Has Orange opened the door for Smartphone hacking? :/

[Guest Crispy]

Ok, I have been wondering for a while and now I'm gonna ask u all. The whole Orange developer unlock thing, OTA. Isn’t it a huge security hole? ... The fact is that OTA sends a binary SMS to the phone which then visits an ASP page on the Orangews website. Now I wonder ... Isn’t i possible for someone to intercept all in/out-going traffic and find out how turn of the file protection system on the phone? Then he could access the root certificates and in that way gain access to the Phone/SMS/Internet APIs. Then he would have full access to all parts of the phone and be able to make phone calls send SMS/MMS etc. All of this could then be bundled in a single program which could be spread via Email or MMS.

That was my thought ... but that can't be true, can it!! ... Would Orange be so careless?!?! ... Could someone explain to me why this (hopefully) is impossible ... :)

Is the maybe the reason they wanted the app-lock in the first place?

[Guest MECX]

i dont know much about this but my understanding was that the OTA didnt go near the certificates for the 'phone' side of things.

so all the person would be able to do would be to unlock the PDA side of the phone if he was able to intercept the traffic.

maybe somone with actual knowlegde could put holes in my idea :)

[Guest awarner [MVP]]

There are two levels of security on the phone and we don't touch the GSM security level.

(this is from memory of old posts when this was first discussed)

[Guest MECX]

well you have a month and a hell of alot more posts on me awarner---now you mention it tho i do remember reading that in the distant past :)

[Guest Arisme]

HTC opened that door first :)

easy ROM upgrades with absolutely no checks on the image, nobody can beat that :wink:

[Guest vijay555]

i was thinking about this, but isn't OTA done with digital certificates? it's not like a normal sms upgrade message we get.

I remember reading way back, with the discussion about why locking existed at all, that the fear was about someone backdrafting a virus etc into the network and then mass infecting, but i think the certificate system would prevent any real worrisome virusacy.

V

[Guest Monolithix [MVP]]

hehe Arisme...

As for the certificates question. The phone has two types of certification, privilidged and unprivilidged. Only Orange has a root certificate with privilidged access on the phone, and only they can sign apps that can access privilidged areas of the phone (basically GSM-side stuff: SMS, calls, GPRS etc). These would include the MMS client, Orange Update/Backup and all the other Action Engine apps (including the decerter i believe).

Everything else is unprivilidged, and is signed by Baltimore (GeoTrust) or VeriSign, and these can only access the CE (unprivilidged) side of the phone. This would go for all the other apps you see, notepads, games, todo lists etc.

[Guest mcwarre]

The new OTA (due out soon) should rectify this; the new action register will actively go to Orange servers to download the unlock. At the moment, as you mention, it waits for an sms which tells the phone where to go ( I could think of a few places!! :roll: :roll: ).

Even if it is signed it can be intercepted and reprogrammed if someone has the ability (and computing power) to break the encryption. Although IMHO I doubt if anyone would bother; people with this ability would probably get your credit card details from which they could profit :shock: rather than try and gain access to your phone.

[Guest Monolithix [MVP]]

Yep of course. Nice target for a bog standard worm though, pull your contacts and inbox email addresses and send them back to a spam db...

However, as you say, this ~should~ be rectified :)