| View previous topic :: View next topic |
| Author |
Message |
Johny007
všeználek
Joined: 27 Jul 2004
Posts: 642
Location: Olomouc
4261.00 SMM
|
 Posted: Sat Nov 06, 2004 10:21 pm Post subject: Hack pres Javu? |
 |
|
Slysel jsem v radiu, ze se telefony daji snadno hacknout pres Javu. Co je na tom pravdy 
_________________
M55 Iridium - TestPoint  , FW11 + mojepatche.txt HP iPAQ 514 WM6 |
|
| Back to top |
|
 |
huncut
pisatel
Joined: 10 Aug 2004
Posts: 259
Location: Vlašim
661.00 SMM
|
| Posted: Sun Nov 07, 2004 6:58 pm Post subject: |
|
|
| Je to pravda, Java ma bezpecnostni diru. Co sem ale tak cetl, tak se to tyka jen mobilu s operacnim systemem. |
|
| Back to top |
|
|
nigol
věrný diskusník
Joined: 01 Mar 2004
Posts: 438
2061.00 SMM
|
| Posted: Mon Nov 08, 2004 8:26 am Post subject: |
|
|
| Taky bych rekl, ze se to bude tykat jen konkretni implementace. Obecne se mobily pres Javu hacknout nedaji |
|
| Back to top |
|
|
papluh
kolemjdoucí
Joined: 11 Jul 2004
Posts: 25
Location: BA-SVK
1.00 SMM
|
| Posted: Thu Nov 25, 2004 10:25 am Post subject: |
|
|
to su 2 odlisne pripady zmiesane do jedneho
1. je bezpecnost symbianu kde sa nasla nejaka chyba cez ktoru sa da priamo naburat ... ak existuje spojenie 
2. je security chyba v java ktoru uz mali moznost okusit niektori ludia co si stiahli warezacke applety a zrazu im zmizol kredit
konkretne ide o schopnost java appletu dostat sa zo 'sandboxu' a v principe ovladat telefon bez toho aby o tom user vedel
dokonca mozu byt taketo aplikacie samorozsirujuce sa ale niesu samoinstalujuce sa (tj 'trojan' pride v mms/cez BT link ale ulozi sa len do prichodzich sprav a pokial ho nespustite je to ok)
trochu viac tu:
http://seclists.org/lists/fulldisclosure/2004/Oct/0888.html
http://securitytracker.com/alerts/2004/Oct/1011898.html
este viac v jednom dokumente - clanku z tej konferencie HITB, len neviem ci je to volne distribovatelne... |
|
| Back to top |
|
|
Seten
ostřílený diskusník
Joined: 06 Oct 2004
Posts: 594
Location: Brno
3061.00 SMM
|
| Posted: Thu Nov 25, 2004 10:46 am Post subject: |
|
|
Ale ak nieje spojenie tak sa mi tam nik nedostane.
A co stare mobily. Napriklad moj sl45i. Tam pochybujem ze by sa niekto dostal do mojho mobilu. Jedine ako dostanem data do mobilu je cez sms alebo kabel. A cez neho davam vsetko mozne a kredit mi este nestiahlo.
_________________
SX1 , SL45i, SL45i. |
|
| Back to top |
|
|
papluh
kolemjdoucí
Joined: 11 Jul 2004
Posts: 25
Location: BA-SVK
1.00 SMM
|
| Posted: Thu Nov 25, 2004 11:35 am Post subject: |
|
|
len par odsekov ...
| Quote: | There are in fact two different bugs but with similar spirit and effects. Both bugs were identified and successfully exploited by Adam Gowdiak on the Nokia 6310i handset (DCT4). The Kuala Lumpur presentation demonstrates a MIDlet breaking the Java sandbox (can read/write memory and execute native ARM code).
The first one is present in CLDC RI 1.0.3 used by MIDP RI 1.0 but has been corrected in CLDC RI 1.0.4 and CLDC 1.1. So MIDP 2 phones are not affected by this bug. The second one, more difficult to use, is still present on CLDC RI 1.0.4 and MIDP 2 phones can be affected by the bug..
