About these ads

Archive

Posts Tagged ‘Mobile phone’

Phonarchy in the U.K.

July 15, 2011 1 comment

It looks like that the Perfidious Albion is not what one should exactly define a Paradise for Mobile Security. Not only the echoes of the Scandal concerning “voicemail hacking” led the infamous tabloid News Of the World to close on Sunday, the 10th of July 2011, and Rebekah Brooks to resign as CEO of News International today; but also the flow of events has unexpectedly brought mobile security issues to the attention of a wider audience, no more confined to the sole and exclusive attention of information security professionals.

This is partially due to the relative easiness in implementing similar hacking techniques in mobile communications, which is raising doubts and misgivings in many other countries. As a matter of fact, as actually happened, voicemail hacking is relatively easy to implement and is based, as usual, on two factors:

  • From the user perspective, on the poor attention for default (in)security settings;
  • From the operator perspective, on the necessary trade-off between security, user experience, and convenience, (almost) always favoring the latter, which turns out not to be an optimal choice from a security perspective.

A lethal mix wich may be quite easily exploited by a balanced blend made of (little) hacking and (a lot of) social engineering. At this link a really complete and interesting description very helpful to understand how relatively easy is to perform voicemail hacking with some U.K. operators (but keep in mind that procedures vary from Operator to Operator). Accorrding to the above quoted article, in theory, it is possible to elude the meshes of the security procedures of the operators, simply calling the voicemail of the victim impersonating the legitimate user, claiming to have forgotten the PIN and voila, that’s it!

Voicemail hacking does not need further components, but unfortunately is not the only issue that may happen: in theory entire conversations may be hijacked (and unfortunately it is something we are quite familiar to, here in Italy). The Security Process of a phone conversations is an end-to-end chain, inside which technology is only a component, and the human factor is the weakest link. In this context weak means leak so that often it happens that some information that should not be disclosed are delivered to media (even if irrelevant to any ongoing investigations) with devastating aftermaths for investigations themselves and for victims’ privacy.

The scenario is further complicated with the new generation of smartphones, where technology (and the ongoing process of Consumerization of Information Technology) leaves virtually no limits to the imagination of attackers: not only voicemail hacking, but also mobile malware (a threat which does not need the unintended cooperation of the Operator) capable of extracting any information from devices. The dramatic events in U.K. involved using stolen data for squalid journalistic purposes, but, since mobile devices are nowadays indispensable companions of our everyday lives, nothing prevents, in theory, to use the same or different methods to steal other kinds of information such as confidential data, banking transaction identifiers, etc… Do you really need a confirm? For instance the recent evolution of the Infamous ZiTMo mobile malware that has just landed on Android (the continuing metamorphosis of this malware is really meaningful: born on the Windows platform, it has rapidly spread on Windows CE, Symbian, and now, last but not least, Android). Since it is expected that 5.6% of iPhones/Android handsets is going to be infected in the next 12 months, there is much to worry. In this context what happened in U.K. may constitute a dangerous precedent and a dramatic source of inspiration for organized cybercrime.

Fears that similar occurrences could happen in other countries are rapidly spreading. As a consequence some countries are moving fast to prevent them.

In the U.S., in wake of U.K. Hacking, Representative Mary Bono Mack, a California Republican who chairs the House subcommittee on commerce, manufacturing and trade, is contacting handset manufacturer companies including Apple, Google, Research in Motion, and wireless companies as well, such as AT&T, Verizon Wireless and Sprint Nextel, to determine if there are any vulnerabilities in cell phones or mobile devices which can be exploited by criminals and other unscrupulous individuals. Clearly the final target is to prevent similar events from ever happening in the United States.

For the Chronicle, on June 13 Bono Mack released draft legislation which aims to tighten data security for companies victims of data breaches. Under the proposal, companies that experience a breach that exposes consumer data would have 48 hours to contact law enforcement agencies and begin assessing the potential damage.

Immediately after U.S. Attorney General Eric Holder is considering investigation into News Corp. for the same reson.

Anyway U.S. is not the only country worried about, as similar concerns are raising in Canada, and I may easily imagine that other countries will soon deal the same stuff.

A final curious notice: a further confirm that U.K. is not the paradise for mobile security came this morning when I stumbled upon this wiki which happily shows how to hack a Vodafone femto cell (just released to public) in order to, among the other things, intercept traffic, perform call frauds (place calls or send SMS on on behalf of somebody else SIM card).

