MDM Brute Forced
via Sean Gallagher, writing at Ars Technica, comes this particularly unfortunate news for Apple Inc. (Nasdaq: AAPL) MDM (Mobile Device Management) bits - especially considering there will be a flood of new devices into many orgs. On the plus side, the flaw has been discovered, and now it's Apple's turn-at-bat to clean up their dusty-bits, as it were. Read all about it at everyones' beloved Ars Technica!.
Diameter Protocol Found To Be Vulnerable - On Par With SS7 For Flaw Tally
Whilst the flaws in Signaling System 7 (SS7) are the gift that keeps on giving, in this case, that gift has been inherited by the DIAMETER protocol, to the delight of miscreants unknown... With internal system, billing and bridging protocols like these, deeply embedded in cellular network infrastructure (all carriers) - who needs enemies; which brings to mind: 'We have met the enemy, and he is us! - Walt Kelly's Pogo, h/t
City of Tacoma Fined $300,000 For Witholding Stingray Surveillance Data
Both Cyrus Favrivar of Ars Technica and Kate Martin, writing for The Tacoma News Tribune, have reported (Ars, Tribune) that Judge G. Helen Whitener has rebuked the Tacoma Police Department's for their apparent decision to not produce the surveillance output from a series of StingRay operations conducted by the Department in the City of Tacoma. Regardless, Judge Whitener has handed down the decision.
"Superior Court Judge G. Helen Whitener ruled earlier this year that the city improperly withheld 11 documents from the American Civil Liberties Union. On Monday, Whitener issued a ruling tallying the cost: ▪ $182,340 for violations of the Public Records Act. ▪ $115,530 for attorney fees and other costs." via The News Tribune reporter Kate Martin
As an FYI, The TPD is an excellent organization, and highly respected, both here in the State of Washington and throughout the country. - mh
Senatorial Commands: DOJ - Cough It Up →
4G Gone Wild →
via Zack Whittaker, writing at the Zero Day blog at ZDNet, tells the story of recently discovered 4G LTE attacks, and the academicians studying the specifics of these pernicious exploits (the group's recently published paper is currently available). Today's MustRead. H/T
Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. - Zack Whittaker, writing at the Zero Day blog at ZDNet
IMSI Catcher Research Twist, The Ridesharing Gambit →
via Andy Greenberg, writing for Wired, comes this outstanding piece on International Mobile Subscriber Identity Catchers (aka IMSI Catchers) with a ride-sharing twist in the research datastream. Today's MustRead!
Soghoian, Your Smartphone is a Civil Rights Issue →
Dr. Soghoian's Take...
Tip O' The Hat to Firewall Consultants!
SIM'd
Well done (and mercifully brief) Subscriber Identity Module teardown. via Firewall Consultants.