Just How Many Wireless Technologies Can You Misuse In One Shot?

from the now-that's-talent dept

We've seen a lot of stories recently about overhyped wireless "security holes" or "exploits" for both WiFi systems and mobile phones. In almost every case, the story would get a lot of press, but the actual risk was extremely low. The discoveries (and subsequent publications) were mostly designed to get attention for some random security researcher who discovered the supposed problem. Well, now that the obvious security attacks are out of the way, security researchers need to get a bit more creative. They can no longer just pick on a single technology (Bluetooth? WiFi?) and find a security hole. Now, they need to get with the converged times and go for a combined attack. That's about the only explanation I can come up with for the announcement of this new "vulnerability" that makes use of Bluetooth, WiFi and SMS all in one shot. The article doesn't do a great job of explaining the attack, but apparently, it works by having someone "bluejack" one of the few phones that are vulnerable to bluejacking (and which haven't been patched), using that connection to send an SMS to an "anonymous prepaid phone" owned by the attacker. They can then use this to determine if (just maybe) the vulnerable phone is a T-Mobile customer. If it is, they then hijack the vulnerable phone again, and send an SMS to T-Mobile to get login info for hotspots (since T-Mobile now lets users get hotspot login info via SMS). If the user is not a T-Mobile customer, there are other options, but they're equally convoluted (sometimes involving another associate with another mobile phone sitting at a hotspot). The group that put out the warning admits there's no evidence that this has been done, and, honestly, it really seems like a security hack for show more than anything else. Of course, now the bar has been set. Who will top it and give us the useless, unlikely security hack that involves four different wireless technologies?

1 Comments | Leave a Comment..