SMS-Ticket-Vortrag: Unterschied zwischen den Versionen

aus Metalab Wiki, dem offenen Zentrum für meta-disziplinäre Magier und technisch-kreative Enthusiasten.
Zur Navigation springenZur Suche springen
Keine Bearbeitungszusammenfassung
(Datum fix, 5. Mai 2009 + Abstracts + Vortragender + Ankündigung)
Zeile 1: Zeile 1:
=SMS-Ticket Vortrag=
=SMS-Ticket Vortrag=


''Diese Seiten sind in Englisch, da der Vortrag ebenfalls in dieser Sprache gehalten ist und damit der Vortragende ebenfalls hier mitlesen/-editieren kann.''
<div style="font-size:larger;">Das Metalab lädt herzlich zum Vortrag von
[[User:Wilder|Pavol Luptak]] über SMS-Ticket Hacking ein.</div>
: am '''Dienstag''', den '''5. Mai''' 2009, 20:00h<br />
: im Metalab, [[Lage|Rathausstrasse 6]], 1010 Wien




After the last Metaday [[User:Wilder|Pavol]], one of our friends from Bratislava offered to give a presentation about his research into SMS-ticket sytems that are in use for public transport in many big cities like Vienna.
<div style="font-size:larger;">The Metalab warmly invites to a talk from
[[User:Wilder|Pavol Luptak]] about SMS-Ticket hacking.</div>
: on '''Tuesday''', '''May 5th''' 2009, 20:00h<br />
: in the Metalab, [[Lage|Rathausstrasse 6]], 1010 Wien




<b>Abstract</b>


Here is an abstract of the talk
<cite>The primary aim of this presentation is to show a serious inherentvulnerability in the public transport SMS tickets system widely used in many big cities. Firstly, prerequisites for a successful hack are described. Then a proposed SMS ticket hacking network architecture is outlined, including a SMS ticket hack server, SMS ticket mobile hack clients and their encrypted communication protocol. The author describes various partial solutions how to fix this vulnerability including instructions for attackers how to evade them (e.g. by using decentralized private P2P mobile network). Finally, an effective countermeasure is proposed: secure SMS ticket generation methods based on symmetric/asymmetric cryptography and a security improvement of transport inspector’s checking process. Despite the fact that public transport companies have already been informed about this serious vulnerability, they ignore this fact and still use the vulnerable systems.</cite>


''The primary aim of this presentation is to show a serious inherentvulnerability in the public transport SMS tickets system widely used in many big cities. Firstly, prerequisites for a successful hack are described. Then a proposed SMS ticket hacking network architecture is outlined, including a SMS ticket hack server, SMS ticket mobile hack clients and their encrypted communication protocol. The author describes various partial solutions how to fix this vulnerability including instructions for attackers how to evade them (e.g. by using decentralized private P2P mobile network). Finally, an effective countermeasure is proposed: secure SMS ticket generation methods based on symmetric/asymmetric cryptography and a security improvement of transport inspector’s checking process. Despite the fact that public transport companies have already been informed about this serious vulnerability, they ignore this fact and still use the vulnerable systems.''


<b>More about the Speaker</b>


[[User:Wilder|Pavol]] has offered a few dates where he could take his time to give his talk at the Metalab. If you are interested just mark one of the following dates to vote for your preference. After the last [[Metaday_20|Metaday]] Pavol expressed some preference for May the 7th (Tuesday before [[Metaday_21|Metaday 21]]) So if this date is possible for you as well, just vote for it. He will also give this talk at this years [http://2009.confidence.org.pl/lang-pref/en/ Confidence] Conference in Krakow on May 15th and wants to give it at the Metalab before that.
[http://trip.sk/cv/cv-comprehensive.html Pavol's CV]
 
 
'''Available Dates'''
 
4.5 : [[User:zwax|Zwax]], [[User:lfittl|Lukas]]
 
5.5 : [[User:zwax|Zwax]], [[User:lfittl|Lukas]], [[User:scriptythekid|scripty]]
 
6.5 : [[User:ra|ra]], [[User:lfittl|Lukas]]
 
7.5 : [[User:ra|ra]], [[User:zwax|Zwax]]
 
11.5 : [[User:zwax|Zwax]], Aaron

Version vom 29. April 2009, 21:01 Uhr

SMS-Ticket Vortrag

Das Metalab lädt herzlich zum Vortrag von Pavol Luptak über SMS-Ticket Hacking ein.
am Dienstag, den 5. Mai 2009, 20:00h
im Metalab, Rathausstrasse 6, 1010 Wien


The Metalab warmly invites to a talk from Pavol Luptak about SMS-Ticket hacking.
on Tuesday, May 5th 2009, 20:00h
in the Metalab, Rathausstrasse 6, 1010 Wien


Abstract

The primary aim of this presentation is to show a serious inherentvulnerability in the public transport SMS tickets system widely used in many big cities. Firstly, prerequisites for a successful hack are described. Then a proposed SMS ticket hacking network architecture is outlined, including a SMS ticket hack server, SMS ticket mobile hack clients and their encrypted communication protocol. The author describes various partial solutions how to fix this vulnerability including instructions for attackers how to evade them (e.g. by using decentralized private P2P mobile network). Finally, an effective countermeasure is proposed: secure SMS ticket generation methods based on symmetric/asymmetric cryptography and a security improvement of transport inspector’s checking process. Despite the fact that public transport companies have already been informed about this serious vulnerability, they ignore this fact and still use the vulnerable systems.


More about the Speaker

Pavol's CV