The great thing about the yearly CCC conference is, even if you can’t make it there in person, you can watch live streams of the various talks online. This years highlights for me:

Index of talks here

Wideband GSM sniffing here

The Baseband Apocalypse here

Running your own GSM stack on a phone. here

27C3 main wiki index here

27C3 Videos

According to the theregister.co.uk’s security pages, several talks at the Black Hat security conference in Las Vegas this week will take GSM hacking down to the script-kiddie level – all you need is enough cash for a modified USRP USB radio peripheral & a 2000GB hard drive to store the rainbow lookup tables.

With that kit you can grab big chunks of the mobile phone spectrum in real time and target individual IMSI numbers. The researchers reckon that 80% of mobile traffic passes over the old A5/1 GSM system. A5/3 & 3G phones should still be considered secure. But remember if your 3G phone isn’t near a strong signal it will be stepping back down to A5/1 anyway.

Think about all those corporate espionage guys out there, they must be salivating like crazy. The rainbow lookup tables are a hefty download at 2TB, but if you’re prepared to travel to Oslo, The Register reports that Frank A. Stevenson (guy who cracked the CSS encryption scheme on DVDs) will swop you a blank drive for one with the rainbow tables on. (Rainbow Tables are lookup tables with the answers to all the possible challenge answers for the GSM A5/1 algorithm – this saves lots of time working each one out indivdually, and crucially makes near real-time decryption possible).

Of course the GSM Alliance makes light of all this, still calling it theoretical – and in some ways they have a point, it’s not like you can do this on an old reprogrammed Nokia 3310 after all!

When Dect (the cordless phone you use at home) was hacked last year we didn’t see UK identity thieves having a field day, gathering up bank pins etc. Only a couple of thousand of the PCMCIA Dect cards were in circulation, and most were probably bought up by security researchers quite quickly. So the hardware to hack Dect became expensive & you had to be able to configure a Linux laptop yourself to use it – the barrier to entry was therefore set high.

With GSM it’s even higher. You needs lots of Linux knowledge & £1000 worth of USRP radio hardware + soldering skills too. Sure organised criminals, corporate spies & bent media companies will use this technology to spy on the rich and famous, but it won’t become a massive problem in the UK. If anything, it will just speed along the adoption of 3G smartphones.

I wonder where Karsten Nohl & friends will be heading next with their USRPs? Dect cracked last year, this year GSM. Airwave/Tetra next year, maybe?

http://en.wikipedia.org/wiki/IMSI-catcher

This is a variation on phishing emails, but now on mobiles. All mobile network operators responded by saying that they weren’t aware of any real world use of this exploit that had so far left a single customer out of pocket – and they’re quite probably right. This seems like an awful lot of effort to go to if you want to get your hands on someones bank details & security passphrases.

I detailed on this site about 16 months ago that Dect cordless phones were now completely insecure. Anyone with a laptop, PCMCIA Com-On-Air Dect card & a decent antenna can record all you household phone calls from anywhere within a 200 metre radius of your home. Lots of older people now do home banking by telephone and over a series of calls you’ll be handing over full pins & security details. Even if you don’t give them to the bank you’ll be reusing them when you’re confirming your identity to insurance, utility & credit card providers – maybe you use that same 4 digit pin code for your home alarm & cashcard. Maybe you’re just paying for stuff with your credit card over the phone. If you live in a block of flats where tenants come and go every 6 months you’d be an easy target.

Ten years ago criminals could use an analogue radio scanner to record all the traffic on the old fashioned cordless home phones, perhaps to a computer for later analysis. They could use a DTFM decoder to figure out which number you’d called, and build up a profile that would leave them knowing you better than your best friend. Well now with the supposedly secure Dect phones they can take this further. Because each Dect phone has its own unique identifier – like the MAC address in your PC or the OUI number in a Bluetooth chip – it’s easy to zone out all the people you don’t want to listen to. Okay, only about half the Dect phones in use are insecure, but which half are you in? It’s not very reassuring is it? We’re nearly all using these Dect cordless phones at home these days.

Anyway, I saw not one article 16 months ago in the UK press or on TV about the Dect threat (although lots appeared in the German media), but now we need to worry about spoof texts. Go figure. If you really care about your health and security use a wired home phone.

As regards unusual text messages from your bank, apply some common sense – if it looks wrong, it’s because it is wrong. Wait until you get home and log onto your account there. Don’t ring numbers or use web links in these messages. Open a new browser window & check your balance from your 3G phone that way.

Pop into the bank and ask them about the real state of your account. If money diasappears from your account by a fraud that’s not your fault they’ll be giving you that money back anyway.

Smartphones are like mini PCs and they can get infected with malware and other nastiness, just like your home PC (for instance it’s now quite common for untrusting partners to secretly install tracking software on their partners smartphones to keep tabs on your whereabouts with GPS accuracy).

BBC Watchdog Story

This means that someone with just a Laptop, Com-On-Air wireless Dect PCMCIA card & Ubuntu Linux can now monitor all those conversations you have. Imagine how much information you could be providing for identity thieves!

If you use telephone banking or use your credit card to pay for goods over the phone, then you really should go back to using a regular wired home phone for these calls at least (or just use your proper mobile, as these are still secure).

If you’re fortunate enough to own a DECT phone that does encrypt (list), then you are still at some risk, the reason: the data-stream passing between your phone & base-station can still be recorded – but at this moment it can’t be turned into a conversation. Once more malicious hackers start to understand the current software, then eventually brute force hacks for the encrypted calls will appear – and when they do your old calls could be dusted-off & decrypted.

Worryingly, it seems that Dect is used for controlling traffic lights & some wireless credit card terminals. So these will likely become targets too.

