Thursday, August 30, 2007

Bugging VoIP SIP Phones

From Sunnet Beskerming -

Recently findings suggests that it is a relatively simple matter to remotely eavesdrop on a broad range of SIP-enabled devices. For readers who aren't aware of what SIP-enabled devices are, SIP (Session Initiation Protocol) is a protocol that is used by a lot of VoIP software and associated telephone handsets to establish, modify, and control a VoIP connection between two parties.

The research that was published indicates that, for at least one vendor, it is possible to automatically call a SIP device from that vendor and have it silently accept the call, even if it is still on the hook - instantly turning it into a classic bugged phone. Whereas historic telephony bugs needed physical targeting of the line running to a property or place of business, the presence of VoIP in the equation allows bugging from anywhere in the world with equal ability. Now anyone can do from their armchair what only spies and law enforcement used to be able to do from inside the telephone switch / pit / distribution board, though it's still illegal to do so.

As well as bugging the phone, the action effectively acts as a Denial of Service against the device (after all, it is already engaged in a call).

Having found the bug via fuzzing, the discovering researchers believe that there may be a number of vendors that have created their own SIP networking code, with equivalent bugs contained within.

While the vendor concerned is expected to release appropriate patches soon, the disclosure is likely to turn attention on other SIP device providers.

This may already be happening, with two separate exploits released publicly in the last couple of days targeting Cisco SIP handsets, with the result of a Denial of Service condition against the phones. VoIP client software from eCentrex has also been targeted with public exploit code, except this time it allows for control over vulnerable devices as a result of a remote buffer overflow condition.

Concerned users and administrators who have SIP enabled software or hardware should be aware of their potential limitations and have appropriate mitigation strategies in place, especially if they are used in sensitive areas (military use, national secrets, trade secrets, etc).

Nokia's iPhone -- no, seriously

From Engadget -

The above phone was presented during Nokia's GoPlay event as a glimpse into the future of Nokia interface design. It's due out next year. When pressed during the Q&A about the striking similarity to the little Cupertino device, Anssi Vanjoki, Nokia's Executive VP & General Manager of Multimedia, said, "If there is something good in the world then we copy with pride."

Wednesday, August 29, 2007

Google is working on a mobile OS, and it's due out shortly

From Engadget, August 28, 2007 -

We've actually got some hot news from a number of very trustworthy sources about Google's plans for the mobile space. Namely, Google's mobile device platform is well on its way, and will be announced in the very near future.

The "Gphone OS" began development after Google's very quiet 2005 acquisition of mobile software company Android, started by Danger cofounder and former-prez / CEO Andy Rubin. At Google, Andy's team has developed a Linux-based mobile device OS (no surprise) which they're currently shopping around to handset makers and carriers on the premise of providing a flexible, customizable system -- with really great Google integration, of course.

As for the timeframe, we keep hearing Google will announce its mobile plans some time post-Labor Day (September 3rd); from what we've heard Google isn't necessarily working on hardware of its own, but is definitely working with OEMs and ODMs to get them to put the Gphone OS on upcoming devices. Think of it more in terms of Windows Mobile or Palm OS, Google wants to supply the platform but not sell the hardware. Still, don't entirely rule out the idea.

Monday, August 27, 2007

SMS: Expected Response in Five Minutes

From the 160Characters site -

According to an online 160 Characters survey that looked at how different messaging platforms elicit differing response times, 84% of users expect a SMS response in five minutes The survey looked at the user messaging habits across email, IM and SMS in personal and work environments.

The results highlight preference for using SMS as a key communication tool, especially when an immediate or near immediate response is required. 84% would respond to a personal SMS in less than 30 minutes according to the results while only 56% would respond in that time to a work related message.

The response time generally depended on the context and the person sending/receiving the mail, but differences emerged between the broad context of messages and between business and personal use.

26% of respondents would take between two and five hours to reply to a personal email and 31% would wait till the next day to reply. 26% said it would take them two to five hours to reply and 22% would wait till the next day. At least this was better than the response time to personal email with 31% waiting for the next day.

No one admitted to not using SMS for personal reasons but 12% still don't use it at work. However this compares to 60% who would never use MMS for work related communications with long delivery times cited as the main reason.

