We can remember it for you wholesale..
13 July 2007
We can remember it for you wholesale..
Big news this week was that, finally, some details became public in the great Vodafone Greece spy scandal. IEEE Spectrum's July issue carries a huge article by Greek computer scientists on exactly how the still-mysterious attackers got into the system, and how they were eventually given away.
It seems that the attackers used a telco-specific feature of the Ericsson AXE switchen, their ability to undergo operating system updates without going offline, to insert malicious code in the "corrections area" assigned to each memory block. This code, when executed, defined itself a chunk of memory that was concealed from the system administrator. From within this secret compartment, it then activated the lawful interception interface, sending the data from the tap out through the secret compartment.
Because Vodafone didn't use the administrator interface Ericsson offers for lawful intercept, which includes an audit procedure to check the active taps against a list of authorised taps, it noticed nothing. (Readers with AXEs may now rush out and call their friendly local Ericsson sales engineer.)
Nothing, that is, until the hackers overreached trying to improve their solution further, and inadvertently caused the switch to reboot. There was a major degradation of service. This being a telco, that got attention; a complete core dump was carried out and compared to the last one, at which point the secret process was spotted.
Vodafone management then decided - and who can blame them? - to eliminate it at once. The Greek police weren't happy, as this lost the chance of tracking down the listeners. They were even less happy when it emerged that the logs showing who had visited the switching centre had also mysteriously vanished.
However, there can't be that many people in the world who can program an effective rootkit in PLEX, the recondite programming language used in the AXEs. And out of them, there can only be so many who were in Athens during the period of interest - it seems as good as certain that the hackers had physical access to the machine.
The kicker is that Ericsson subcontracts some of its switch development work to Intarcom, a company based in Athens. Surely the number of possible suspects can't be that great? Do we face the prospect of telecoms terrorists? Is a secret technocratic cult spying on us?
Or perhaps it was Motorola, trying to draw attention from their results? Smilin' Ed Zander is in deep water at the moment - hardly unusual for a man who shares his name with a fish - as Moto issued a profits warning and slashed its Q2 sales forecast. Apparently, phone sales are down 32 per cent, the firm will make a loss in the second quarter, and the mobile phones division will lose money for the full year. Oh noes - I is a Motorola kitteh!
Although Carl Ichan's lunge for the board was repelled, the rest of the shareholders are increasingly repelled themselves - some of them are now demanding Zander's head. The chief problem is that Moto's decision to put everything behind cheap phones has gone pear-shaped, with no serious competition for the Nokia, MS Windows, and Apple devices, lots of cheap phones that aren't cheap enough, and a savage fight for the mid-market.
Speaking of which - Sony Ericsson and Samsung, the two key midmarket competitors, also had results out this week. And what happened?
Well, SE's profits were up 55 per cent year-on-year, on sales Euro900m greater than a year ago. 24.9 million gadgets, including nine million Walkmans, shipped in Q207 - compared with 15.7 million in the same period a year before. Market share rose by three per cent as the company closed in on both Samsung and Moto.
Samsung, meanwhile, saw its profits fall by five per cent to 1.42bn won, the worst result for four years. Management blamed a crash in the price of DRAM chips; its shipments were expected to double this year. Mobile phones, though, are going like hot cakes - Samsung hiked its sales forecast from 133 million gadgets to 150 million. And don??????t forget that it makes quite a lot of each iPhone..
Synchronica, meanwhile, announced that it had successfully synchronised iPhones with a Microsoft Exchange server through its Mobile Gateway product and what a press release described as "Microsoft's secure Outlook Web Access". The Informer is far from sure that many mailserver admins would describe it as such.
But there was more good news in the thrilling world of mobile email. Seven Networks and Visto's mind-numbing patent dispute has finally been resolved, as one side agreed to accept that the other has patents and ponied up the licence cash. Whoopee doo.
Why not try a little social networking to get rid of that horrible lawyer taste? Sonopia and Wapple this week announced a ready-baked WAP-based social networking portal that carriers or MVNOs can readily customise to spin up a service quickly. Apparently they've already deployed instances of it for the American Medical Students Association, IBM, and Long Island Ducks. We didn't know ducks had mobiles, to be honest.
The alternative to social networking shouldn't actually be anti-social networking; but there you go. Sprint-Nextel this week discovered a new solution to customer care when it decided to have 1,200 subscribers cut off - because they called the company too often. Just go away, it said. Presumably, though, it can't be so bad; they are, the Informer surmises, unhappy with the service they receive from S/N. And as the penalty fee for breaking off the contract early is waived - and they don??????t even have to pay the last bill -they should be fully satisfied.
The Informer tries to find at least one service that is actually useful for each AWIW, as a counter-measure to the usual morass of e-lotteries, ads, smut, and software-management software for managing software-management software manager management software. It can be tough - if the mobile commerce world was ever to take off, it would be rather like ... reality, especially the kind around the wrong end of Oxford Street. Scratty, crowded, and hucksterish.
But Masab's new product looks genuinely useful - it's a crypto program that provides a secure authentication function for credit card transactions, in only 3Kb of memory and either a few bytes of data or an SMS message. The first application is to be for train tickets. This week, it had BT's security experts check it out - which of course means feeding it into the mind of Bruce Schneier. BT says it successfully provides RSA FIPS up to 4096 bits and AES encryption up to 256 bits, which should be enough for anyone. Even Greek Vodafone subscribers.
Take care and happy summer holidays to you all.
The Informer
[The Informer is taking his annual summer hols now and will be back in September. Keep an out for the occasion Informer postcard on telecoms.com]
To comment on any articles, please contact us at chatback@telecoms.com or have your say on our blog.
Bookmark this page
