Active Topics
-
Is there a section to talk about Java ME? Apps, etc. (3)
to General by Kalatti - 1 day, 9 hrs ago - more...
|
2012-07-12
, 20:15
|
|
Posts: 155 |
Thanked: 315 times |
Joined on Jun 2010
@ DE
|
#1212
|
smscon 0.10.6-1 has been queued for loading into fremantle extras-devel repository.
Further notes:
- FIX: COM_ALARM no longer restricted to wav-files. Plays (almost) any sound file type now.
- NEW: The smscon command has a new option to establish sound files to be used as alarm:
The optional 'ref' keyword tells smscon to refer the file only rather than to copy it into its own storage. Since sound files are large, ref is handy while testing several sounds. You should not use 'ref' to establish the final sound. A filename of '--default' restores standard alarm sound.Code:smscon -alarm [ref] filename
- FIX: Some SMS commands (e.g. silencing the phone, etc) did not work properly if the currently running smscon_daemon was started on phone boot. Since last version this start mode is used for normal start/stop operations as well. As a consequence the bug comes up more often and is fixed now (session dbus was not available for daemon).
- NEW: New commands COM_SILENTON and COM_SILENTOFF to explicitly silence the phone and to undo silencing (COM_SILENTOFF restores volumes being active before COM_SILENTON).
- CHANCED: New SIM cards are no longer authorized by default (this happened in the past after smscon sent notification about new SIM). A SIM card must now be authorized explicitly by using smscon-editor or by command line:
This is not a new command but you have to use it explicitly now. Btw. to revoke authorization of current SIM card useCode:smscon -add imsi
Code:smscon -remove imsi
- NEW: A stolen mode. Smscon operates in stolen mode automatically if the SIM card is not authorized (e.g. is a new SIM) or if the SIM PIN of an authorized SIM was not correct or if there is no SIM card et all. For those regularly using their N900 without SIM card there is a new STOLENIFNOSIM user setting to change no-SIM behaviour.
- NEW: New command COM_STOLEN to enable stolen mode explicitly. This command may be used in case the phone got lost or stolen with authorized SIM inserted and valid PIN code already entered. The command revokes authorization from all SIM cards even your own SIM that is now being used by finder or thief. In case you got your phone back, you have to grant authorization for your SIM card again.
- FIX: Keyboard slider detection and battery charge info is now sent in stolen mode, only.
- NEW: Rotated smscon.log file. The smscon.log file is now limited to roughly 100 KB size. Log will flood into smscon.log.1, smscon.log.2 etc until smscon.log.5 files. Older log entries will be removed. This ensures that smscon occupies a limited and deterministic size of disk space only (round about 600KB).
- FIX: A bug in decoding incoming SMS messages has been fixed. The bug leads to failures in command detection. Happend to SMS messages of 7 chars length (and multiples of 7).
- NEW: Delete incoming SMS from chat history if it was a valid smscon command.
Further notes:
- Deletion of incoming SMS from chat does not yet prevent the SMS to show up temporarily as "just arrived SMS". Unfortunately.
- TrueCrypt: The idea is as follows:
smscon provides a new command line option to supply a password-B to access encrypted data (e.g. mount container or partition). This password-B is generated from a password-A (provided by regular user) which is somehow modified/signed using the IMSI (and perhaps IMEI). Password-A may be stored plain text on phone. It is needless without having entered the correct SIM PIN because IMSI is only available with SIM PIN.
Given this, the correct SIM PIN could open the phone completely including access to TrueCrypt data. Without PIN the phone offers only irrelevant or encrypted data.
Since IMSI in this concept becomes a key to encrypted data, smscon 0.10.6-1 will no longer store IMSI codes to detect authorized SIM cards.
- I will update wiki after getting some feedback here and - may be - making some corrections.
| The Following 10 Users Say Thank You to yablacky For This Useful Post: | ||
 |
|
2012-07-12
, 21:51
|
|
Posts: 1,648 |
Thanked: 2,122 times |
Joined on Mar 2007
@ UNKLE's Never Never Land
|
#1213
|
Release of SMSCON Editor 0.10.6-1 in extras-devel
Changes:
Changes:
- NEW: Added new SMSCON commands COM_SILENTON, COM_SILENTOFF and COM_STOLEN
- CHANGE: Follow changes in smscon_boot file.
- CHANGE: Rename buttons for Add/Remove IMSI to Authorize/De-authorize SIM
__________________
Packages: elGR Locale, SMSCON Editor, Swappolube, CSSU Features Configuration, Snuggle, YAMAS, Cleven
Garage: SMSCON, Swappolube, CSSU Features Configuration, Snuggle
Wiki: SMSCON, SMSCON Editor, Swappolube, CSSU Features Configuration, Cleven
Packages: elGR Locale, SMSCON Editor, Swappolube, CSSU Features Configuration, Snuggle, YAMAS, Cleven
Garage: SMSCON, Swappolube, CSSU Features Configuration, Snuggle
Wiki: SMSCON, SMSCON Editor, Swappolube, CSSU Features Configuration, Cleven
 |
|
2012-07-13
, 15:58
|
|
Posts: 5,028 |
Thanked: 8,613 times |
Joined on Mar 2011
|
#1214
|
yablacky, while idea of using IMSI as an de-facto key for truecrypt - isn't it offering too low security? It's numbers only - I don't have hard data with me, but bruteforcing it would be orders of magnitude easier, than any TrueCrypt password should be - yep?
