[A51] wake-up by the network?

javier falbo javier_falbo at hotmail.com
Fri Aug 30 22:45:25 CEST 2013


I will add below some extras.

 

1) There are exploits on mobiles (similar to PC)

Remote installation exploits, denial of service, etc.

Exploits price: 100,000 usd upto 500,000 usd aprox.

Check VUPEN Security or any security forum for them (most of the not public)

If you have the money to pay advice me or contact any of the above providers.

 

2) There are malwares on market.

Check FINSPY for example that are designed for government.

 

3) There are some crypto sequences in AES256 or 3DES to completely modify the SIM and install java applications.

Must be done by carrier.

 

4) As Sylvain explains, if you could install a malware, you could do whatever you want on a mobile.

 

There are many other options, but requires a technician approach and it is complicate to understand.

 

Response to ALL your questions is YES for all of them. If any of the above 1,2,3,4 points is used.

 

Regards.

 


 

> Date: Fri, 30 Aug 2013 22:33:20 +0200
> From: 246tnt at gmail.com
> To: matej.kovacic at owca.info
> CC: a51 at lists.srlabs.de
> Subject: Re: [A51] wake-up by the network?
> 
> Hi,
> 
> 
> > Anyway, I have another question. Is it true, that by ETSI standard there
> > is an option, that mobile phone which is powered off, is waked up by the
> > network?
> 
> No.
> 
> 
> > And another, is it true, that by ETSI standard there is an option to
> > switch microphone on remotely on a mobile?
> 
> Not that I know of. I've never seen the standard mandate that.
> 
> 
> 
> But note that all the articles you point to refer to 'malware' running
> on the phone ... once you have custom sw running on the phone, it's
> game over.
> Also, just because it's not in the spec doesn't mean there isn't bugs
> (or intentional backdoors) in the baseband put by manufacturer that
> would allow to turn on the mic.
> 
> 
> Cheers,
> 
> Sylvain
> _______________________________________________
> A51 mailing list
> A51 at lists.srlabs.de
> http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/a51/attachments/20130830/b50094d4/attachment.html>


More information about the A51 mailing list