Vulnerable OMA-DM Implementations and Over the Air Hacks

Earlier today, I was listening to Risky Business show #341. In this show Matt Solnik discussed vulnerabilities that he attempted to share at BlackHat. I say attempted, because it sounds like they may have had some issues with audio/video during critical times of the presentation. Nonetheless, it seems like there are many vulnerable implementations of the open mobile administration device management (OMA-DM). I took a minute to dig up some of the videos published by Accuvant that makes this stuff real.

Over the Air Code Execution and Jailbreak

NIA-Based Lock Screen Bypass

External Links

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may not reflect the position of past, present or future employers.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Other. Bookmark the permalink.

1 Response to Vulnerable OMA-DM Implementations and Over the Air Hacks

  1. James Cabe says:

    ODM-MA isn’t that scary. I could see where the targeted version should worry banking corporations, Energy, and other high value targets. Mainly because it gives direct access to phones that could be used as jump boxes to internal infrastructure once in. But this basically requires the attacker to put up their own baseband router and radio. Carriers should do a little more to secure this with a WIDS-like service, but this would take a bit of doing.

Comments are closed.