About | Buy Stuff | News | Products | Rants | Search | Security
Home » Resources » Rants

Matt & Lenny

Week of 14 June 2001

TOKYO JAPAN 13 June 2001
NTT DoCoMo announced today that it will inform i-mode users about malicious emails that use special commands to make the recipient's handset automatically dial an emergency number, such as '110,' or make calls to large numbers of people, or freeze the screen of their mobile phone.

NTT DoCoMo is advising i-mode users to take following measures to avoid problems with malicious emails:

  1. Do not open emails from unknown senders.
  2. If the mobile phone starts to dial a third party automatically, push the 'Stop (power)' button.
  3. If the mobile phone starts to send emails to third parties automatically, push the 'Clear' button.
  4. If the mobile phone's screen freezes, remove the battery, reinsert it, and then restart the handset.

NTT DoCoMo currently has over 24 million subscribers and plans are underway to hit the US market. DoCoMo offers its subscribers a plethora of services, including back account info from Citibank, news feeds from Bloomberg CNN and Dow Jones, a Disney channel, flight booking info from Northwest Airlines, shipment status info from FedEx, tarot card reading and fortune telling and - AOL.

Any device - cellular phone, picture frame, washing machine, burglar alarm, climate control, anything - that is connected to the Internet is vulnerable to attack, but not many people have given this any thought yet.

Surely the Japanese DoCoMo wasn't prepared either. But it happened. To quote a well-known security guru: 'Give me any system and I will crack it.'

So picture, if you will, the continuation of the Next Door saga:

  • Neither Matt nor Lenny are really defeated as the first film would indicate; after an appropriate period of hibernation and the arrival of Internet gadgetry (which they both fill their houses with) they start attacking one another again.
  • Lenny starts by sending a malicious email to Matt's picture frame (such frames are readily available already today for about $200). Instead of the relaxing pastoral images the frame normally downloads and displays, Lenny changes this to really raunchy BDSM photos from a porn site in Spain.
  • Matt gets pissed, throws out the picture frame as he can't re-program it, and sends an email to Lenny's washing machine. The next time Lenny's wife uses the machine it locks itself into the final spin cycle and refuses to stop.
  • Lenny now retaliates by setting off Matt's burglar alarm system at 3:30 in the morning - wild sirens, flashing lights and an emergency call to the local police department.
  • Matt sends an email to Lenny's sprinkler system to shut it down permanently.

It doesn't take an extremely fertile imagination to see that even sensitive connected systems can be exploited in the same way. While the world is still struggling with the likes of DDoS attacks, technology goes forward and sets up even more potential victims.

If the connected world is to have a future, the devices we use to connect must be secure.

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.