Smarthphone

Surely we can find, and stop, high-tech spies

It’s rumored that the U.S. intelligence community has commissioned The Eagles to rewrite some of their famous lyrics to serve as a deterrent to Russia and China. The hope is that this new song will stop the apparently unabated espionage activities occurring in the National Capital Region, known as the NCR. It’s called “You Can’t Hide Your Spyin’ Eyes.”

BY MORGAN WRIGHT

Concerns about enhanced technical espionage have circulated for a long time. A very provocative technology, currently being used by law enforcement and our military, is a cell-site simulator. Known as an IMSI-catcher, or commercially as a Stingray, it’s a box about the size of an oversized pair of sneakers.

 

IMSI stands for International Mobile Subscriber Identity. This is how the Global System for Mobile Communications (GSM) finds you, regardless of country, and delivers a call to you or allows you to make one to a destination of your choice. Several reports surfaced in 2017 that showed the Department of Homeland Security was worried about IMSI catchers. 

 

In a Nov. 17, 2017, letter, Sen. Ron Wyden (D-Ore.) asked the DHS National Protection and Programs Directorate if there was any evidence of foreign IMSI catchers operating in the National Capital Region. A pilot study had been conducted from January to November of the same year. The short answer was yes. The longer, typical government response was:

“The Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) has observed anomalous activity in the National Capital Region (NCR) that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers. NPPD has not validated or attributed such activity to specific entities or devices. This information was reported to our Federal partners at the time it was observed.”

Now that it’s been established that nefarious electronic hijinks abound in the NCR, surely there must be a way to find it and stop it. Right? The short answer is no. The government answer is even more terrifying:

“NPPD is not aware of any current DHS technical capability to detect IMSI catchers. To support such a capability, DHS would require funding to procure, deploy, operate and maintain the capability, which includes the cost of hardware, software, and labor.”

The previous statement might make you think this is a newly discovered problem of which DHS is just becoming aware. But our Canadian neighbors found the same activity near their Parliament in 2017. In 2014, the Harvard Journal of Law and Technology said that “Hostile foreign intelligence services can and, almost certainly, are using the technology in this country for espionage.”

About two weeks ago, the Senate passed a spending bill that included language directing the Pentagon to divulge the use of IMSI catchers near U.S. bases and facilities. It’s not the first time the use of electronics has caused security concerns. A 20-year-old Australian student discovered the location of several military bases overseas by simply looking at the heatmap posted by Strava of running routes that had been shared.

You’d have to go back almost another 20 years to find when the threat of IMSI catchers became a real issue. The notorious hacker Kevin Mitnick was captured in 1996 using the same technology DHS is worried about in 2018. The hacking victim who helped the FBI track Mitnick down — Tsutomu Shimomura — was very well acquainted with the technology.

“Later that night, the FBI radio surveillance team from Quantico, Virginia, arrived at the Sprint cellular telephone switch office. The team talked to me a little about the technology they had toted along in the station wagon, especially something called a cell-site simulator, which was packed in a large travel case. The simulator was a technician’s device normally used for testing cell phones, but it could also be used to page Mitnick’s cell phone without ringing it, as long as he had the phone turned on but not in use. The phone would then act as a transmitter that they could home in on with a Triggerfish cellular radio direction-finding system that they were using.”

This wasn’t Shimomura’s first brush with cell phones. In 1993, in front of a congressional oversight committee, he showed how easy it was to use a software hack to listen in on the calls of nearby cellular phones. The problem isn’t new. In fact, it’s quite old.

If you take DHS’s response at face value, it appears NPPD does not have its own technical capability. If DHS has no organic ability, how did it detect anything in the first place? With a little help from other solutions. Project Overwatch, for example.

According to the RSA presentation, “Project Overwatch has been a multinational effort between USA, Germany, and Australia to create a solution leveraging GSMK’s patented Baseband Firewall technology.” This began six years ago.

In February 2017, at the RSA Security Conference in San Francisco, a demonstration of Project Overwatch showed the detection of rogue IMSI catchers — the same technology DHS used, but did not disclose, in its letter to Sen. Wyden.

The warnings were there. The threat was there. Six years ago, we worked with our allies to develop a solution to counter this growing form of technical espionage. So why is Congress just now worried about this?

It’s inconceivable that this electronic eavesdropping that targeted the White House, Congress, our federal law enforcement and intelligence agencies, and who knows what else, should have gone on for this long without a warning to the relevant oversight committees. And the public.

When it comes to our national security, no one should be allowed to, as The Eagles might say, “Take It Easy.”

Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. Previously Morgan was a senior advisor in the U.S. State Department Antiterrorism Assistance Program and senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.

TEEN FINDS HIDDEN CAMERA IN LOCKER ROOM DURING ITALIAN TOURNAMENT

A disturbing scandal has recently rocked Italy‘s youth volleyball circuit. A cellphone belonging to a referee was found hidden with its camera turned on inside an arena’s locker room. The event happened during an international tournament involving 250 youngsters from six European countries. The cellphone was found by a player from a Lithuanian team, who immediately went to his coach with the device. The police was called, and even had to protect the 27-year-old referee, who stated that the phone’s camera must have activated by itself, from being attacked.

