infobot has quit [Remote host closed the connection]
infobot has joined #neo900
ArturShaik has joined #neo900
ArturShaik has quit [Ping timeout: 276 seconds]
_whitelogger has joined #neo900
ArturShaik has joined #neo900
_whitelogger has joined #neo900
Joerg-Neo900 is now known as Guest32350
neo900 has joined #neo900
Guest32350 has quit [Killed (weber.freenode.net (Nickname regained by services))]
neo900 is now known as Joerg-Neo900
DocScrutinizer05 has quit [Disconnected by services]
DocScrutinizer05 has joined #neo900
_whitelogger has joined #neo900
_Chris_ has joined #neo900
Kabouik has quit [Ping timeout: 276 seconds]
Kabouik has joined #neo900
<Joerg-Neo900>
>>According to the researchers, all manufacturers and mobile phone models are vulnerable to the SimJacker attack<< Neo900 being resistant to at least 5 of the 7 listed attack scenarios
<Joerg-Neo900>
particularly >>Performing premium-rate scams by dialing premium-rate numbers,<< and >>Spying on victims' surroundings by instructing the device to call the attacker's phone number,<< is 100% impossible by design of Neo900
<Joerg-Neo900>
even nore impossible, basically not even feasible if user would want to allow it: >>Spreading malware by forcing victim's phone browser to open a malicious web page<<
<Joerg-Neo900>
more*
<Joerg-Neo900>
there's no default implementation of SIM instructing browser to open a webpage, in Neo900/maemo
<Joerg-Neo900>
generally Neo900 could intercept _all_ such attacks by simply monitoring SIM activity and interrupting whole modem as soon as SIM becomes unusually active after modem receiving data
<Joerg-Neo900>
so >>According to the researchers, all manufacturers and mobile phone models are vulnerable<< is incorrect: Neo900 is basically immune
<Joerg-Neo900>
even nore remarkable: this is a unique Neo900 property not even 100% shared by N900. The N900, while immune to a few of the attack scenarios, is vulnerable to most of them
<Joerg-Neo900>
Neo900, by a simple and easy hw modification possible to get done by basically every user, could get modified in field to be 100% on top of this and any other SIM-based exploits
<Joerg-Neo900>
(hint: monitor SIM IF)
<Joerg-Neo900>
the modificaten takes ca 30min incl disassembly and re-asembly and needs a torx driver and tweezers as tools
<norly>
hi neo900 team, just a quick note - the SSL certificate on https://neo900.org has expired
<crox>
maybe it could be replaced by a letsencrypt one? (I guess the expired certificate was issued before LE allowed wildcard certificates)
<Joerg-Neo900>
yes. Know, thanks for noting nevertheless. As soon as one of the sysops feels like tackling it, we will take care
<Joerg-Neo900>
Known, even
<Joerg-Neo900>
at least our server doesn't enforce https ;-)
<Joerg-Neo900>
a year ago I had the money on my private account to get a wildcard cert and not pester sysops to spend their expensive and precious time on LE installation, a 100 EUR per years seemed the more reasonable approach. Alas now I can't afford this anymore and it's unclear how long the servers will stay paid and up and online at all due to that