This hack originated in Germany and their equivalent of the BBC’s Panorama have already done a piece on it. The equivalent of the UK’s OFCOM have already issued advice to Germans that they should stop telephone banking & giving out credit card numbers over cordless Dect phones.

The equipment still takes a fair bit of computer knowledge to get working, and the PCMCIA cards are only available in limited numbers – so it might not become an epidemic-level problem. The Dosch Amand Com-On-Air type II PCMCIA cards which were selling for €40 two weeks ago are now changing hands for €200+ on eBay!

Frontal21 (like BBC’s Panorama in the UK) website piece.

Video of Frontal21 episode

If you want to experiment you can buy a DECT card for your PC from www.ebay.de (that’s the German eBay). Look for vendor arc-computer2 & you could pickup a type III PCMCIA or PCI card for around €25 – you should pay €10 for UK carriage if in doubt.

Both the PCI card and type III PCMCIA card aren’t yet supported in the dect_cli software, but they soon will be. Once supported they’ll rocket in value like the type II cards already have – as these items are no longer manufactured & stock of the product is limited.

Here’s a recent screengrab from eBay.de – notice the joker selling a signed-by-the-hackers type II card for €2500.

Siemens Gigaset Dect Security – Read the press release.

If you didn’t know already, DECT is the technology used by the current generation of cordless home phones & baby monitors. So now, not only is it probably bad for you, it’s also insecure!

The researchers reverse-engineered a standard Com-On-Air PCMCIA DECT card – which is normally used in a Windows laptop to bridge/ link DECT phones to Asterisk VOIP/SIP networks – and demonstrated their Linux-based sniffer at 25C3 hackers congress.

The PCMCIA Class II card costs just €40 from www.arc-computer.de (in Germany, you can buy one via their eBay shop). You will need a PC running Linux to do anything useful with it, and really it’s just a proof-of-concept tool right now. But watch this space.

Read more about it:

http://events.ccc.de/congress/2008/Fahrplan/events/2937.en.html

http://www.theregister.co.uk/2008/12/31/dect_hack/

https://dedected.org/cgi-bin/trac.cgi

IT’S called an allergy to modern life and half of Scots in the next 10 years could be at risk from this crippling illness, according to scientific research.

Victims of the condition, which is triggered by electromagnetic waves from mobile phones, power lines, microwaves and computers, suffer headaches, crushing chest pains, nose bleeds and a loss of feeling in arms and legs.

Experts report that up to 1.5million people in the UK already have their lives blighted by electro-sensitivity, with symptoms that also include heart palpitations, tiredness, fainting, light sensitivity and skin problems.

Mike Bell, chairman of the Radiation Research Trust, said: “We are seeing a significant increase in enquiries from individuals suffering from these symptoms.

“We’re concerned that many people could be living with health-related electro-sensitivity symptoms without realising the cause.

“Doctors in the UK are not trained to recognise this condition. They could be misdiagnosing patients and treating them with drugs rather than investigating the cause.”

One victim has compared the condition with life as a human aerial – their body overreacting to electrical waves in the environment. Today, as a scientific conference opens in London, public health expert Dr Gerd Oberfeld will predict that if current trends continue, up to 50 per cent of people could suffer from electro sensitivity symptoms in the next 10 years.

The World Health Organisation is also backing research, stating that: “Electrical hypersensitivity is a real and sometimes disabling condition.”

Sufferers are particularly vulnerable to the £2.5billion police communication system Tetra – Terrestrial Trunked Radio – which has been introduced throughout the UK. In the past three years, more than 1000 masts have been erected in Scotland. They pulse at 17.6hertz – above the 16Hz frequency the Government’s Independent Expert Group on Mobile Phones warns might affect brain activity.

Experts say radio waves at this frequency can cause calcium to leak from the brain, causing damage to the nervous and immune systems. If the masts are less than 15 metres high, they don’t need planning permission.

Former Norwegian Prime Minister Harlem Brundtland suffers from electro-sensitivity.

She said: “I felt a local warmth around my ear. But the agony got worse. It turned to discomfort and headaches every time I used a mobile phone.

“Some people develop sensitivity to electricity and radiation from equipment such as mobile phones or PCs.

“If this can lead to adverse health effects such as cancer or other diseases, we do not know yet. But I think we should follow the precautionary principle.”

Yes, another mainstream magazine dares to link Mobiles, Wifi routers and other electronic devices with poor sleep. In the article Dr Chris Idzikowski, director of the Edinburgh Sleep Centre, says that, ‘ There’s more than sufficient evidence that mobile phone exposure an hour before bedtime adversely affects deep sleep ‘.

Others in the article report the classic fuzzy-mindedness that over-use of RF emitting gadgets can bring on. The article suggests that you turn off your mobile at bedtime.

While this is good advice, not a single mention is made of the danger from DECT cordless phones. The article states that a Mobile left on the bedside table will talk to the cell tower every ten minutes or so – well in our experience it’s more like every half an hour, for a five second burst. That isn’t going to disrupt your sleep. However, having a DECT cordless phone near your bed almost certainly will.

If you didn’t already know: the DECT cordless phone’s base station – the main docking point, if you have several handsets – gives out a constant pulse of RF, all the time. Even when you’re not talking on the handset. Keeping it a few feet from your head, while trying to sleep, is not such a good idea. Nor should you have a DECT base unit next to the home PC you use for hours at a time. All those hours you spend feet from a DECT cordless docking station really could leave you feeling completely ‘Spaced Out’.

So, while the article in the Sunday Mail is undoubtedly well intentioned, it could have payed more attention to DECT.