The best (or the worst, it depends on the points of view) is yet to come…

Related articles
About these ads
Categories: Mobile, Security Tags: , , , , , , , , , , , , , , , , , , , ,

Internet In A Suitcase

June 13, 2011 2 comments

According to a NYT article, this is exactly what the Obama Administration is doing, leading a global effort to deploy a “shadow” Internet and an independent mobile phone network that dissidents can use against repressive governments that seek to silence them by censoring or shutting down telecommunications networks (as happened in Egypt and Syria).

More in detail the above mentioned effort include secretive projects to create independent cellphone networks inside foreign countries, as well as an “Internet in a suitcase” prototype, financed with a $2 million State Department grant, which could be secreted across a border and quickly set up to allow wireless communication over a wide area with a link to the global Internet. In a sort of 21st century version of Radio Free Europe relying on a version of “mesh network” technology, which can transform devices like cellphones or personal computers to create an invisible wireless web without a centralized hub

If one puts together the pieces of the puzzles of the last events, one clearly realizes that the ingredients were already on the pot and now are being mixed in the right dosage for a recipe of freedom.

On the other hand the importance of the Internet Connectivity (in terms of presence or absence) in War Zones is unquestionable. And this is brilliantly shown from the fact that we are getting more and more familiar with the shutting down of Internet connectivity as a clumsy attempt carried out by some governments for preventing the spreading of unwelcome information and the consequent use of Social Networks for propaganda, PsyOps or real War Operations. Of course I already talked about special groups of US Army, which I dubbed “Corps of (Networks and Security) Engineers” dedicated to maintain Internet connectivity in war zones by mean of 3G or Wi-Fi drones. It looks like I was only partially right since the reality seems much closer to a spy novel featuring special agents equipped with Internet suitcases rather than soulless drones equipped with antennas.

Same speech for mobile technologies: United States officials said, the State Department and Pentagon have spent at least $50 million to create an independent cellphone network in Afghanistan using towers on protected military bases inside the country in order to offset the Taliban’s ability to shut down the official Afghan services. More recently, a similar action was performed in Libya, with the hijacking of the Libyana Mobile Operator Network to be used by rebels groups to communicate between them. Clearly these were not episodic cases but the first examples of a real mobile warfare strategy aimed to maintain mobile connectivity (videos shot with mobile phones are a point in common of all the protests in Maghreb and Middle East) without clumsy actions such as the smuggling of Satellite Phones in Syria.

In light of these facts, Mr. Obama’s speech on the Middle East on May, the 19th assumes a new meaning and a deeper analysis shows that some prodromes of this strategy were already announced, even if in a hidden form:

Cell phones and social networks allow young people to connect and organize like never before. A new generation has emerged. And their voices tell us that change cannot be denied…

And again:

In fact, real reform will not come at the ballot box alone. Through our efforts we must support those basic rights to speak your mind and access information. We will support open access to the Internet.

Open support to Internet… Even if closed inside a suitcase…

Related articles
Categories: Security, Social Networks Tags: , , , , , , , ,

Tweets Of Democracy

May 19, 2011 7 comments
Official presidential portrait of Barack Obama...

Image via Wikipedia

Today President Obama held his speech on the Middle East announcing a new strategy (and new investments) for the Middle East aimed to encourage the process of Democratization in place. I gave a look to the entire speech and noticed some assertions particularly meaningful which implicitly admit the crucial role that new technologies played in the past months (and will probably play into this kind of new Middle East Mashall Plan) as triggers (and drivers) for backing the fights for human rights.

I used the term Mobile Warfare to stress the role that (consumer) mobile technologies and social networks played in the events that changed the social and political landscape in the Mediterranean Africa and more in general in the Middle East, coming to conclusion that the impact of these new technologies is defining a new democracy model which will have to be taken seriously into consideration by all those governments which still put in place severe limitations to human rights.

So, I was definitively not surprised when I noticed this assertion on Mr. Obama’s speech:

… But the events of the past six months show us that strategies of repression and diversion won’t work anymore. Satellite television and the Internet provide a window into the wider world – a world of astonishing progress in places like India, Indonesia and Brazil. Cell phones and social networks allow young people to connect and organize like never before. A new generation has emerged. And their voices tell us that change cannot be denied…

Which implicitly admits the role of Mobile Warfare: strategies of repression and diversion will not work anymore and the weapons to fight repression are just Cell Phones and Social Networks with which young people (usually most involved in the protests) can connect and not only organize life like never before but also realize that there is a world  outside the window…  On the other hand, particularly in case of Egypt, Social Network literally played a primary role in the protest, since one of the leaders was Mr. Wael Ghonim (expressly quoted by Mr. Obama’speech), a young Google Executive.

