Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks

• Previous message (by thread): [apops] BGP Update Report
• Next message (by thread): Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Heap overflow bug in either a widely used ASN.1 library from Objective Systems,
apparently popular with cell-radio industry people.  Not sure if this will 
leak over into NANOG land -- but neither are you, and that's most of my point.

DO *you* know if this library is used in your routers?  Can you find out?

How easily and quickly?

Cheers,
-- jra

----- Forwarded Message -----
> From: "PRIVACY Forum mailing list" <privacy at vortex.com>
> To: privacy-list at vortex.com
> Sent: Tuesday, July 19, 2016 7:12:47 PM
> Subject: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks

> Critical bug threatens to bite mobile phones and networks
> 
> http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/
> 
>  	A newly disclosed vulnerability could allow attackers to seize
>	control of mobile phones and key parts of the world's
>	telecommunications infrastructure and make it possible to
>	eavesdrop or disrupt entire networks, security experts warned
>	Tuesday.  The bug resides in a code library used in a wide
>	range of telecommunication products, including radios in cell
>	towers, routers, and switches, as well as the baseband chips
>	in individual phones. Although exploiting the heap overflow
>	vulnerability would require great skill and resources,
>	attackers who managed to succeed would have the ability to
>	execute malicious code on virtually all of those devices. The
>	code library was developed by Pennsylvania-based Objective
>	Systems and is used to implement a telephony standard known as
>	ASN.1, short for Abstract Syntax Notation One.
> 
> - - -
> 
> --Lauren--
> Lauren Weinstein (lauren at vortex.com): http://www.vortex.com/lauren
> Founder:
> - Network Neutrality Squad: http://www.nnsquad.org
> - PRIVACY Forum: http://www.vortex.com/privacy-info
> Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
> Member: ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
> Google+: http://google.com/+LaurenWeinstein
> Twitter: http://twitter.com/laurenweinstein
> Tel: +1 (818) 225-2800 / Skype: vortex.com
> I have consulted to Google, but I am not currently
> doing so -- my opinions expressed here are mine alone.
> _______________________________________________
> privacy mailing list
> http://lists.vortex.com/mailman/listinfo/privacy

-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274

• Previous message (by thread): [apops] BGP Update Report
• Next message (by thread): Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]