Call-jacking VOIP / More Worms for Cellphones

New VOIP 'Call-Jacking' Hack Unleashed

JANUARY 22, 2008 Dark Reading

Now there's a way for attackers to hijack a user's voice-over-IP service: "call-jacking" could let the bad guys launch sophisticated phishing attacks as well as perpetrate lucrative toll fraud.

Researchers from the hacker group GNUCitizen have released a proof-of-concept for call-jacking via a BT Home Hub user's router. The attack exploits cross-site request forgery (CSRF) and authentication bypass vulnerabilities in the router that were previously discovered by the researchers. The attack works even if the default password in the router has been changed.

"We believe that this technique, which we coined as 'call jacking,' is completely new. There is nothing like this in the public domain as far as we know," says Adrian Pastor, a senior IT security consultant for an unnamed penetrating testing firm in London. "The beauty of the attack is that the victim user thinks he/she is receiving a phone call, but in fact he/she is making the phone call and paying for it. We find this quite innovative and unique, hence the need for coining a new term."

The exploit could be used in a phishing attack, where the victim would get a phone call from his "bank" after clicking a link in a phishing email. Phishers typically don't know their victims' phone numbers, he says, so the phone call would help the attacker appear legitimate and gain the victim's trust.

Another attack scenario involves toll fraud, where the victim's router would be forced to dial a toll number. "Premium numbers are very expensive, and allow the identity who registered them -- in this case, the attackers -- make money every time someone dials them," Pastor says.


Malicious MMS worm hits Nokia handsets

January 22, 2008 (TechWorld.com)

-- Security vendor Fortinet has uncovered a malicious SymbianOS Worm that is actively spreading on mobile phone networks.

Fortinet's threat response team warned on Monday that the worm, identified as SymbOS/Beselo.A!worm, is able to run on several Symbian S60 enabled devices. These include the Nokia 6600, 6630, 6680, 7610, N70 and N72 handsets.

The malware is disguised as a multimedia file (MMS) with an evocative name: either Beauty.jpg, Sex.mp3 or Love.rm. Fortinet warned this is deceiving users into unknowingly installing the malicious software onto their phones.

Unlike Microsoft Windows, SymbianOS types files based on their contents and not their extensions, so it is worth noting that recipients of infected MMS would still be presented with an installation dialogue upon "clicking" on the attachment. "Therefore, users could easily be deceived by the extension and unknowingly install the malicious piece of software," warned Fortinet.

After installation, the worm harvests all the phone numbers located in the phone's contact lists and targets them with a viral MMS carrying a SIS-packed (Symbian Installation Source) version of the worm. In addition to harvesting these numbers, the malware also sends itself to generated numbers as well.

No comments: