About these ads

Archive

Posts Tagged ‘Blackberry’

The Missing BlackBerry Of Dominique Strauss-Kahn

November 28, 2011 2 comments

Examples in which political news provide hints for Information Security are happening too often (think for instance to the UK Phone Hacking Scandal). The latest comes from the affair involving Dominique Strauss-Kahn and his alleged sexual encounter with a maiden during the horrible day of May, 14th 2011. The details which are being disclosed on that story show that the BlackBerry owned by DSK played a crucial role in the event, both because it had likely been hacked, and because it was used as a decoy to catch DSK at the airport.

All the traditional ingredients of Mobile Security are mixed up in this story: a device used for both personal and business purposes, which is hacked and whose stolen information is used to harm the victim.

The details were given on Friday, the 25th of November, when Financial Times published an anticipation of an investigation carried on by the journalist Edward Epstein to be published in full by the New York Reviews of Books. The investigation tells with an unprecedented level of details the two hours that sank Dominique Strauss-Kahn and wrecked his political career on May, 14th 2011 during his stay at the Sofitel New York Hotel, and the alleged sexual assault encounter with Nafissatou Diallo, the maid he had encountered in the presidential suite.

DSK was then head of International Monetary Fund and leading Socialist Contender against Nicolas Sarkozy (well ahead him in opinion polls) for the French Presidential Election in April 2012. As known the aftermaths of the scandal (although all the charges were dismissed by the prosecutor on August 23rd, 2011) destroyed his political ambitions for the rush at the French Presidential Chair.

The account of Edward Epstein reveals several shadow zones which seem to support the hypothesis according to which DSK was the victim of a plot (for instance the strange visits of Nafissatou Diallo to room 2820, a room on the same floor of the Presidential Suite borrowed by DSK, whose occupant’s identity was never released by Sofitel on grounds of privacy).

You may guess at this point what this history has to deal with Information Security. Well, it has much to deal with, since one of the Shadow Zones just concerns one of DSK’s Blackberry cell phones, the one he called IMF Blackberry, used to send and receive texts and e-mails for both personal and IMF business, which DSK believed had probably been hacked, and which has not been found since then. Moreover the lost BlackBerry was used as a decoy to catch him on board of Flight 23, few minutes before living for Paris.

If you think the mobile security risks are exaggerated and the promiscuous use of mobile devices for personal and professional purposes is not harmful and do not constitute a security hazard, you should better read the following lines.

The account of Mr. Epstein tells that, the morning of May, the 14th, DSK had received a text message from Paris from a woman friend temporarily working as a researcher at the Paris offices of the UMP, Sarkozy’s political party. The message warned him that at least one private e-mail he had recently sent from his BlackBerry to his wife, had been read at the UMP offices in Paris. It is unclear how the UMP offices might have received this e-mail, but if it had come from his IMF BlackBerry, he had reason to suspect he might be under electronic surveillance in New York.

At 10:07 AM he called his wife in Paris on his IMF BlackBerry, telling her of his problem. He asked her to contact a friend who could arrange to have both his BlackBerry and iPad examined by an expert. An exam that would never happen for his Blackberry…

The call records show that DSK used his IMF BlackBerry for the last time at 12:13 PM to tell his Daughter Camille he would be late for lunch. This happened approximately 7 minutes after the maiden entered his room, which occurred at 12:06 PM according to Hotel key records, and most of all after the controversial encounter, likely occurred in this Time Interval, which is still a matter of dispute.

DSK realized his IMF BlackBerry was missing only nearly two hours later, at 14:15 PM while going to the Airport in taxi. At the beginning he believed he had left the cellphone to the Restaurant and immediately called his daughter (with a spare mobile phone) asking her to go back there for a check. The footage at the Restaurant shows that she effectively went there looking for the lost object. Of course she was not able to find it and at 14:28 PM she sent him a message indicating she could not find it.

At 15:01 PM, while approaching the airport, DSK was still attempting to find his missing phone, calling it from his spare with no answer. According to the records of the BlackBerry company, the IMF device had been disabled at 12:51 PM.

At 15:29 PM, he called the hotel from the taxi, indicating his room number and giving a phone number, so that he could be called back, in case his phone was found.

