#neo900 on 2019-09-14 — irc logs at freenode.irclog.whitequark.org

2019-08-14 14:28 Joerg-Neo900 changed the topic of #neo900 to: http://neo900.org | CCCAMP15 lightning talks at http://neo900.org/stuff/cccamp15/ - major: http://neo900.org/stuff/cccamp15/ccc2015talk/neo900-wpwrak_CCC2015.webm | conversations are logged http://maemo.cloud-7.de/irclogs/freenode/_neo900/ & http://irclog.whitequark.org/neo900 | Status: https://talk.maemo.org/showthread.php?p=1556735

00:15 Kabouik has joined #neo900

00:15 infobot has quit [Remote host closed the connection]

00:17 infobot has joined #neo900

01:02 ArturShaik has joined #neo900

02:50 ArturShaik has quit [Ping timeout: 276 seconds]

03:22 _whitelogger has joined #neo900

03:48 ArturShaik has joined #neo900

04:28 _whitelogger has joined #neo900

04:29 Joerg-Neo900 is now known as Guest32350

04:29 neo900 has joined #neo900

04:29 Guest32350 has quit [Killed (weber.freenode.net (Nickname regained by services))]

04:29 neo900 is now known as Joerg-Neo900

04:29 DocScrutinizer05 has quit [Disconnected by services]

04:29 DocScrutinizer05 has joined #neo900

04:58 _whitelogger has joined #neo900

07:49 _Chris_ has joined #neo900

13:03 Kabouik has quit [Ping timeout: 276 seconds]

16:13 Kabouik has joined #neo900

17:00 <Joerg-Neo900> >>According to the researchers, all manufacturers and mobile phone models are vulnerable to the SimJacker attack<< Neo900 being resistant to at least 5 of the 7 listed attack scenarios

17:01 <Joerg-Neo900> particularly >>Performing premium-rate scams by dialing premium-rate numbers,<< and >>Spying on victims' surroundings by instructing the device to call the attacker's phone number,<< is 100% impossible by design of Neo900

17:02 <Joerg-Neo900> even nore impossible, basically not even feasible if user would want to allow it: >>Spreading malware by forcing victim's phone browser to open a malicious web page<<

17:03 <Joerg-Neo900> more*

17:03 <Joerg-Neo900> there's no default implementation of SIM instructing browser to open a webpage, in Neo900/maemo

17:05 <Joerg-Neo900> generally Neo900 could intercept _all_ such attacks by simply monitoring SIM activity and interrupting whole modem as soon as SIM becomes unusually active after modem receiving data

17:07 <Joerg-Neo900> so >>According to the researchers, all manufacturers and mobile phone models are vulnerable<< is incorrect: Neo900 is basically immune

17:09 <Joerg-Neo900> even nore remarkable: this is a unique Neo900 property not even 100% shared by N900. The N900, while immune to a few of the attack scenarios, is vulnerable to most of them

17:11 <Joerg-Neo900> Neo900, by a simple and easy hw modification possible to get done by basically every user, could get modified in field to be 100% on top of this and any other SIM-based exploits

17:12 <Joerg-Neo900> (hint: monitor SIM IF)

17:13 <Joerg-Neo900> the modificaten takes ca 30min incl disassembly and re-asembly and needs a torx driver and tweezers as tools

17:18 <Joerg-Neo900> oh, context for those who missed it: https://thehackernews.com/2019/09/simjacker-mobile-hacking.html

17:25 _whitelogger has joined #neo900

18:11 <norly> hi neo900 team, just a quick note - the SSL certificate on https://neo900.org has expired

20:13 <crox> maybe it could be replaced by a letsencrypt one? (I guess the expired certificate was issued before LE allowed wildcard certificates)

20:50 <Joerg-Neo900> yes. Know, thanks for noting nevertheless. As soon as one of the sysops feels like tackling it, we will take care

20:50 <Joerg-Neo900> Known, even

20:50 <Joerg-Neo900> at least our server doesn't enforce https ;-)

20:55 <Joerg-Neo900> a year ago I had the money on my private account to get a wildcard cert and not pester sysops to spend their expensive and precious time on LE installation, a 100 EUR per years seemed the more reasonable approach. Alas now I can't afford this anymore and it's unclear how long the servers will stay paid and up and online at all due to that