[gariac]

@gariac
@jpvj

All good points, but I still don't see a need for OMA-DM here.

If my pc would start an attack, my local ISP would also not stun my pc...wouldn't even cut me off from the network, though this less invasive countermeasure could be a reasonable compromise.

If you had DSL, they would cut you off at the port. Cable is trickier, but I assure you they can remotely mess with your modem, well at least if you use THEIR modem. (Recall that Comcast turned on wifi unless you opted out.) I don't know about a self purchased DOCSIS modem. Even DSL has remote management, though if you buy your own modem, you can turn that off.


Posted via CB10

[gariac]

But the device will still try to contact the network only to be told "no service available". If the device behaves as it should nothing should happen until you restart the device (opposite of Sheldon)

Posted via CB10

That is Sheldon knocking and Penny telling him to go away. But Sheldon is not stunned in any way. When the battery is drained, er I mean when Sheldon has to eat, the knocking will stop.

Posted via CB10

[jpvj]

@gariac
@jpvj

All good points, but I still don't see a need for OMA-DM here.

If my pc would start an attack, my local ISP would also not stun my pc...wouldn't even cut me off from the network, though this less invasive countermeasure could be a reasonable compromise.

I was not trying to advocate for OMA-DM. Just explaining what the device could do.

The problem with wireless connectivity is you have to listen to "anything" incoming. A cabled connection can be disconnected.

IMHO OMA-DM is not meant as a tool to resolve this issue.



Posted via CB10

[Superdupont 2_0]

If you had DSL, they would cut you off at the port. Cable is trickier, but I assure you they can remotely mess with your modem, well at least if you use THEIR modem ....

Good, so ISPs may have a peripheral control over a modem or even a router, but never control over the OSs of the devices (pc, tablets, smartphones) which are connected to the local network.

Peripheral control is okay for me, because it doesn't increase the risks much.
Basically every "network provider" is logging traffic and has a perfect MITM position, so the security level doesn't change much, if ISPs control customized modems/routers of their clients.


But coming back to BlackBerry and smartphones.
I think you brought up a reasonable argument here

Let's say your phone goes a little psycho. (You may recall some Android app a few years ago that literally DDOSed T-mobile.) The networks need to stun gear that is screwing up the network. That is part of network management.

However, do you think the providers need that invasive OMA-DM to prevent attacks?
After our discussion, I still have the impression that providers can simply shut down the service for a simcard if their network is under attack.

And regarding your example of a psycho-app, there is indeed significant control:

Brazil Orders Apple To Use iPhone App 'Kill Switch' - Business Insider

Apple, Google and MS can do it.
BlackBerry can probably also do it.

Apps which could be maybe "out of control" could be from alternative appstores or if one directly installs an apk.
(also jailbreaks like CyanogenMod or Cydia are somewhat "out of control", but if that would be a way to get rid of OMA-DM...jailbreaks would be a considerable alternative for private use).

Again, I see no need to install OMA-DM on BlackBerries to prevent network attacks.

More important:
The Apple-model is excellent prove for years that also these code reviews by carriers are NOT needed to secure their networks.
And iOS is by far not on the same stable level BB 10 is.

[Superdupont 2_0]

I was not trying to advocate for OMA-DM. Just explaining what the device could do.

Yup, your comments never gave me the impression of you being a big OMA-DM supporter.

The problem with wireless connectivity is you have to listen to "anything" incoming. A cabled connection can be disconnected. IMHO OMA-DM is not meant as a tool to resolve this issue.

According to page 8 of that presentation from Accuvant Labs OMA-DM is mainly meant for the below objects and I don't want any single of these to be managed on my device:


FUMO
‐ Firmware Update Management Object (FOTA)
- Install and manage firmware over the air updates.


ConnMO
‐ Connectivity Management Object
– Manage cellular and baseband parameters ‐ APNs, CDMA sefngs, Band Channels, CSIM/
UICC, LTE, IMS, VoWIFI,etc


LAWMO
‐ Lock and Wipe Management Object
- Lock, factory reset, wipe, and power cycle devices

DCMO
‐ Device Capabilities Management Object
- Manage device functionality such as encryption settings, camera control, bluetooth, GPS, etc


DiagMon
‐ Device Diagnostics Management Object
– Manage and monitor RF settings, Battery Status, Memory Usage, Process list, etc

SCOMO
‐ Software Component Management Object
- The ability to remotely Install, Remove, Activate, Deactivate Software applications

Many More...

[gariac]

http://www.welivesecurity.com/2014/0...id-security-2/

Some dubious article about fake towers. Given that the base of the article is from Popular Science, I'm skeptical.

I can tell you I never saw a fed or military in a black SUV in the desert. They drive white SUVs.

Posted via CB10

[Superdupont 2_0]

Android security mystery - 'fake? cellphone towers found in U.S.
Some dubious article about fake towers. Given that the base of the article is from Popular Science, I'm skeptical.

IMSI catcher and baseband attacks are subject to serious research, and it seems that the GSMK CryptoPhone is in direct competition with the BlackBerry/Secusmart solution.

Crytophones Encrypt Calls Against Surveillance | MIT Technology Review

I do hope BlackBerry is watching what ESD America is offering here.


When I look at the original article from PoSci, well, I have to say things like a "baseband firewall" are basically the sort of candy that I am missing for my Q5...haha.

[gariac]

IMSI catcher and baseband attacks are subject to serious research, and it seems that the GSMK CryptoPhone is in direct competition with the BlackBerry/Secusmart solution.

Crytophones Encrypt Calls Against Surveillance | MIT Technology Review

I do hope BlackBerry is watching what ESD America is offering here.


When I look at the original article from PoSci, well, I have to say things like a "baseband firewall" are basically the sort of candy that I am missing for my Q5...haha.

We had a firewall prior to bb10. At least there was one in os6.

I do run a tower sniffer when travelling. I didn't see anything funny in Las Vegas. I've stayed at South Point (casino mentioned in adticle) many times. Nothing funny sniffed there.

I have a few rural tower sniffing files that I haven't reviewed.



Posted via CB10