Here is what the event’s organizer had to say (Gazzetta.it):

“There is a suspicion that something serious may have happened, but we’ll wait for the police to do their job.  We immediately intervened, reporting what happened. We’ll now distance ourselves from the case, letting the police do its job, and we hope that the Italian Volleyball Federation, to which we will send an appropriate report, suspends this referee. I don’t want him referring again.”

The Italian volleyball federation has temporaly suspened the referee while the police investigates the matter:

“This was an unavoidable decision. This is a fact that has never happened since the Federation exists. Now let’s let the investigations take their course. For now, let’s not cast stones at anyone, for everyone is innocent until proven guilty. We’ll await the end of investigations.”

Source: WolleyMob

New LTE attacks open users to eavesdropping, fake messages, location spoofing

A group of researchers has uncovered ten new attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals.

The attacks exploit design flaws in the communications protocol and unsafe practices employed by the stakeholders and can be used to achieve things like impersonating existing users, spoofing the location of the victim device, delivering fake emergency and warning messages, eavesdropping on SMS communications, and more.

The attacks

The researchers – Syed Rafiul Hussain, Shagufta Mehnaz and Elisa Bertino from Purdue University, and Omar Chowdhury from the University of Iowa – have employed a systematic model-based adversarial testing approach to expose the vulnerabilities in 4G LTE’s critical procedures (most notably attach, paging, and detach procedures).

Among the uncovered attacks they consider one particularly worrying: an authentication relay attack that allows an adversary to impersonate an existing user (mobile phone) without possessing any legitimate credentials.

“Through this attack the adversary can poison the location of the victim device in the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation,” they pointed out.

“Other notable attacks reported in this paper enable an adversary to obtain user’s coarse-grained location information and also mount denial of service (DoS) attacks. In particular, using LTEInspector, we obtained the intuition of an attack which enables an adversary to possibly hijack a cellular device’s paging channel with which it can not only stop notifications (e.g., call, SMS) to reach the device but also can inject fabricated messages resulting in multiple implications including energy depletion and activity profiling.”

To ensure that these attacks they found are realizable in practice and pose actual threats, they have validated eight of them through experimentation in a real-world scenario (a custom-built LTE network or commercial networks with a logical Faraday cage).

In the paper they explain how they set up malicious:

• eNodeB base stations by using a Universal Software-defined Radio Peripheral device and an open source LTE protocol stack implementation
• Malicious UEs (mobile phones)
• Victim EUs, and
• A low-cost, real-time LTE channel decoder.

The highest amount spent on a particular setup was $3900, and that’s within reach for many adversaries.

Defenses against the attacks

There are possible defenses against these attacks, but the researchers refrained from offering any ideas.

“We deliberately do not discuss defenses for the observed attacks as retrospectively adding security into an existing protocol without breaking backward compatibility often yields band-aid-like-solutions which do not hold up under extreme scrutiny,” they noted.

“It is also not clear, especially, for the authentication relay attack whether a defense exists that does not require major infrastructural or protocol overhaul. A possibility is to employ a distance-bounding protocol; realization of such protocol is, however, rare in practice.”

4G LTE is set to be supplanted by 5G technology, but a complete switch won’t happen for many years. These vulnerabilities can become a big problem in the interim.

Source: HelpNetSecurity

This smartphone cuts off your camera and microphone so no spy agencies can watch you

  • Cybersecurity firm DarkMatter has unveiled its first smartphone

  • Katim is designed to stop spy agencies listening to you

  • It is an Android smartphone with a 5.2-inch display and strong encryption

  • One security feature called “shield mode” disconnects power from the microphone and camera on the device, so nobody can spy on your conversations

Cybersecurity firm DarkMatter has launched its first smartphone, designed to stop spy agencies listening to you.

An Android device called Katim, it was made available commercially Monday at Mobile World Congress in Barcelona, Spain, and has a 5.2-inch display, as well as a high level of encryption.

DarkMatter unveiled the phone concept last year but has now brought it to market.

 
One security feature built by the Middle East-based firm is called “shield mode,” which disconnects power from the microphone and camera on the device so that nobody can spy on your conversations.

“If you are to enter a secure meeting or a very confidential meeting as a business, you are striking a secret deal, or as a government having a secret meeting in that regard… you always tend to find people leaving their phone outside the meeting,” Faisal Al Bannai, CEO of DarkMatter, told CNBC in an interview Tuesday.

“It’s because you can’t trust that no one, no super agencies are able to turn on that mic while you are sitting in the room.”

Al Bannai said the company has built the Katim smartphone from the “ground up” with security.

Shield mode is activated by flicking a button on the side of the device; the CEO said this makes it more secure.

“This button will physically disconnect the power from the mic and camera, which means unless that super agency has a way of physically shifting that button back, there is no way that mic is turning on and listening to what you’re saying,” Al Bannai said.

Privacy and spying via devices was thrust into the spotlight in 2016 when a photoemerged showing that Facebook CEO Mark Zuckerbergtapes up the webcam of his laptop.

DarkMatter is not the only provider of security-focused devices. On Tuesday, cybersecurity firm Sikur announced what it claims is a hack-proof smartphone designed to store cryptocurrencies securely. And at Mobile World Congress, Chinese electronics maker Huawei unveiled a new laptop called the MateBook X Pro that has a camera hidden in the keyboard.

Al Bannai also revealed that 2017 revenue hit $400 million, up from $200 million the year before.

Arjun Kharpal
Source: CNBC