maemo.org - Talk
Page 122 of 130 « First 112120121 122 123124 Last »
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Applications (https://talk.maemo.org/forumdisplay.php?f=41)
-   -   [Announce] SMScon (control your device with SMS) (https://talk.maemo.org/showthread.php?t=60729)

makki 2012-06-25 22:07
Re: [Announce] SMScon (control your device with SMS)
 
That would be really cool, though I know I "abuse" smscon somehow (in this case for smarthome-automation but it's a very nice thing..)

And (deleting received SMS-commands) makes also sense in terms of security somehow..

Michael

yablacky 2012-07-12 20:15
Re: [Announce] SMScon (control your device with SMS)
 
smscon 0.10.6-1 has been queued for loading into fremantle extras-devel repository.
  • FIX: COM_ALARM no longer restricted to wav-files. Plays (almost) any sound file type now.
  • NEW: The smscon command has a new option to establish sound files to be used as alarm:
    Code:
    smscon -alarm [ref] filename
    The optional 'ref' keyword tells smscon to refer the file only rather than to copy it into its own storage. Since sound files are large, ref is handy while testing several sounds. You should not use 'ref' to establish the final sound. A filename of '--default' restores standard alarm sound.
  • FIX: Some SMS commands (e.g. silencing the phone, etc) did not work properly if the currently running smscon_daemon was started on phone boot. Since last version this start mode is used for normal start/stop operations as well. As a consequence the bug comes up more often and is fixed now (session dbus was not available for daemon).
  • NEW: New commands COM_SILENTON and COM_SILENTOFF to explicitly silence the phone and to undo silencing (COM_SILENTOFF restores volumes being active before COM_SILENTON).
  • CHANCED: New SIM cards are no longer authorized by default (this happened in the past after smscon sent notification about new SIM). A SIM card must now be authorized explicitly by using smscon-editor or by command line:
    Code:
    smscon -add imsi
    This is not a new command but you have to use it explicitly now. Btw. to revoke authorization of current SIM card use
    Code:
    smscon -remove imsi
  • NEW: A stolen mode. Smscon operates in stolen mode automatically if the SIM card is not authorized (e.g. is a new SIM) or if the SIM PIN of an authorized SIM was not correct or if there is no SIM card et all. For those regularly using their N900 without SIM card there is a new STOLENIFNOSIM user setting to change no-SIM behaviour.
  • NEW: New command COM_STOLEN to enable stolen mode explicitly. This command may be used in case the phone got lost or stolen with authorized SIM inserted and valid PIN code already entered. The command revokes authorization from all SIM cards even your own SIM that is now being used by finder or thief. In case you got your phone back, you have to grant authorization for your SIM card again.
  • FIX: Keyboard slider detection and battery charge info is now sent in stolen mode, only.
  • NEW: Rotated smscon.log file. The smscon.log file is now limited to roughly 100 KB size. Log will flood into smscon.log.1, smscon.log.2 etc until smscon.log.5 files. Older log entries will be removed. This ensures that smscon occupies a limited and deterministic size of disk space only (round about 600KB).
  • FIX: A bug in decoding incoming SMS messages has been fixed. The bug leads to failures in command detection. Happend to SMS messages of 7 chars length (and multiples of 7).
  • NEW: Delete incoming SMS from chat history if it was a valid smscon command.

Further notes:
  • Deletion of incoming SMS from chat does not yet prevent the SMS to show up temporarily as "just arrived SMS". Unfortunately.
  • TrueCrypt: The idea is as follows:
    smscon provides a new command line option to supply a password-B to access encrypted data (e.g. mount container or partition). This password-B is generated from a password-A (provided by regular user) which is somehow modified/signed using the IMSI (and perhaps IMEI). Password-A may be stored plain text on phone. It is needless without having entered the correct SIM PIN because IMSI is only available with SIM PIN.

    Given this, the correct SIM PIN could open the phone completely including access to TrueCrypt data. Without PIN the phone offers only irrelevant or encrypted data.

    Since IMSI in this concept becomes a key to encrypted data, smscon 0.10.6-1 will no longer store IMSI codes to detect authorized SIM cards.
  • I will update wiki after getting some feedback here and - may be - making some corrections.

Saturn 2012-07-12 21:51
Re: [Announce] SMScon (control your device with SMS)
 
Release of SMSCON Editor 0.10.6-1 in extras-devel

Changes:
  • NEW: Added new SMSCON commands COM_SILENTON, COM_SILENTOFF and COM_STOLEN
  • CHANGE: Follow changes in smscon_boot file.
  • CHANGE: Rename buttons for Add/Remove IMSI to Authorize/De-authorize SIM

Estel 2012-07-13 15:58
Re: [Announce] SMScon (control your device with SMS)
 
yablacky, while idea of using IMSI as an de-facto key for truecrypt - isn't it offering too low security? It's numbers only - I don't have hard data with me, but bruteforcing it would be orders of magnitude easier, than any TrueCrypt password should be - yep?

