SMS-Ticket-Vortrag: Unterschied zwischen den Versionen
AndiS (Diskussion | Beiträge) (Datum fix, 5. Mai 2009 + Abstracts + Vortragender + Ankündigung) |
Pk (Diskussion | Beiträge) K (+kat) |
||
(2 dazwischenliegende Versionen von einem anderen Benutzer werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
<div style="font-size:larger;">Das Metalab lädt herzlich zum Vortrag von | <div style="font-size:larger;">Das Metalab lädt herzlich zum Vortrag von | ||
[[User:Wilder|Pavol Luptak]] über SMS-Ticket Hacking ein.</div> | [[User:Wilder|Pavol Luptak]] über SMS-Ticket Hacking ein.</div> | ||
Zeile 7: | Zeile 5: | ||
<div style="font-size:larger;">The Metalab warmly invites to | <div style="font-size:larger;">The Metalab warmly invites to | ||
[[User:Wilder|Pavol Luptak]] about SMS-Ticket hacking.</div> | [[User:Wilder|Pavol Luptak's]] talk about SMS-Ticket hacking.</div> | ||
: on '''Tuesday''', '''May 5th''' 2009, 20:00h<br /> | : on '''Tuesday''', '''May 5th''' 2009, 20:00h<br /> | ||
: in the Metalab, [[Lage|Rathausstrasse 6]], 1010 Wien | : in the Metalab, [[Lage|Rathausstrasse 6]], 1010 Wien | ||
< | === Abstract === | ||
<cite>The primary aim of this presentation is to show a serious inherent vulnerability in the public transport SMS tickets system widely used in many big cities. Firstly, prerequisites for a successful hack are described. Then a proposed SMS ticket hacking network architecture is outlined, including a SMS ticket hack server, SMS ticket mobile hack clients and their encrypted communication protocol. The author describes various partial solutions how to fix this vulnerability including instructions for attackers how to evade them (e.g. by using decentralized private P2P mobile network). Finally, an effective countermeasure is proposed: secure SMS ticket generation methods based on symmetric/asymmetric cryptography and a security improvement of transport inspector’s checking process. Despite the fact that public transport companies have already been informed about this serious vulnerability, they ignore this fact and still use the vulnerable systems.</cite> | |||
=== More about the Speaker === | |||
* [http://trip.sk/cv/cv-comprehensive.html Pavol's CV] | |||
[ | [[Kategorie:Veranstaltungen]] | ||
[[Kategorie:English]] |
Aktuelle Version vom 30. April 2009, 04:32 Uhr
- am Dienstag, den 5. Mai 2009, 20:00h
- im Metalab, Rathausstrasse 6, 1010 Wien
- on Tuesday, May 5th 2009, 20:00h
- in the Metalab, Rathausstrasse 6, 1010 Wien
Abstract
The primary aim of this presentation is to show a serious inherent vulnerability in the public transport SMS tickets system widely used in many big cities. Firstly, prerequisites for a successful hack are described. Then a proposed SMS ticket hacking network architecture is outlined, including a SMS ticket hack server, SMS ticket mobile hack clients and their encrypted communication protocol. The author describes various partial solutions how to fix this vulnerability including instructions for attackers how to evade them (e.g. by using decentralized private P2P mobile network). Finally, an effective countermeasure is proposed: secure SMS ticket generation methods based on symmetric/asymmetric cryptography and a security improvement of transport inspector’s checking process. Despite the fact that public transport companies have already been informed about this serious vulnerability, they ignore this fact and still use the vulnerable systems.