[IP] Cell phones for eavesdropping - finally some public "chatter"
------ Forwarded Message
From: RISKS List Owner <risko@xxxxxxxxxxx>
Date: Tue, 28 Dec 2004 11:49:56 -0800 (PST)
To: <risks-resend@xxxxxxxxxxx>
Subject: [RISKS] Risks Digest 23.64
Date: Mon, 27 Dec 2004 20:39:48 +0200
From: Gadi Evron <ge@xxxxxxxxxxxx>
Subject: Cell phones for eavesdropping - finally some public "chatter"
/Pun intended on the subject line!/
Okay, so, we have all known cell phones are "dangerous".
Stepping out of the cellular protocols security and vendor-side systems, and
forgetting for a second about interception of transmissions through the air,
Trojan horses/worms that may install themselves on the cell phone and even
bluetooth risks, there is the long talked of risk of "operating" a regular
un-tampered cell phone from a far and the risk of modified devices.
Sorry for stating the obvious, but cell phones are transmitters.
For years now paranoid people and organizations claim that eavesdropping
through a cell phone is a very valid risk. Much like somebody pressing
"send" by mistake during a sensitive meeting is a very valid yet different
risk.
Some of the stricter organizations ask you to do anything from (top to
bottom) storing the cell phone in a safe, through shutting it off or
removing the battery, and all the way to *only* "don't have that around here
while we are in a meeting". Then again.. *most* haven't even heard of this
risk.
Forgetting even this risk, many of us even ignore the obvious. I usually ask
people who talk to me while I'm on the phone "even if the NSA (for example)
is not interested in what I have to say or not capable of intercepting it
and even that I don't care if they heard my conversations... Should the
person I talk to hear our conversation?"
Lately there seems to be some more awareness about the "dangers" of cell
phones. Knowing which risk is more of a threat than the other is another
issue.
It seems to me that other than in the protocols, where there has been a
serious learning curve (and GPRS seems very promising), cellular companies
keep doing the same mistakes, and we can see the security problems of the PC
world reappearing in cell phones, much like those of the main frames
re-appeared in PC's (to a level).
History repeated. Heck, I can't even disable Java or the web browser in
most cellular computers (we really should refer to them as computers now).
Here are some URL's on the subject:
Here is one about modified cell phones, which also mentions the risk of
eavesdropping through a cell phone as mentioned above:
http://www.interesting-people.org/archives/interesting-people/200206/msg0003
1.html
Here is a product for sale, a cellular phone BUILT for eavesdropping:
http://wirelessimports.com/ProductDetail.asp?ProductID=347
Also, check out the IEEE Pervasive article that mentions this problem area,
although discusses more the issue of malware:
http://csdl.computer.org/comp/mags/pc/2004/04/b4011abs.htm
Or Google for "symbian +virus", for example.
Thanks go to David Dagon for the links.
------ End of Forwarded Message
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/