[smb at cs.columbia.edu: serious threat models]
Tyler Durden
camera_lumina at hotmail.com
Fri Feb 3 18:16:08 PST 2006
Coderman's on to something here...
>if you knew what you were doing it would be straightforward to insert
>a promiscuous device on the LAN or add a process on the unix host used
>by the softswitch that listened for incoming calls from a given set of
>MIN's and one way conference these calls to a third party*. if you
>had access to a current version of the softswitch software itself for
>modification it would be even easier (most companies license sources
>and tailor or customize the software to run these switches so it's not
>quite as simple as a generic drop in replacement).
>
>it took "a professional" to do this, sure, but the number of people
>skilled enough to pull this off is not a small number.
I actually strongly suspect Vodaphone cooperation in this.
"Seeding" a remote software upgrade to a switch like this is extremely
difficult if you're coming in from another vendor's gear. Right now I
believe they would've had to gain physical access and install the software
in person, otherwise they'd have to go through the local Greek NOC.
I suppose it's POSSIBLE they modified the Vodaphone software and remotely
seeded it without anyone being the wiser, but what? No one noticed a bunch
of DS0s were all of a sudden provisioned with unknown traffic?
But no doubt they had copies of the gear, no doubt they had access to the
firmware code, no doubt they had telco gear coders (something that's
practically nonexistent in Greece right now)...
If you ask me, Vodaphone's playing dumb in light of EFF suing AT&T. They
realized there's no way they code hide that if someone was inspired to start
looking more closely.
-TD
More information about the Testlist
mailing list