Security is not just for PCs

A friend just pointed me to this fascinating article about an attack on the Greek Vodafone network. The article discusses an attack that installed a rootkit on an Ericsson cellular phone switch which was used to divert calls of high-ranking Greek officials to unknown numbers.

There are a number of interesting lessons in this article, notably in the area of how not to handle forensic investigations. The phone company, as we all know (or should know) is in the business of billing, not in providing any kind of services, and certainly not in forensic investigations. Therefore, they wiped logs to make room for billing info and would not take the systems offline for analysis. The result was that crucial forensic evidence was lost. Furthermore, amateurs were put in charge of gathering evidence, taking actions which tipped off the criminals and enabled them to run and hide.

One must also not forget that this was an attack against a highly complicated, very obscure type of system, but with huge value targets. Often these types of systems have less security built-in than the average desktop operating system, and rely instead on obscurity for security. Irrespective of that, however, the value of the targets means it is still at significant risk. This highlights the shift toward a much more sophisticated type of attacker. This type of attack is highly unlikely to be perpetrated by some asocial teenager sitting in his basement. It's a new world, and a new adversary.

Published 01 October 2007 09:25 AM by jesper
Filed under:

Comments

# Jan Klier said on 01 October, 2007 01:51 PM

I wonder how much the adoption of Linux as embedded OS actually has inadvertently rendered security through obscurity less practical? When those devices used the many lesser known embedded OSes much less of potential vulnerabilities and attack points was known.

# Alun Jones said on 02 October, 2007 11:23 PM

I don't think we'll be seeing too many operating system level attacks on embedded firmware running Linux, while the applications themselves frequently have gaping holes.

But yes, one of my fears when I first got a TiVo was that it would become the one box in my house that I couldn't patch or scan reliably. "Runs Linux", said the ad. Not reassuring, because to me that means "is a PC, that you don't know how to administer, and that the manufacturer doesn't want you to configure or patch yourself."

# alexandroid said on 03 October, 2007 03:40 PM

I wonder what those pingbacks from slowfive and yamwool mean... Looks like those are the fake automatically generated blogs which just post references to other blog articles (thousands per months) and show google ads.

Is this a new way to spam comments using trackbacks?

Leave a Comment

(required) 
(required) 
(optional)
(required)