Thirteen minutes later he was called back from a hotel employee who was in the presence of a police detective. The hotel employee falsely told him that his phone had been found and asked where it could be delivered. DSK told him that he was at JFK Airport and that he had a problem since his flight left at 4:26 PM. He was reassured that someone could bring it to the airport in time, so he gave her the Gate and Flight number which allowed the police to call DSK off the plane and take him into custody at 4:45 PM.

 DSK’s BlackBerry is still missing and the records obtained from BlackBerry show that the missing phone’s GPS circuitry was disabled at 12:51 PM. Probably the cell phone was “lost” inside the Sofitel, for sure this occurrence has prevented DSK to verify if he was under surveillance or not.

The reasons why DSK was so concerned about the possible interception of his messages on this BlackBerry are not clear even if Epstein suggests a couples of scenarios. The phone could contain some embarrassing information related to the scandal occurred to Carlton Hotel in Lille where high-class escort women were allegedly provided by corporation to government officials (I believed this kind of affair only happened in Italy)  (DSK denies that he was connected to the prostitution ring.). Otherwise his concern could also derive from other matters, related to his IMF role, such as the sensitive negotiations he was conducting for the IMF to stave off the euro crises.

Still doubtful about Mobile Security Risks?

About these ads

Riot In Motion

August 10, 2011 3 comments

As an (in)direct consequence of the London Riots, a crew of hackers called TeaMp0isoN has defaced the The Official BlackBerry Blog after RIM has indicated to assist London police, who are investigating the use of the messaging service in organizing riots, with a “very extensive monitoring of the BlackBerry Messenger model”.

The availability of BBM (Black Berry Messenger), a closed messaging system for one-to-one or one-to-many (encrypted!) communications at no charge, has made BlackBerry a very popular device among U.K. teens, who are believed to be the major responsible for the riots which have hit British streets. As a consequence BlackBerry Messenger is believed to have played a key role for rioters to organize themselves.

Since the Company decided to support the Police to contain the riot, granting access to BBM data and logs, it did not take so long for a resounding retaliation by the above quoted hacker group.

Curiously shortly after the attack, MP called for BlackBerry Messenger suspension to calm UK riots, and albeit this is claimed as a victory from rioters, I cannot help but notice that it is really a paradox: the whole story is a consequence of the need for authorities to extensively monitor BBM and the same authorities now ask for a complete lockdown of BBM which might be the ultimate remediation to stop the riots).

In my opinion, this hactivism event can be seen from a double perspective: at first glance this is only the last episode of hactivism, whose actions and impacts are nowadays natural extensions in the fifth virtual domain for wars and revolutions crossing the borders of the real world. But a second deeper analysis shows surprising and, somewhat, unexpected consequences.

The event was a consequence of the attempt by authorities to deprive rioters of their weapons, that is mobile technologies. Said in simple words, we are seeing a kind of  Consumerization of Riots (the western world equivalent of what I defined Consumerization of Warfare that is the influence played by consumer technologies, mobile and social networks in primis, for spreading the riots in  Middle East). Of course with the obvious difference of scopes and geography.

But if the contemporary use of both mobile technologies, for communicating and coordinating, and Social Media for virally spreading information useful for the cause (tweets like weapons), is a (quite) common and consolidated practice whose primary role has been recognized for the revolutions of Maghreb and Middle East, what is completely new is, for the first time, the impact and the price (to be) paid by the technology vendor, in this case RIM, (in)directly involved in the events. As a matter of fact RIM is suffering heavy aftermaths, which will not likely end here.

Not only the Waterloo based company was hacked with a resounding defacement, with huge consequences in terms of image, but also the brand seriously risks to be negatively associated with rioters, which could lead to further negative impacts for the brand, with possible consequences in terms of sells.

Is this maybe the reason why Twitter refused to shut down the accounts of the London rioters, besides the blog post according to which Tweets must always flow?

P.S. From an Information Security Perspective…

Several Information Security blogs were wondering if hackers managed to post on BlackBerry’s blog because of a software vulnerability, or because one of their administrators had his password cracked. In my opinion several tweets from TeaMp0isoN seems to confirm the first hypothesis:

Try to find out how we got in and patch…

L’Androide (Virtuale)? E’ Tutto Casa e Lavoro

February 16, 2011 2 comments

In questi i giorni i fari multimediali del mondo sono puntati verso Barcellona, dove si sta svolgendo il Mobile World Congress 2011.

Il lancio dei nuovi tablet ed i commenti del “giorno dopo” relativi alla Santa Alleanza tra Nokia e Microsoft (inclusa l’ostinazione di Intel nel perseguire il progetto MeeGo), l’hanno fatta da padroni. Tuttavia, accompagnato dalla mia immancabile deformazione professionale sono andato alla ricerca, tra i meandri dell’evento, di un qualcosa che non  fosse la solita presentazione di prodotti. Da qualche giorno difatti un tarlo mi assilla, inconsapevolmente incoraggiato dai buchi di sicurezza che, quotidianamente, i ricercatori di tutto il globo scoprono all’interno dei terminali, siano essi Cuore di Mela o Cuore di Androide.

In effetti sembrerebbe proprio che i nostri dati e la nostra vita (professionale e personale), che sempre di più affidiamo a questi oggetti, siano sempre meno al sicuro. Probabilmente, come più volte ripetuto (ma forse mai abbastanza) il peso maggiore di questa insicurezza è da imputare ai comportamenti superficiali degli utenti che, una volta abituatisi alla velocità, comodità e potenza dello strumento, ne dimenticano i limiti fisici ed il confine che separa l’utilizzo personale dall’utilizzo professionale. In teoria la tecnologia dovrebbe supportare l’utente per il corretto utilizzo professionale, tuttavia proprio in questo punto giace il paradosso: il secondo fattore che minaccia la diffusione di smartphone e tablet per un uso massiccio professionale consiste proprio nel fatto che, con l’eccezione della creatura di casa RIM, il famigerato Blackberry, i terminali di casa Apple e Android non sono stati nativamente concepiti per un uso esclusivamente professionale, ma hanno successivamente ereditato funzioni di tipo enterprise costrette a convivere con le altre funzioni del terminale meno adatte all’attività lavorativa (in termine tecnico si chiamano frocerie).

Questo fenomeno è noto come consumerization dell’information technology, ed è uno dei cavalli di battaglia con cui i produttori di sicurezza puntano il dito verso i produttori di tecnologia mobile, e più in generale verso tutte le tecnologie prestate dall’uso di tutti i giorni all’uso professionale (e ora capisco perché i telefoni della serie E di Nokia erano sempre una versione software indietro rispetto agli altri). Alle vulnerabilità di cifratura, delle applicazioni malandrine che escono dal recinto della sandbox, dei vari browser e flash (e perché no anche alla mancanza di attenzione degli utenti), i produttori di sicurezza dovranno porre rimedio, presumibilmente introducendo un livello di protezione aggiuntivo che recinti le applicazioni e le vulnerabilità troppo esuberanti e protegga i dati sensibili dell’utente, più di quanto il sistema operativo e i suoi meccanismi di sicurezza nativi riescano a fare.

L’ispirazione mi è venuta qualche settimana fa, leggendo il Cisco 2010 Annual Security Report, ed in particolare un passaggio ivi contenuto:

Mobility and Virtualization Trends Contributing to Renewed Focus on Data Loss Prevention

Ovvero la prossima frontiera della mobilità sarà proprio il DLP, in termini tecnologici e di conformità (procedure e tecnologie di DLP hanno sempre alla base necessità di compliance). Nel mondo mobile le due strade convergono inevitabilmente: il primo passo per una strategia di protezione dei dati e di separazione netta tra necessità personali e professionali si snoda attraverso la virtualizzazione del Sistema Operativo Mobile: un argomento che avevo già affrontato in un post precedente e per il quale mi sono chiesto, dopo l’annuncio dello scorso anno di Vmware e LG, se al Mobile World Congress 2011, sarebbero arrivate novità.

Il mio intuito ha avuto ragione e mi sono imbattuto in questo video in cui Hoofar Razivi, responsabile Vmware del product management, ha dimostrato, durante l’evento, l’utilizzo dell’applicazione di virtualizzazione sul dispositivo LG Optimus Black, sfoggiando uno switch semplice ed istantaneo tra i due sistemi operativi (Android ospitante e la versione Android embedded di Vmware) senza necessità di effettuare il reset del dispositivo.

Il terminale è così in grado di ospitare due versioni del sistema operativo: una personale, ed una professionale controllata centralmente dall’Organizzazione. Le policy che è possibile controllare nell’Androide professionale includono ad esempio la disabilitazione del cut and paste per prevenire la copia di dati sensibili, la disabilitazione di fotocamera, GPS e il Bluetooth. Esiste inoltre un client VPN interno e, come ulteriore protezione, i dati dell’Androide professionale, la cui immagine è cifrata in condizioni normali e può risiedere anche nella scheda SD, possono inoltre essere cancellati remotamente.

L’applicazione, che sarà sugli scaffali nella seconda metà di quest’anno, non dipende dal sistema operativo sottostante e può essere resa disponibile in modalità Over-The-Air, così può virtualmente funzionare su qualsiasi terminale (a patto che abbia abbastanza risorse). E’ molto probabile che sarà disponibile anche per altri sistemi operativi, sulla scia anche di quanto fatto da RIM che sta per presentare la propria soluzione BlackBerry Balance, concepita per gestire in maniera separata le informazioni personali e quelle aziendali all’interno di una Mora RIM.

Alla fine sembra proprio che, almeno nel mondo mobile, la virtualizzazione servirà per aumentare il livello di sicurezza dei dispositivi.

My BlackBerry Is Not Working

December 30, 2010 1 comment

Segnalo questa divertente parodia relativa ai problemi di funzionamento di una mora (blackberry in inglese) e una mela (apple), senza perdere di vista un’arancia (orange, operatore mobile inglese) ed infine una scatola di uova (Eggs Box, che suona come Xbox, decisamente la mia preferita).

Il filmato è in inglese, esilarante in lingua originale. ma anche con i sottotitoli si apprezzano ugualmente i giochi di parole.

A questo link il video con i sottotitoli.

 

– I bought something from you last week, and I’m very disappointed.

– Oh yeah? What’s the problem?

– Yeah, well, my blackberry is not working.

– What’s the matter, it run out of juice?

– No, no, it’s completely frozen!

– Oh, yeah, I can see that. I tell you what: let’s try it on orange.

– That’s got a few black spots, you see…

– Oh, dear, yes. Sorry about that.

– Well, is there anything I can do to get my blackberry working?

– Well, could be an application issue. Where’d you store that Blackberry?

– Well, it was on my desktop.

– Well, you could try using a mouse to drag the blackberry to the trash. Then after you’ve done that, you might wanna launch the blackberry from the desktop.

– Well, I’ve already tried that a few times. I mean, all it did was mess up windows.

– Well, it might be worth waiting a couple of weeks. They’ve got the latest blackberries coming in then.

– Well, could you give me a date?

– Certainly.

– Let me put that date in my diary.

– Anything else I can help you with?

– Yes, yes. I’ve also got a problem, to be honest, with my apple.

– Oh, dear, oh, dear. That is an old apple, isn’t it?

– Yeah. – When’d you buy that?

– Last week.

– Last week? They’ve brought out two new apples since then!  What’s the problem with it?

– Well, I tried to put my dongle in it… And it won’t fit.

– Oh, yeah. And how big’s your dongle?

– Well, I don’t know much about these things, but my wife’s seen a few dongles in her time..  And she says a little bit on the small side.

– Well, I’m afraid there’s not a lot I can do about that. Tell you what: let me try booting it. [glass shatters] Now it’s crashed.  Anything else I can help you with?

– Well, funnily enough, yes. My grandson’s birthday’s soon.

– Oh, yeah.

– Now, he’s already got an apple and a blackberry. I mean, have you got anything else that he might just like?

– Well, we’re doing a special offer on these. I mean, I can’t make head or tail of them, but the kids seem to like them.

– Oh yeah? – “Eggs box,” £3.60.