And the freedom is not only a matter of elections but also of access to new technologies:

In fact, real reform will not come at the ballot box alone. Through our efforts we must support those basic rights to speak your mind and access information. We will support open access to the Internet, and the right of journalists to be heard – whether it’s a big news organization or a blogger. In the 21st century, information is power; the truth cannot be hidden; and the legitimacy of governments will ultimately depend on active and informed citizens.

This implies that the plan that U.S. and E.U. are going to deploy for the Middle East (a comprehensive Trade and Investment Partnership Initiative in the Middle East and North Africa) will also involve funding aimed to promote the access to new technologies for facilitating the sharing of information (and the conseguent hactivism and psyops operations), a factor which the recent events have shown to become synonym of democracy. Also because, according to Cisco predictions, if in 2010 there were 12.5 billion devices connected to the Internet, there will be 25 billion by 2015, and 50 billion by 2020, and consequently it is really hard to think that filters, blocks and any other form of (social, political and technological) repression in the Middle East will stop this tide.

Related articles
Categories: Mobile Tags: , , , , , , , , ,

Tweets Of Freedom (Updated)

April 25, 2011 4 comments

It was exactly a month ago when commenting on the Mobile Warfare in Syria, I predicted a possible peak in the protests for the half of April. Unfortunately I was a (quite easy actually) good prophet even if my prediction was not completely correct since we are now in the second half of the month. The wave is moving and in the last days the situation has plunged: protests are rising and from the “Black Friday”, the day in which the protests reached the peak, sources report nearly 300 victims in the wave of violence which shook the Country.

As usual I am watching with interest the roles that mobile technologies and social networks are playing and I am noticing the same patterns which characterized the revolutions of this beginning of 2011: social networks used for witnessing the events, common persons becoming improvised reporters armed only with their mobile devices (weapons), and governments desperately trying to stop the streams of bits from the hot zones with coarse attempts.

Consequently it is not surprising that many tweets are just reporting (together with the dramatic news of new military repressions) the cut-off of Internet, Mobile Phones and landlines in Nawa (Governorate of Daraa).

Nevertheless, Syrian Citizens keep on witnessing, what is happening and their tweets and updates are shacking the web (and the world): they show the importance and power of Mobile Warfare and the weapons citizens are using are well summarized by this tweet which encloses the essence of the mobile warfare:

The shots of the gun are viewable, for instance on the Facebook Syrian Revolution 2011 page, which is continuously fed with video “shot” from mobile devices. Moreover, in this moment, mobile communications in Daraa are possible only thanks to Jordanian Mobile Networks:

Will it happen an hijacking of the mobile network with the collaboration of a close country as occurred in Libya with the “Free Libyana”? Difficult to say, but for sure some other tweets do not exclude this possibility:

Worthwile to mention: the above tweet also mentions the hacking of Addounia.tv occurred on April, the 23rd. “More tradional” Cyberwar operations…

Update

Few seconds after publishing the post I found an interesting information, emphasizing the power of mobile warfare, according to which reports by the “Israeli”, announced yesterday that the United States intends to allocate funding for the “revolutions” through the Internet in the “Arab countries” to help the activists bring about change for their countries.

The information have been mentioned by tge “Jerusalem Post” (but I did not fond any conform so far). According to the latter, the administration of President Barack Obama plans to spend more than $ 25 million to facilitate the use of the Internet through activists who’s governments hinder the use of Internet services.

U.S. Assistant Secretary of State for Public Democracy, Human Rights and Labor “Michael Posner” announced to the newspaper “the current administration believes that democratic change must be emanated from within. “

Wars and battlefield are really changing and the parallelism between real weapons and cyber weapons is getting more and more pertinent strengthening the concept of War 2.0: in the “old” world, foreign enemy countries financed internal rebels providing them weapons; in the new world they learn them how to use internet.

Update 2

Thanks to Twitter I came across this interesting article from NYT, which further enhances the similarities between cyber-activism and real activism. Exiles drive the revolution allowing the sharing of images and information all over the World. Meanwhile they created a network to smuggle “weapons” inside Syria. Which kind of weapons? Of course satellite phones, along with hundreds of cameras and laptops.

Several say they relied on Syrian businessmen — abroad or in Syria — to finance one of their most impressive feats. After witnessing the Egyptian government’s success in shutting down the Internet and mobile phone networks in January, they made a concerted attempt to circumvent a similar move by delivering satellite phones and modems across Syria. Ammar Abdulhamid, an activist in Maryland, estimated that they delivered 100 satellite phones, along with hundreds of cameras and laptops.

Thanks to this “smuggling” we may listen to the tweets of freedom. The mobile warfare seems unstoppable…

Categories: Cyberwar, Security Tags: , , , , , , , , , ,
Follow

Get every new post delivered to your Inbox.

Join 1,993 other followers