Ask / Submit
25

[security] sailfish is not affected by "vDirect Mobile / OMA-DM" vulnerability. [answered]

asked 2014-08-07 20:33:57 +0200

mosen gravatar image

updated 2014-08-26 15:00:36 +0200

jiit gravatar image

EDIT: Question was "is sailfish affected by "vDirect Mobile" vulnerability?", reformulated thanks to Aards answer!!

Read today about a possible vulnerability in "vDirect Mobile" software, which is used in "all prominent mobile oses" for "over-the-air configuration" according to heise.de. [german] http://www.heise.de/newsticker/meldung/Black-Hat-2014-Netzbetreiber-Software-zum-Fernsteuern-von-Mobilgeraeten-erlaubt-Missbrauch-2287821.html and in Securityledger.com [english] https://securityledger.com/2014/08/vulnerable-mobile-software-management-tool-reaches-into-iot/ My question is, does Jolla use any of that code in Sailfish, or is this vulnerability limited to Android, Blackberry, iOS and Windows Phone? If so, it would be a great marketing timing to go forward and let folks know about this security advantage!

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by nthn
close date 2017-03-06 20:25:08.802766

Comments

Would be very interesting to know!!!

Stefan P ( 2014-08-07 22:30:28 +0200 )edit
1

And another article with reference to the Open Mobile Alliance Device Management (OMA-DM) protocol, and some links: http://www.theregister.co.uk/2014/08/08/two_billeeon_mobile_phones_easily_hackable_with_dummy_base_station/

meneer ( 2014-08-08 13:47:59 +0200 )edit

So, even if sailfish would rely on OMA-DM (which is totally a guess as there is no official statement or other source that i could find in 3 days searching), the attack scenario would require the attacker to develop and deploy a device/os specific hacked firmeware (or patch?). As with all malware this is rather unlikely to happen to a small ecosystem like ours due to "commercial inefficiancy". Or am i wrong?

mosen ( 2014-08-10 12:53:11 +0200 )edit

1 Answer

Sort by » oldest newest most voted
15

answered 2014-08-12 17:29:18 +0200

Aard gravatar image

SailfishOS is not vulnerable to this. We currently don't support OMA-DM. If/when it comes it'll most likely not be the 'vDirect Mobile' implementation.

edit flag offensive delete publish link more

Comments

1

Very cool! So Sailfish is the only commercially available "safe haven" against that vulnerability??? Marketing, Marketing scream it out!

mosen ( 2014-08-12 18:05:23 +0200 )edit

Nice to hear that!!! :)

Stefan P ( 2014-08-12 23:58:58 +0200 )edit

Question tools

Follow
4 followers

Stats

Asked: 2014-08-07 20:33:57 +0200

Seen: 1,158 times

Last updated: Aug 12 '14