Isn't it becoming security through obscurity (i.e. relying on fact, that attacker doesn't know - usually - way used to deliver password from PIN and IMSI)?
Take this with grain of salt, as I don't know details yet
/Estel
Isn't it becoming security through obscurity (i.e. relying on fact, that attacker doesn't know - usually - way used to deliver password from PIN and IMSI)?
Take this with grain of salt, as I don't know details yet
/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
| The Following User Says Thank You to Estel For This Useful Post: | ||
|
|
2012-07-13
, 17:06
|
|
Posts: 155 |
Thanked: 315 times |
Joined on Jun 2010
@ DE
|
#1215
|
Originally Posted by Estel
The IMSI is a 15-digit number, appox. 50 bits. I agree, this nowadays is not very secure against brute force attacks.
yablacky, while idea of using IMSI as an de-facto key for truecrypt - isn't it offering too low security? It's numbers only - I don't have hard data with me, but bruteforcing it would be orders of magnitude easier, than any TrueCrypt password should be - yep?
Isn't it becoming security through obscurity (i.e. relying on fact, that attacker doesn't know - usually - way used to deliver password from PIN and IMSI)?
I tried a lot to access other data on the SIM which requires PIN, e.g. the address book. This could provide more bits to the key. I just had no success yet to query the SIM phone book programmatically
Has anybody tried this successfully? It could help a lot.On the other hand, some may find that 50 bits are enough for their data on the phone. The usual thief or finder would not try to crack it brute force. Those having real sensitive data should of course not protect data using a 15 digit number...
|
|
2012-07-13
, 21:12
|
|
Posts: 5,028 |
Thanked: 8,613 times |
Joined on Mar 2011
|
#1216
|
I agree, that it may be enough for thing like private photos or content of addressbook. Other things may be encrypted in a way, that it isn't auto-mounted on boot.
But, I fail to understand, how it helps us to avoid need for lock code kicking in every 5, 15, or 30 minutes? If we have our device in use without lock code auto-lock feature, thief can access our encrypted data, because it's mounted on boot, anyway. OTOH, if we use auto-lock code, we can't use smsCON after reboot. That was the deal.
I'm too slow, or it is not this stage yet?
/Estel
But, I fail to understand, how it helps us to avoid need for lock code kicking in every 5, 15, or 30 minutes? If we have our device in use without lock code auto-lock feature, thief can access our encrypted data, because it's mounted on boot, anyway. OTOH, if we use auto-lock code, we can't use smsCON after reboot. That was the deal.
I'm too slow, or it is not this stage yet?
/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
|
|
2012-07-14
, 16:01
|
|
Posts: 155 |
Thanked: 315 times |
Joined on Jun 2010
@ DE
|
#1218
|
Originally Posted by Estel
You're alright
...
But, I fail to understand, how it helps us to avoid need for lock code kicking in every 5, 15, or 30 minutes? If we have our device in use without lock code auto-lock feature, thief can access our encrypted data, because it's mounted on boot, anyway. OTOH, if we use auto-lock code, we can't use smsCON after reboot. That was the deal.
I'm too slow, or it is not this stage yet?
It isn't that far yet. But it's ongoing. Today I found a way to move the device lock question behind the pin-code question 
This way device locking on boot does not prevent smscon operation. It works pretty nice but yet has some pitfalls that need some work.
 |
|
2012-07-14
, 16:47
|
|
Posts: 548 |
Thanked: 562 times |
Joined on Aug 2011
@ Germany
|
#1219
|
Originally Posted by Kabouik
It would be great to have SMSCon on N9
Any chance this awsome app would be ported to N9(50) someday? I may really miss it someday if my N9 get lost/stolen. :/
See page 114 or this post.
| The Following User Says Thank You to willi6868 For This Useful Post: | ||
|
|
2012-07-14
, 20:39
|
|
Posts: 1,341 |
Thanked: 708 times |
Joined on Feb 2010
|
#1220
|
Originally Posted by yablacky
The IMSI is a 15-digit number, appox. 50 bits. I agree, this nowadays is not very secure against brute force attacks.
I tried a lot to access other data on the SIM which requires PIN, e.g. the address book. This could provide more bits to the key. I just had no success yet to query the SIM phone book programmatically
On the other hand, some may find that 50 bits are enough for their data on the phone. The usual thief or finder would not try to crack it brute force. Those having real sensitive data should of course not protect data using a 15 digit number...
Having more than 15 digits as a truecrypt password is a MUST though. It is way too easy to brute force and anyone could find instructions on the web by asking. Having other info from SIM card behind PIN code is good idea in that case to increase the password length.
Of course three letter agencies, police, operators and those have no problem finding out your IMSI.
Can IMSI be retrieved and SIM-card opened by hacking somehow maybe? Actually there is only 10000 keys to brute force, but normally SIM-card gets locked down after 3 wrong PIN-code attempts.
btw, is there any reason why smscon password has to be in plain text anywhere?
Last edited by zimon; 2012-07-14 at 20:41.
| The Following 2 Users Say Thank You to zimon For This Useful Post: | ||
And (deleting received SMS-commands) makes also sense in terms of security somehow..
Michael