Less Radiation

Iran have shown video of the downed drone which looks intact, suggesting they didn’t shoot it down.

They claim it was brought down by electronic measures. Signal jammer anyone?

BBC story & video

more here

On day one of the recent 2011 Chaos Communication Camp – an annual summer computer security conference this year held in Germany – Karsten Nohl & Luca Melette demonstrated how to sniff unencrypted GPRS from the air using a £10 Motorola C123 mobile phone & a laptop running Linux.

Actually you need four £10 phones and serial to USB leads – the phones can be Motorola C115 or C118 or C123 or C139 or C140 or V171 models or Sony Ericsson J100i. Two of the phones need the internal filters replacing before you can sniff the uplink above 20 metres. With the filters replaced you can sniff the uplink up to 200 metres, with external antennas, probably. You need FTDI versions of the cables to be able to grab four timeslots from each of the four phones simultaneously. As you can tell, this is nowhere near the script kiddie level just yet. But just twelve months ago sniffing any GSM traffic without a £1000 USRP device wasn’t really possible.

The PDF slides from the talk are here.

The technique builds on work from the Osmocom-bb project – which uses the same £10 mobile phone to implement a free software GSM stack, when the phone is attached to a laptop, using a cheap USB to RS232 cable.

Some countries networks use encryption on their GPRS links, but some countries networks choose not to, so they can monitor traffic like Skype. Even if you use a 3G iPhone, Blackberry or Android phone it will always step down to GPRS when the 3G signal isn’t available (it might be someone running a UMTS 3G signal jammer).

More information can be found at srlabs.de

According to The Register, O2 are having network problems in North & East London, as well as Sussex & Kent today.

Tesco & GiffGaff mobile users may also be affected.

The Register report

GiffGaff map of problems

Would you like to have a firewall running on your Android phone that lets you see which apps are using your internet connection?

Would you like to be able to send secure SMS text messages?

Would you like to be able to hold secure conversations?

You need Whisper System’s Mobile Security Suite

Ubertooth, Funcube Dongle Pro and Sparkfun IOIO for Android.

Three brand new innovative products, all coming out around the same time. All in limited supply, and all completely brilliant!

Ubertooth – Bluetooth sniffing for under £100.

Until now sniffing and injecting packets into Bluetooth communication hasn’t been possible for the man in the street.

The Ubertooth USB dongle will change this for under £100.

The USB adapter just grabs a chunk of 2.4GHz spectrum and your PC processes it. Makes passive detection of Bluetooth devices possible without shelling out £1000 for a USRP. It will be possible to predict Bluetooth hopping pattern. It will also be possible to do man-in-the-middle attacks using two Ubertooths.

UK Buyers can pre-order from RFIDIOt.org. US buyers can pre-order from HakShop

FUNcube Dongle Pro – all frequency audio scanner for under £100.

Another USB dongle featuring three SMD chips to perform a custom task. This dongle is very different from the Ubertooth, but in some ways more amazing.

It can grab up to a 80KHz chunk of radio spectrum from anywhere between 64MHz and 1700MHz (although there is a dead spot between 1100MHz and 1270MHz). It will basically do most things your fancy-pants £1000+ standalone radio scanner will do, for just £100. Basically good for speech & data, but not really video. Works with Windows. Mac OSX & Linux. Appears to PC as a USB audio device & a HID device. Plenty of open source software available to drive it. Interestingly the FUNcube Pro is mentioned on the Osmocom Tetra page.

The only downside is that each batch the designer has made are currently selling out in 2 minutes, when he releases them. Find out more at FUNcube Dongle

Sparkfun IOIO for Android – attach anything to your Android smartphone for under £50.

A really simple way to attach almost any electronic component to your Android Smartphone or Tablet. Thousands of uses will be found. Things will be invented!

This board consists of a USB to Everything adapter & a library of script & device drivers (a bit like an Arduino sketch but in Java). All the computing power & sensors in your Android smartphone available to motors, LEDs, weather stations, robots, PIRs, analog sensors, digital sensors. Just imagine the possibilities. Runs on Android 1.5 & up, so even all those sub-£50 used Android phones will work with it.

www.SparkFun.com

According to Thinq.co.uk they can:

“Newly-published research suggests that mobile phones can reduce the mineral content of the bones they hang out around.