The first bug was internally reproduced on the Sony Ericsson T610 and on the Nokia 7250i (without malicious behavior). Because MIDP1.0 is not designed to handle security critical actions, security checks for critical functions like sending SMS is usually done at the OS level and not in the Java code. Exploiting the bug maliciously would require disassembling parts of the OS (it is not possible to build a “portable” malicious application).
The second bug was reproduced on a several Sony Ericsson handsets (K700i, S700c, T618). The bug was successful exploited to send a SMS without user approval on the K700i. The attack disables the management of security in a rather portable way because it relies only on code from SUN reference implementation. The core of the code is around 50 lines of source code. It could be used to register a midlet, take photos, open a bluetooth connection, etc. depending on the availability of the corresponding function on the target phone.
|
| Quote: | | Update (Oct 27): Sun has confirmed all existing CLDC versions (including 1.0.4 and 1.1) are vulnerable, this means all J2ME phones using this code are vulnerable (150 to 350 million devices in the world). |
takze sa zda ze to zbehne na MIDP 1.0, tj staci aby si si nahral cez kabel nejaku pochybnu aplikaciu a spustil
a preco je toho tak malo ?
lebo treba vlozit ten kod do aplikacie a oklamat byte verifier , ak predpokladam ze nepojde o jednorazovu aplikaciu (tj nic nerobi len spusti kod a padne) tak aby to mohlo bezat na pozadi potrebuje sa to implementovat do napr. hry a tak aby ta hra fungovala, tj zatial co clovek hra tak app potichucky vykonava svoju skrytu cinnost
myslim ze treba dockat casu a pride app ktory si pozre adresar v mobile a posle ludom ktorych poznas SMSku s odkazom na stiahnutie 'super gamesy'  |
|
| Back to top |
|
|
circulus
pisatel
Joined: 13 Jul 2004
Posts: 269
Location: KOLÍN
661.00 SMM
|
| Posted: Thu Dec 02, 2004 2:03 am Post subject: |
|
|
No, je to (co sem si četl nějaké povídání), takový hack nehack . Jde o to, že některé implementace KVM (Kilobyte Virtual Machine) mohou například zaslat SMSkou (nebo více) telefonní seznam, a další, řekněme "citlivé" údaje z telefonu. Ovšem, dále je třeba dát pozor na podezřelé MIDlety (např. z neověřených zdrojů), protože v Siemens j2me api je implementována třída ExtendedImage, která je odvozena z jakési třídy NativeMem. Toho třeba využívají takzvané patchery bootcore (pro C60 atd.). Takže pomocí této třídy by asi nebylo problém, telefon nějak "poškodit", a myslím si, že kdyby poškození bylo důkladné, tak by se taky mohl řezat testpoint, aby bylo možné telefon dát do nějakého funkčního stavu.
To je asi tak k problému hack přes javu. Pokud si dáte vyhledat v google tuto problematiku, tak se jistě dozvíte více.
_________________
C25->C35i(fw18 with T9CZ!)->C45->C55->M55->C65 fw50(patched)->SE K510i->N70->K320i->Huawei Sonic.
jabber: circulus[at]njs[dot]netlab[dot]cz |
|
| Back to top |
|
|
Johny007
všeználek
Joined: 27 Jul 2004
Posts: 642
Location: Olomouc
4261.00 SMM
|
| Posted: Thu Dec 02, 2004 8:49 pm Post subject: Hack |
|
|
Cili to shrnu, hack je mozny 2 zpusoby : 1) telefon bez vědomí uživatele odešle třebas 200 SMS
2) nahradí bootcore, coz by vlastne měli spravit v servise(teoreticky, jelikož vlastně stejný problém může sám uživatal zavinit
_________________
M55 Iridium - TestPoint , FW11 + mojepatche.txt HP iPAQ 514 WM6 |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
Powered by phpBB © phpBB Group
|
Fórum
FAQ
Search
Memberlist
Skupiny uživatelů
Profile
Log in to check your private messages
Bank
Lottery
User Shops
Shops
