Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
Jay R. Ashworth
jra at baylink.com
Tue Jul 19 23:55:40 UTC 2016
Heap overflow bug in either a widely used ASN.1 library from Objective Systems,
apparently popular with cell-radio industry people. Not sure if this will
leak over into NANOG land -- but neither are you, and that's most of my point.
DO *you* know if this library is used in your routers? Can you find out?
How easily and quickly?
Cheers,
-- jra
----- Forwarded Message -----
> From: "PRIVACY Forum mailing list" <privacy at vortex.com>
> To: privacy-list at vortex.com
> Sent: Tuesday, July 19, 2016 7:12:47 PM
> Subject: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
> Critical bug threatens to bite mobile phones and networks
>
> http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/
>
> A newly disclosed vulnerability could allow attackers to seize
> control of mobile phones and key parts of the world's
> telecommunications infrastructure and make it possible to
> eavesdrop or disrupt entire networks, security experts warned
> Tuesday. The bug resides in a code library used in a wide
> range of telecommunication products, including radios in cell
> towers, routers, and switches, as well as the baseband chips
> in individual phones. Although exploiting the heap overflow
> vulnerability would require great skill and resources,
> attackers who managed to succeed would have the ability to
> execute malicious code on virtually all of those devices. The
> code library was developed by Pennsylvania-based Objective
> Systems and is used to implement a telephony standard known as
> ASN.1, short for Abstract Syntax Notation One.
>
> - - -
>
> --Lauren--
> Lauren Weinstein (lauren at vortex.com): http://www.vortex.com/lauren
> Founder:
> - Network Neutrality Squad: http://www.nnsquad.org
> - PRIVACY Forum: http://www.vortex.com/privacy-info
> Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
> Member: ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
> Google+: http://google.com/+LaurenWeinstein
> Twitter: http://twitter.com/laurenweinstein
> Tel: +1 (818) 225-2800 / Skype: vortex.com
> I have consulted to Google, but I am not currently
> doing so -- my opinions expressed here are mine alone.
> _______________________________________________
> privacy mailing list
> http://lists.vortex.com/mailman/listinfo/privacy
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG
mailing list