Researchers at the the National University of Cuyo, in Mendoza, Argentina, looked at that strange breed – men who wear mobile phones on their hip. They discovered evidence to suggest that the proximity of the mobile phone caused a reduction in bone mineral content (BMC) and bone mineral density (BMD) in the men who wore the phones over a 12-month period, compared to a control group that didn’t.

According to an abstract from the study to be published in the Journal of Craniofacial Surgery, wearers of a mobile phone had “significantly lower right BMD at the trochanter and significantly lower right BMC at both trochanter and total hip”.

None of these differences were found in non users, the study notes.

Non users had a higher BMC at the right femoral neck (at the top of the thigh). The right-left difference in femoral neck BMD of non users was marginally non-significant. In users, there was no femoral neck right-left difference of BMC at the femoral neck. Right-left asymmetries in femoral neck BMC were significantly different between both groups, the study notes.

Study leader Dr Fernando D Sravi writes: “The different patterns of right-left asymmetry in femoral bone mineral found in mobile cell phone users and non users are consistent with a non-thermal effect of electromagnetic radio-frequency waves not previously described.”

The study measured BMC and BMD in the left and right hips of two groups of healthy men – 24 who did not use cell phones and 24 who carried their cell phone on their right hip, for at least 12 months.

According to the researchers, few studies have looked at whether electromagnetic fields emitted by cell phones could affect bone mineralisation. They suggest that with rapid uptake of mobile phones, any significant effect on BMD could have a substantial effect on the osteoporosis rate in the population.

Osteoporosis is a systemic skeletal disease characterised by low bone mass and microarchitectural deterioration that leads to increased bone fragility and increased risk of fracture .

Dr Sravi says more research is needed to follow up his study, particularly in women, who  generally have higher rates of osteoporosis, and children, who may have a long life of mobile phone use ahead of them.

Sravi writes that, while the actual energy emission by modern mobile cell phones is well below the limits set by current standards, precluding significant thermal effects, a growing body of evidence suggests that non-ionizing electromagnetic radiation in the frequency range of mobile cell phones may cause non-thermal biologic effects. Many of these non-thermal biologic effects “might be relevant for human health,” the study notes.

Read more:
 http://www.thinq.co.uk/2011/3/28/mobile-phones-rot-your-bones/#ixzz1HvusYGtI.

Richard Stallman: iPhones and Androids are ‘Big Brother’ tracking devices

I was just looking at the Slashdot website and started reading a piece on Networkworld.com about Richard Stallman’s views on various topics.

Stallman (the open-source software movement is basically his idea) says he won’t own a mobile phone as they’re glorified tracking devices, which can also be used to eavesdrop on you remotely. This of course is all perfectly true, and if you’re of interest to the NSA or UK security services that might bother you (I’m thinking of Julian Assange or anyone who ever stood in a 5 meter perimeter of him). But if the only insight someone might gain into your personal life is that you’re using Sainsburys rather than Tescos for your shop this week, then who really cares?

I only use my Android smartphone for internet access, I don’t make any calls or send any texts. Stallman states that unless you remove the battery ( he actually says all batteries!) you don’t know what your phone is doing. Well I know what my phone is doing… I own an Electrosmog Detector (now sold out but available on eBay and other sites), which turns RF transmissions into audible noise – I’ve also got a couple of spare 9v rechargeable batteries, so I can leave it on whenever I want – and if my phone is transmitting I can hear it.

If you own an Electrosmog Detector & you’re remotely bothered about being monitored, you could just make fart noises every time the phone transmits when you aren’t talking on it! This is much more fun than being paranoid about what it is or maybe isn’t doing. Of course a smart phone with Facebook & Gmail installed will be transmitting regularly, so turn off all those auto-sync services if you want to know when it shouldn’t be transmitting.

If you don’t want to be tracked, then just leave your phone at home half the time, or swop with a big group of friends if you’re a member of any kind of protest group, or just don’t use one. Remember that swoping Sim cards isn’t enough, your mobile also contains a unique IMEI number, and either of those will let you be tracked. You need a new PAYG phone & sim to vanish. (and as soon as you use it to contact an old target you’ll re-appear again).

If you use the internet look into using Tor, or signing up for a secure VPN.