Mobile IM still has some way to go for both business and personal use with 42% not using mobile IM for personal reasons and 54% not using it for business.

This compares to the PC where only 15% don't use PC based IM for personal and 27% not using it in business. For those who use Mobile IM, 57% expect a reply within 5 minutes for a personal message while only 18% expect a business reply in that time.

There seems to be a trend to launch mobile IM under the guise of upgraded SMS. There is a temptation to merge messaging types as networks become more sophisticated. These results show that consumers are well aware of the different features of each messaging type and that they are comfortable choosing the message type most suited to the context of the message.

Saturday, August 25, 2007

Cool stats on mobile from BBDO last year

From Communities Dominate Brands -

From "Wireless Works" by BBDO and Proximity, from April of 2006. But inspite of it being over a year old, it has fascinating data. They interviewed 3,000 people around the world, and snippets of their findings include:

81% of youth aged 15 - 20 sleep with their mobile phone turned on.

Women in Japan have daytime and evening phones just like they have daytime and evening handbags.

96% of people screen their incoming calls.

76% of Australians and 76% of Spanish have already responded to mobile marketing campaigns, ie interacted with a brand via mobile.

In China if forced to choose between retrieving a forgotten wallet or retrieving a forgotten phone, 69% will go get the phone rather than the wallet.

And 63% of the phone owners will not lend the phone to anyone else.

Monday, August 20, 2007

Is Skype More Centralized Than Claimed?

From Techdirt - Skype recently suffered a pretty massive outage that prevented, a lot of, if not all, Skype users from logging in. The outage raised certain questions since Skype has been promoted as a decentralized P2P network without a potential central point of failure.

But the truth is Skype was never a completely P2P system as its authentication has always been centralized. In fact, there has been accusations in the past that a previous service by the Skype's founders, Kazaa, wasn't really decentralized either. Moreover, rumors persists that the founders have simply reused Kazaa's underlying code in building Skype. So, just how decentralized is Skype?

Friday, August 17, 2007

Nokia Warns Consumers Of Battery Overheating Risks

August 15, 2007 - Nokia warned consumers that 46 million batteries used in its mobile phones could overheat and offered to replace them for free while it negotiates with battery maker Matsushita over who would bear the costs.

Nokia, the world's top cellphone maker, said about 100 incidents of such overheating had been reported globally, but none had involved serious injuries or property damage.

"Nokia has identified that in very rare cases the Nokia-branded BL-5C batteries ... could potentially experience overheating initiated by a short circuit while charging, causing the battery to dislodge," it said on Tuesday.

Nokia said it was working closely with Matsushita Electric Industrial Co. Ltd., which made the batteries in question between December 2005 and November 2006, to investigate the problem.

Replacing the batteries would have some financial impact, but Matsushita would pay part of the costs, Nokia said.

Analyst Richard Windsor of Nomura estimated the cost to Nokia at a maximum of 100 million euros ($137 million). Research firm Gartner said one such battery would cost around $4.

Some U.S. cellphone analysts said the warning would be unlikely to either hurt Nokia's market share or boost its main rivals such as Motorola Inc., Samsung Electronics Co. or LG Electronics

But Jyske Bank downgraded its rating on Nokia shares to "reduce" from "buy," saying every third Nokia user would now have to check their phone's battery.

"I think this will hurt Nokia's brand a lot, and that's the most precious asset Nokia has," Jyske analyst Soren Linde Nielsen said. According to Interbrand, Nokia's brand is valued at $33.7 billion, making it the world's fifth-most valued brand after the likes of Coca-Cola and Microsoft.

Full details at NY Times.


To check if your Nokia battery needs replacement, go here.

Tuesday, August 7, 2007

Google shows phone prototype to vendors

August 02, 2007 (IDG News Service) -- Google has developed a prototype mobile phone that could reach the market within a year. It plans to offer consumers free subscriptions by bundling advertisements with its search engine, e-mail and Web browser software applications, according to a story published Thursday in The Wall Street Journal.

Google is showing the prototype to phone manufacturers and network operators as it continues to hone the technical specifications that will allow the phone to offer a better mobile Web browsing experience than current products. It declined to comment on the report of the prototype, but confirmed that it is working with partners to expand its software applications from the traditional Internet to mobile devices.

More at Computerworld.