hamradioweb.org

 


Go Back   hamradioweb.org > Discussioni / Areas of discussion > Foreign Visitors Area

Notices

Foreign Visitors Area This area is reserved to all HamRadioWeb forum "foreign" members. All kinds of ham radio related arguments are welcome here ! Please, respect the mandatory language of this subsection: posting is allowed only in english.

Reply
 
Thread Tools Search this Thread
Old 18-08-10, 13:34   #1
IZ0IEN
Moderator
 
IZ0IEN's Avatar
 
Join Date: Nov 2008
Location: Frosinone JN61sp
Posts: 1,695
ROS software remote email flooding vulnerability

Hello,

as I don't receive any reply from Jose Alberto Ros Nieto (http://www.hamradioweb.org/forums/showthread.php?t=7417) , i publish the concept of the vulnerability, reserving to explain the PoC (Proof of Concept) later. Anyway, anyone that read careful the manual and the software feature can understand how to replicate the vulnerability.

The software have a vulnerability that permit to an anonymous user via a radio trasmission to flood a target email with unsolicited messages.
Please note that the vulnerability is on the software and not on the digital mode itself.

The intrinsec anonymity of any kind of radio emission, because most (all? ) of us are unable to trace it in a relatively short slot of time with everyday tools, make possible for the author of the flood to remain anonymous.

The only persons responsible of the flood, from an ISP point of view, are all the people that , acting as a relay from the radio side to the internet side, are sending mails without any control about the final recipient !!!

Some tests carry out an attainable rate of about 50 mails per minute, depends by stations on air and HF propagation.

At present time, all the people that have email parameters configured on current and pasts ROS version are vulnerable.

Workaround: disable e-mail SMTP out parameters.

73,
Cristiano IZ0IEN

Last edited by IZ0IEN; 19-08-10 at 13:49.
IZ0IEN non   collegato   Reply With Quote
Old 04-10-10, 15:44   #2
IZ0IEN
Moderator
 
IZ0IEN's Avatar
 
Join Date: Nov 2008
Location: Frosinone JN61sp
Posts: 1,695
Re: ROS software remote email flooding vulnerability

Quote:
Originally Posted by IZ0IEN View Post
Hello,
as I don't receive any reply from Jose Alberto Ros Nieto (http://www.hamradioweb.org/forums/showthread.php?t=7417) , i publish the concept of the vulnerability, reserving to explain the PoC (Proof of Concept) later.
"later" is now. PoC explained

simply launch the ROS mode program, put *any valid* email address in the trasmitted text field (instead of CQ CQ bla bla bla), and trasmit on the air this email address.

All the stations that are able to receive and decode the email address you trasmit, and have the SMTP out parameters configured, will send an email to this email address with a SWL report. When the band is crowded of ROS'ers, you can peak 30-40 mails to the targeted email address in a single trasmission.

Note, again: if someone complaint about your unsolicited SWL report to your ISP, the only responsible person are the owner of the connection from where the email was sent.

In simple words:

Station A trasmit in ROS mode: leo.tung-lee at north.corea.kr (fantasy email address)
30 OM are listening in ROS with SMTP parameters enabled. Good, 30 mails with SWL reports go straight to leo.tung-lee at north.corea.kr
Mr. Leo Tung-Lee don't have (obviously, in north corea...) an amateur license, nor a trasmission permission, so he complain about those strange emails that he receive with his ISP.

The Korean ISP complain with the 30 ISP of the OM stations sending spam, and someone of the 30 accounts will eventually get blacklisted and suspended.

What's happen to station A , that originate the whole thing ?? Nothing, is *totally stealth*.

You can play this game whenever you want, nope to trace the person that originate the spam, the only sure thing are the IP of the swl reporters.

PS - Mr. Tung-Lee will be eventually judged and prosecuted for illegal trasmissions, because he received 30 SWL reports (joking )

maybe is not a *big* security/privacy flaw, but is a flaw.

Cristiano IZ0IEN
IZ0IEN non   collegato   Reply With Quote
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT +1. The time now is 13:38.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.