And another thing… I own several laptops & an iMac. I was looking at them recently and must have pre-empted Richard Stallman’s views. I took a big blob of blu-tak and stuck it over each built-in webcam & mic… Well you never know who might have been listening or watching, and they bloody well aren’t now! And one final thing, assume everything you do and look at on the internet is monitored, because it is…

Peace & Love

If you didn’t know, every year between Christmas & New Year thousands of computer hackers converge on Berlin to showcase their latest electronic hardware exploits at the Chaos Computer Club conference. I got interested two years ago when some German students demonstrated their £30 Dect phone laptop ‘debugger’ in a talk at 25C3.

The great thing about the yearly CCC conference is, even if you can’t make it there in person, you can watch live streams of the various talks online. This years highlights for me:

Index of talks here

Wideband GSM sniffing here

The Baseband Apocalypse here

Running your own GSM stack on a phone. here

27C3 main wiki index here

27C3 Videos

Interesting article in New Scientist this week. Karsten Nohl has assessed various manufacturers keyfob immobilisers and concluded that most of the older 40 & 48 bit AES systems are now hackable. Last year he took 6 hours to discover the algorithm used to create the encryption key in a Hitag 2 system. Armed with that algorithm he could in theory unlock any car using NXP Semiconductors Hitag 2 system – according to New Scientist.

Security professionals now believe a move to 128 bit immobilisers is the way forward. Both Texas Instruments & NXP now offer 128 bit AES systems – which would take so long to crack that it’s not worth even trying. Apparently, the car manufacturers don’t see the urgency to switch. They point out that any car can still be removed by a thief using a flat-bed truck & a GPS/GSM radio jammer.

We’ve written previously about crimes here in the UK, involving the theft of laptops & phone from cars by thieves using jammers to stop the owners locking their car doors using the immobiliser keyfobs. Now, in theory at least, they can take your car too.

GSM Mobile Phone Security is now practically dead. Anyone with a spare couple of grand can now do what was previously the exclusive preserve of national security agencies. Previously you’d have to spend £100K and prove you were a suitable government-grade customer.

According to the theregister.co.uk’s security pages, several talks at the Black Hat security conference in Las Vegas this week will take GSM hacking down to the script-kiddie level – all you need is enough cash for a modified USRP USB radio peripheral & a 2000GB hard drive to store the rainbow lookup tables.

With that kit you can grab big chunks of the mobile phone spectrum in real time and target individual IMSI numbers. The researchers reckon that 80% of mobile traffic passes over the old A5/1 GSM system. A5/3 & 3G phones should still be considered secure. But remember if your 3G phone isn’t near a strong signal it will be stepping back down to A5/1 anyway.

Think about all those corporate espionage guys out there, they must be salivating like crazy. The rainbow lookup tables are a hefty download at 2TB, but if you’re prepared to travel to Oslo, The Register reports that Frank A. Stevenson (guy who cracked the CSS encryption scheme on DVDs) will swop you a blank drive for one with the rainbow tables on. (Rainbow Tables are lookup tables with the answers to all the possible challenge answers for the GSM A5/1 algorithm – this saves lots of time working each one out indivdually, and crucially makes near real-time decryption possible).

Of course the GSM Alliance makes light of all this, still calling it theoretical – and in some ways they have a point, it’s not like you can do this on an old reprogrammed Nokia 3310 after all!

When Dect (the cordless phone you use at home) was hacked last year we didn’t see UK identity thieves having a field day, gathering up bank pins etc. Only a couple of thousand of the PCMCIA Dect cards were in circulation, and most were probably bought up by security researchers quite quickly. So the hardware to hack Dect became expensive & you had to be able to configure a Linux laptop yourself to use it – the barrier to entry was therefore set high.

With GSM it’s even higher. You needs lots of Linux knowledge & £1000 worth of USRP radio hardware + soldering skills too. Sure organised criminals, corporate spies & bent media companies will use this technology to spy on the rich and famous, but it won’t become a massive problem in the UK. If anything, it will just speed along the adoption of 3G smartphones.

I wonder where Karsten Nohl & friends will be heading next with their USRPs? Dect cracked last year, this year GSM. Airwave/Tetra next year, maybe?

http://en.wikipedia.org/wiki/IMSI-catcher