Isn't it becoming security through obscurity (i.e. relying on fact, that attacker doesn't know - usually - way used to deliver password from PIN and IMSI)?

Take this with grain of salt, as I don't know details yet :)

/Estel

yablacky 2012-07-13 17:06
Re: [Announce] SMScon (control your device with SMS)
 
Quote:
Originally Posted by Estel (Post 1237073)
yablacky, while idea of using IMSI as an de-facto key for truecrypt - isn't it offering too low security? It's numbers only - I don't have hard data with me, but bruteforcing it would be orders of magnitude easier, than any TrueCrypt password should be - yep?

Isn't it becoming security through obscurity (i.e. relying on fact, that attacker doesn't know - usually - way used to deliver password from PIN and IMSI)?
The IMSI is a 15-digit number, appox. 50 bits. I agree, this nowadays is not very secure against brute force attacks.

I tried a lot to access other data on the SIM which requires PIN, e.g. the address book. This could provide more bits to the key. I just had no success yet to query the SIM phone book programmatically :( Has anybody tried this successfully? It could help a lot.

On the other hand, some may find that 50 bits are enough for their data on the phone. The usual thief or finder would not try to crack it brute force. Those having real sensitive data should of course not protect data using a 15 digit number...

Estel 2012-07-13 21:12
Re: [Announce] SMScon (control your device with SMS)
 
I agree, that it may be enough for thing like private photos or content of addressbook. Other things may be encrypted in a way, that it isn't auto-mounted on boot.

But, I fail to understand, how it helps us to avoid need for lock code kicking in every 5, 15, or 30 minutes? If we have our device in use without lock code auto-lock feature, thief can access our encrypted data, because it's mounted on boot, anyway. OTOH, if we use auto-lock code, we can't use smsCON after reboot. That was the deal.

I'm too slow, or it is not this stage yet?

/Estel

Kabouik 2012-07-14 13:26
Re: [Announce] SMScon (control your device with SMS)
 
Any chance this awsome app would be ported to N9(50) someday? I may really miss it someday if my N9 get lost/stolen. :/

yablacky 2012-07-14 16:01
Re: [Announce] SMScon (control your device with SMS)
 
Quote:
Originally Posted by Estel (Post 1237189)
...

But, I fail to understand, how it helps us to avoid need for lock code kicking in every 5, 15, or 30 minutes? If we have our device in use without lock code auto-lock feature, thief can access our encrypted data, because it's mounted on boot, anyway. OTOH, if we use auto-lock code, we can't use smsCON after reboot. That was the deal.

I'm too slow, or it is not this stage yet?
You're alright :) It isn't that far yet. But it's ongoing. Today I found a way to move the device lock question behind the pin-code question :D This way device locking on boot does not prevent smscon operation. It works pretty nice but yet has some pitfalls that need some work.

willi6868 2012-07-14 16:47
Re: [Announce] SMScon (control your device with SMS)
 
Quote:
Originally Posted by Kabouik (Post 1237428)
Any chance this awsome app would be ported to N9(50) someday? I may really miss it someday if my N9 get lost/stolen. :/
It would be great to have SMSCon on N9 :)

See page 114 or this post. :)

zimon 2012-07-14 20:39
Re: [Announce] SMScon (control your device with SMS)
 
Quote:
Originally Posted by yablacky (Post 1237098)
The IMSI is a 15-digit number, appox. 50 bits. I agree, this nowadays is not very secure against brute force attacks.

I tried a lot to access other data on the SIM which requires PIN, e.g. the address book. This could provide more bits to the key. I just had no success yet to query the SIM phone book programmatically :( Has anybody tried this successfully? It could help a lot.

On the other hand, some may find that 50 bits are enough for their data on the phone. The usual thief or finder would not try to crack it brute force. Those having real sensitive data should of course not protect data using a 15 digit number...


Having more than 15 digits as a truecrypt password is a MUST though. It is way too easy to brute force and anyone could find instructions on the web by asking. Having other info from SIM card behind PIN code is good idea in that case to increase the password length.

Of course three letter agencies, police, operators and those have no problem finding out your IMSI.

Can IMSI be retrieved and SIM-card opened by hacking somehow maybe? Actually there is only 10000 keys to brute force, but normally SIM-card gets locked down after 3 wrong PIN-code attempts.

btw, is there any reason why smscon password has to be in plain text anywhere?


All times are GMT. The time now is 23:13.
Page 122 of 130 « First 112120121 122 123124 Last »
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8