sorry if I've top-posted this... ......Back to the point. When I started this thread it wasn't meant to be a iOS vs Android rant. I was looking for facts....and so, since I'm Android, I'll mess around and post what I dig up. I hope some more users across the divide can do the same. If anything, just for fun..... BR S On 4/23/11, Kinuthia Ngugi <kinuthia.ngugi@gmail.com> wrote:

I think if Android devices were found to be doing this it wont be much of a fuss, after all android has very strong open source thus geek community roots...this is normally taken as a shameless excuse to do all sorts things and get away with it :) :)..... But iPhone doing this kind of thing after some sort of rogue update and not declaring??? Walalalala!!....

On Sat, Apr 23, 2011 at 8:59 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:

...

On a lighter note, Windows and RIM have come out protesting that no one is bothering to find out if they are secretly tracking users. Both firms have promised to pay anyone who proves that they are secretly tracking users too. link not available

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- This message represents the official view of the voices in my head.

That makes this guys theory <http://reflextor.com/trac/a51> correct...that *A/51 encryption* is a toast!....:)...this could be the next big infiltration point.... On Tue, Apr 26, 2011 at 2:38 PM, John Gitau <jgitau@gmail.com> wrote:

actually its not just androids and Iphones, any phone with gps can 'track' you...Im not sure how much info you need but: but the US several years back made it a requirement that cellphones making 911 calls also send their locations or have the ability to avail it, this was built into the baseband processor - the specs were defined on 3GPP TS 04.31. the specification was called RRLP - radio resource location services. http://en.wikipedia.org/wiki/RRLP

Unfortunately for you, this communication is not authenticated. RRLP is to say the least one of the most dangerously open protocols out there - gsm (well the baseband processor) is full of them -. fortunately for you, people/governments are not interested in hacking gsm networks and phones yet...if you're a criminal however....just use that torch with a phone:-)

Apple and Android probably just have apps sitting on top of this, but all gps enabled gsm phones are a risky affair...steve if you need more details on the baseband processor/gps and maybe a few papers you know where to reach me..

JGitau On Sat, Apr 23, 2011 at 11:45 PM, Kinuthia Ngugi <kinuthia.ngugi@gmail.com> wrote:

...

I think if Android devices were found to be doing this it wont be much of a fuss, after all android has very strong open source thus geek community roots...this is normally taken as a shameless excuse to do all sorts things and get away with it :) :)..... But iPhone doing this kind of thing after some sort of rogue update and not declaring??? Walalalala!!....

On Sat, Apr 23, 2011 at 8:59 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:

...

On a lighter note, Windows and RIM have come out protesting that no one

is

...

bothering to find out if they are secretly tracking users. Both firms have promised to pay anyone who proves that they are secretly tracking users too. link not available _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- **Gitau _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- --Cursed be the day I was born if I do not learn a new thing today--*Chinese Saying* Regards, Adams John Opiyo.

On a similar note, a very interesting account of the Athens Affair, for those who maybe patient to read through. Goes to show what can be done by a determined person; http://spectrum.ieee.org/telecom/security/the-athens-affair/1 On Tue, Apr 26, 2011 at 9:29 PM, Kinuthia Ngugi <kinuthia.ngugi@gmail.com>wrote:

The A5/1 crack is not a theory, it's a reality and those guys in that link demonstrated this sometime last yr. However, what was apparent was that to achieve an actual tap is a very complicated and expensive affair, so much so that to exploit it in any meaningful way would require organized entities with unlimited resources (such as government security agencies). Infact, not far fetched conjecture within industry circles has always suggested that all the current A5/* GSM ciphering algorithms were cracked long ago by some agencies (Mossad is a prime suspect), its just that it's not in the public domain.

On Tue, Apr 26, 2011 at 7:59 PM, John Adams <adams.opiyo@gmail.com> wrote:

...

That makes this guys theory <http://reflextor.com/trac/a51>correct...that *A/51 encryption* is a toast!....:)...this could be the next big infiltration point....

On Tue, Apr 26, 2011 at 2:38 PM, John Gitau <jgitau@gmail.com> wrote:

...

actually its not just androids and Iphones, any phone with gps can 'track' you...Im not sure how much info you need but: but the US several years back made it a requirement that cellphones making 911 calls also send their locations or have the ability to avail it, this was built into the baseband processor - the specs were defined on 3GPP TS 04.31. the specification was called RRLP - radio resource location services. http://en.wikipedia.org/wiki/RRLP

Unfortunately for you, this communication is not authenticated. RRLP is to say the least one of the most dangerously open protocols out there - gsm (well the baseband processor) is full of them -. fortunately for you, people/governments are not interested in hacking gsm networks and phones yet...if you're a criminal however....just use that torch with a phone:-)

Apple and Android probably just have apps sitting on top of this, but all gps enabled gsm phones are a risky affair...steve if you need more details on the baseband processor/gps and maybe a few papers you know where to reach me..

JGitau On Sat, Apr 23, 2011 at 11:45 PM, Kinuthia Ngugi <kinuthia.ngugi@gmail.com> wrote:

...

