Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Holes Found in T-Mobile Website

Posted by Zonk on from the website-made-by-the-swiss? dept.

mogwhat writes "Even though T-Mobile's website was decisively hacked into over a year ago by now (in)famous cracker Nick Jacobsen, a blog posting by computer security expert Jack Koziol details many serious security holes in various T-Mobile websites. You would think that T-Mobile would have paid attention the first time? Time to get a new cell phone provider!"

5 of 183 comments (clear)

  1. Obscured Security by Doc+Ruby · · Score: 4, Interesting

    How do we know that Verizon, Sprint, AT&T or others are safe? T-Mobile should get hit with the liability for the identities of their violated customers, which would force them to tap their business liability insurance. That would force the other telcos insurance companies to force audits of them. We still wouldn't know whether we were protected, but it would be more likely. If a T-Mobile liability suit could find that T-Mobile violated its own published privacy policy, and held it accountable, that might force the other telcos down the same road, of honoring their own privacy policies. The same goes, of course, for all other personal info cachers, with their own toothless privacy policies. Until there's some serious consequences for lying about these responsibilities rather than backing them up, it's all wide open.

    --

    --
    make install -not war

  2. Re:Cell is already insecure by kevinbr · · Score: 5, Interesting

    T-Mobile use GSM.

    Soooooo........how does your digital scanner breal the encryption?

    Encryption in the GSM network utilizes a Challenge/Response mechanism.

    The Mobile Station (MS) signs into the network.
    The Mobile Services Switching Center (MSC) requests 5 triples from the Home Location Register (HLR).
    The Home Location Register creates five triples utilizing the A8 algorithm. These five triples each contain:
    A 128-bit random challenge (RAND)
    A 32-bit matching Signed Response (SRES)
    A 64-bit ciphering key used as a Session Key (Kc).

    The Home Location Register sends the Mobile Services Switching Center the five triples.
    The Mobile Services Switching Center sends the random challenge from the first triple to the Base Transceiver Station (BTS).
    The Base Transceiver Station sends the random challenge from the first triple to the Mobile Station.
    The Mobile Station receives the random challenge from the Base Transceiver Station and encrypts it with the Individual Subscriber Authentication Key (Ki) assigned to the Mobile Station utilizing the A3 algorithm.
    The Mobile Station sends the Signed Response to the Base Transceiver Station.
    The Base Transceiver Station sends the Signed Response to the Mobile Services Switching Center.
    The Mobile Services Switching Center verifies the Signed Response.
    The Mobile Station generates a Session Key (Kc) utilizing the A8 algorithm, the Individual Subscriber Authentication Key (Ki) assigned to the Mobile Station, and the random challenge received from the Base Transceiver Station.
    The Mobile Station sends the Session Key (Kc) to the Base Transceiver Station.
    The Mobile Services Switching Center sends the Session Key (Kc) to the Base Transceiver Station.
    The Base Transceiver Station receives the Session Key (Kc) from the Mobile Services Switching Center.
    The Base Transceiver Station receives the Session Key (Kc) from the Mobile Station.
    The Base Transceiver Station verifies the Session Keys from the Mobile Station and the Mobile Services switching Center.
    The A5 algorithm is initialized with the Session Key (Kc) and the number of the frame to be encrypted.
    Over-the-air communication channel between the Mobile Station and Base Transceiver Station can now be encrypted utilizing the A5 algorithm.

  3. It's Worse then you think.... by Anonymous Coward · · Score: 4, Interesting

    So I'm sitting in a doughnut shop near Grand Ave in Oakland and there is apparently a T-Mobile store next door. Not knowing this at the time I turn on my wireless to see if I can score some free internet...and I get an open connection. After my internetting is done I peek at Network neighborhood (because I'm always curious to see *how* open someone's internet connection is) and Voila! I get direct access to the T-mobile store's *two* servers next door. OK, it wasn't exactly direct. I had to use my enormous hacking skills to put in a username of "Administrator" with a *blank* password when I tried to connect to the server). Bingo - direct access to ALL T-mobile business info *including* completed and pending credit info.

    This is not a troll or a joke - it really happenned. I *like* T-mobile's phones...but their lack of security (well at least that one store's security anyway) scares me.

  4. Re:ASP or Java? by FerretFrottage · · Score: 2, Interesting

    Could be both. One part of the website may run using ASP (my.t-mobile.com) and other part looks to be using servlets (support.t-mobile.com) at least somewhere for some function(s). In fact the my.t-mobile.com source indicates that it was coding language is C#.

    --
    "Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
  5. Credit Card Numbers? by spud603 · · Score: 2, Interesting

    A couple of days ago some ne'rdowell got a hold of my credit card number and started buying italian airline tickets with it. Fortunately, my credit card company noticed and gave me a call.
    T-mobile is about the only website I give my credit card number to. Could their weak system be the culprit? I don't know enough about hacking to know if this is possible, but it seems like quite a coincidence...