Categories: Mobile Tags: ,

Aggiungi un posto a tavola…

December 27, 2010 2 comments

Purtroppo alla fine non ce l’ho fatta e mi è toccata l’ingrata sorte di consumare il pranzo di Natale con il Blackberry Curve 8900 di mio fratello a capotavola. In effetti i tortellini con il brodo (di rigore il giorno di Natale) e la tradizionale Salsiccia Matta mi sono andati un po’ di traverso.

Comunque le cose sono andate in modo lineare sin dall’inizio. Già le difficoltà di consegna erano state un presagio da non sottovalutare, ad ogni modo, non appena me lo sono trovato davanti, lo smartphone ha subito mostrato segni di squilibrio: non c’era modo di far funzionare le suonerie e nemmeno un utente smaliziato come me è riuscito a venirne a capo. Per la cronaca, il problema si è risolto spontaneamente, senza alcun intervento, qualche minuto dopo.

Ma la cosa divertente è stata quando abbiamo provato a visualizzare un file pdf. Non esiste alcun lettore di default, ma in compenso l’App Store offre diverse alternative al misero costo di 13 euro. Fortunatamente (e un motivo c’è!) non sono pratico di Blackberry e grazie alla solita ricerca su Google ho scoperto che per aprire un file pdf senza acquistare lettori dallo store è sufficiente (sigh!) inviarselo via mail e guardare la versione renderizzata dal BES. Inutile aggiungere che il mio HTC Desire offre ben due lettori pdf inclusi.

Comunque tutto questo non è bastato, il brother ha preso alla lettera il sondaggio ed è intenzionato a tenersi il Blackberry.

Meno male che oggi mi sono imbattuto in un interessantissimo articolo di Fortune, in cui viene indicato che il 2011 sarà l’anno di Android e il sistema operativo Verde esploderà, ai danni degli utenti iPhone, portandosi dietro una prevedibile discesa dei prezzi. Chissà magari potrà aprofittarne e destinare il Blackberry ad un prematuro meritatissimo riposo.

Meno male che il dolce sono andato a prenderlo ad un altro pranzo, dove mi sono potuto riappacificare con il mondo ammirando lo splendido Galaxy S del mio amico…

Categories: Mobile Tags: , , ,

Gli Uomini Preferiscono le bionde… (E Gli Androidi…)

December 4, 2010 Leave a comment

Una recente sondaggio di Nielsen disegna un interessante quadro sulle preferenze e intenzioni di acquisto di smartphone negli Stati Uniti. In sostanza suddividendo le intenzioni di acquisto tra maschietti e femminucce si scopre che il gentil sesso preferisce decisamente la creatura di Steve Jobs. Le intenzioni di acquisto si invertono se si considerano i maschietti, le cui preferenze vanno di gran lunga per l’Androide Verde di Mountain View. Senza contare gli indecisi, agli altri, per ora, rimangono le briciole (o quasi…)

 

La Corsa Dell’Androide

December 2, 2010 1 comment

Secondo una recente analisi di IDC, l’Androide Verde di Mountan View si appresta a superare il gigante di Espoo nel Vecchio Continente a livello di vendite di Smartphone. Nel 3Q del 2010 Nokia deteneva ancora il primato nel mercato  dell’Europa Occidentale con il 34% del mercato, seguita dalla Mela Morsicata con il 24% e l’Androide Verde al 23%. Lo scenario è destinato a cambiare nel prossimo trimestre in quanto l’analista Fransciso Jeronimo prevede che il sistema operativo mobile di Google si posizionerà stabilmente al primo posto (a livello mondiale detiene già il secondo posto alle spalle di Symbian) sospinto dal rilascio imminente di Android 2.3 Gingerbread.

Per quanto riguarda i produttori di smartphone equipaggiati con l’Androide, i terminali HTC continuano ad essere il desiderio (Desire) degli utenti, e spingono il colosso di Taiwan al primo posto con il 39%, seguono a ruota Sony Ericsson e Samsung rispettivamente con il 27% e 14%.

Da notare nell’articolo le percentuali irrisorie di Windows Mobile. Riuscirà il Colosso di Redmond a recuperare il ritardo? Nel frattempo vi ricordo il fantastico sondaggio.

Follow

Get every new post delivered to your Inbox.

Join 3,088 other followers