I think if Android devices were found to be doing this it wont be much of a fuss, after all android has very strong open source thus geek community roots...this is normally taken as a shameless excuse to do all sorts things and get away with it :) :)..... But iPhone doing this kind of thing after some sort of rogue update and not declaring??? Walalalala!!....

On Sat, Apr 23, 2011 at 8:59 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:

...

On a lighter note, Windows and RIM have come out protesting that no

one is

...

bothering to find out if they are secretly tracking users. Both firms have promised to pay anyone who proves that they are secretly tracking users too. link not available _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- **Gitau _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- --Cursed be the day I was born if I do not learn a new thing today--*Chinese Saying*

Regards, Adams John Opiyo.

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

I think in a bid not to be left out and also to feel ' competitive' Microsoft just came clean on collecting location data. http://packetstormsecurity.org/news/view/19060/Microsoft-Admits-That-Windows... <http://packetstormsecurity.org/news/view/19060/Microsoft-Admits-That-Windows-Phone-7-Collects-Location-Data.html> -ty On Wed, Apr 27, 2011 at 9:30 AM, John Gitau <jgitau@gmail.com> wrote:

hmm...Kinuthia, I agree and sort of disagree with you on who has access to the technologies. True, the biggest beneficiaries are governments.

The trick here is to figure out the motivation behind trying to 'crack' the security or lack of it. Who would have imagined trying to crack standard 802.xx wireless networks in the past. GSM hardware is slowly becoming commoditized. You are now using gsm/umts to do millions in transactions from Mpesa to ATM's....currently you can get firmware for a baseband processor, FREE, you can build in your house today a small gsm network for tests or whatever, for less than 1000 USD...my point is...don't ignore this (well you cant do much about it, but have it at the back of your mind) - and if a criminal, ditch the cellphone:-)....the ATM you go to is probably using GSM/UMTS:-), so is your MPESA and whatever mobile money transfer you use....

You still think there's no motivation to invest in this stuff....:-)

JGitau

On Tue, Apr 26, 2011 at 9:53 PM, Kinuthia Ngugi <kinuthia.ngugi@gmail.com> wrote:

...

On a similar note, a very interesting account of the Athens Affair, for those who maybe patient to read through. Goes to show what can be done by a determined person;

http://spectrum.ieee.org/telecom/security/the-athens-affair/1

On Tue, Apr 26, 2011 at 9:29 PM, Kinuthia Ngugi < kinuthia.ngugi@gmail.com> wrote:

...

The A5/1 crack is not a theory, it's a reality and those guys in that

link

...

demonstrated this sometime last yr. However, what was apparent was that to achieve an actual tap is a very complicated and expensive affair, so much so that to exploit it in any meaningful way would require organized entities with unlimited resources (such as government security agencies). Infact, not far fetched conjecture within industry circles has always suggested that all the current A5/* GSM ciphering algorithms were cracked long ago by some agencies (Mossad is a prime suspect), its just that it's not in the public domain.

On Tue, Apr 26, 2011 at 7:59 PM, John Adams <adams.opiyo@gmail.com> wrote:

...

That makes this guys theory correct...that A/51 encryption is a toast!....:)...this could be the next big infiltration point....

On Tue, Apr 26, 2011 at 2:38 PM, John Gitau <jgitau@gmail.com> wrote:

...

actually its not just androids and Iphones, any phone with gps can 'track' you...Im not sure how much info you need but: but the US several years back made it a requirement that cellphones making 911 calls also send their locations or have the ability to avail it, this was built into the baseband processor - the specs were defined on 3GPP TS 04.31. the specification was called RRLP - radio resource location services. http://en.wikipedia.org/wiki/RRLP

Unfortunately for you, this communication is not authenticated. RRLP is to say the least one of the most dangerously open protocols out there - gsm (well the baseband processor) is full of them -. fortunately for you, people/governments are not interested in hacking gsm networks and phones yet...if you're a criminal however....just use that torch with a phone:-)

Apple and Android probably just have apps sitting on top of this, but all gps enabled gsm phones are a risky affair...steve if you need more details on the baseband processor/gps and maybe a few papers you know where to reach me..

JGitau On Sat, Apr 23, 2011 at 11:45 PM, Kinuthia Ngugi <kinuthia.ngugi@gmail.com> wrote:

...

I think if Android devices were found to be doing this it wont be

much

...

...

...

of a fuss, after all android has very strong open source thus geek community roots...this is normally taken as a shameless excuse to do all sorts things and get away with it :) :)..... But iPhone doing this kind of thing after some sort of rogue update and not declaring??? Walalalala!!....

On Sat, Apr 23, 2011 at 8:59 PM, Dennis Kioko <dmbuvi@gmail.com> wrote: > > On a lighter note, Windows and RIM have come out protesting that no > one is > bothering to find out if they are secretly tracking users. Both firms > have > promised to pay anyone who proves that they are secretly tracking > users > too. > link not available > _______________________________________________ > Skunkworks mailing list > Skunkworks@lists.my.co.ke > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- **Gitau _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- --Cursed be the day I was born if I do not learn a new thing today--Chinese Saying

Regards, Adams John Opiyo.

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- **Gitau _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke