Home > IT, Security > Winner: Lame Vuln of the Year Award

Winner: Lame Vuln of the Year Award

October 18th, 2007 Leave a comment Go to comments

I saw a blog post over at McAfee Avert Labs (normally their blog is one of my favourite reads) and I'm not really sure what to think. At first I thought it was a joke... but apparently they are serious. The bug that they are reporting is this:

  1. Connect a Windows Mobile device to your computer via USB.
  2. Sniff the USB Connection
  3. Convince the user to enter their password
  4. Capture the decryption key + encrypted characters
  5. Decrypt the password

Now here's my thought... if you've got the ability to sniff the USB connection... why not put a key logger on the keyboard, it's probably a heck of a lot easier. Now this blog post serves as an introduction to a White Paper that McAfee has released, "Mobile Malware: Threats and Prevention." The white paper is actually interesting, while written at a very high level... the discussion on SMS blocking via the API was interesting and made everything worthwhile. It is, however, unfortunate, that they chose to introduce the paper with this blog post. I'm hoping we'll see more follow-up on the paper, including a much lower level discussion on SMS Blocking and utilizing the API.

Categories: IT, Security Tags:

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

  1. No comments yet.
  1. No trackbacks yet.