recentpopularlog in

pierredv : cyber-spectrum   62

Israel accused of planting mysterious spy devices near the White House - POLITICO, Sep 2019
"The U.S. government concluded within the past two years that Israel was most likely behind the placement of cellphone surveillance devices that were found near the White House and other sensitive locations around Washington, according to three former senior U.S. officials with knowledge of the matter."

"Washington is awash in surveillance, and efforts of foreign entities to try to spy on administration officials and other top political figures are fairly common. But not many countries have the capability — or the budget — to plant the devices found in this most recent incident, which is another reason suspicion fell on Israel."
cyber-spectrum  IMSI-catchers  spying  surveillance  Israel  Politico 
20 days ago by pierredv
Newer Diameter Telephony Protocol Just As Vulnerable As SS7, Jul 2018
"Security researchers say the Diameter protocol used with today's 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier."

"The difference between these two is that while SS7 did not use any type of encryption for its authentication procedures, leading to the easy forgery of authentication and authorization messages, Diameter supports TLS/DTLS (for TCP or SCTP, respectively) or IPsec."

"4G operators often misconfigure Diameter"

"Researchers say that the Diameter misconfigurations they've spotted inside 4G networks are in many cases unique per each network but they usually repeat themselves to have them organized in five classes of attacks: (1) subscriber information disclosure, (2) network information disclosure, (3) subscriber traffic interception, (4) fraud, and (5) denial of service."
LTE  4G  cyber-spectrum  cybersecurity  Diameter  SS7 
20 days ago by pierredv
City-Wide IMSI-Catcher Detection - SeaGlass
"SeaGlass is a system designed by security researchers at the University of Washington to measure IMSI-catcher use across a city."

"For more details on the SeaGlass sensors, data collection system, detection algorithms, and results see our technical paper published at Privacy Enhancing Technology Symposium 2017"
UW  surveillance  cellular  security  cyber-spectrum  IMSI-catchers  StingRay 
20 days ago by pierredv
[1510.07563] Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems, Aug 2017
Altaf Shaik, Ravishankar Borgaonkar, N. Asokan, Valtteri Niemi, Jean-Pierre Seifert


Mobile communication systems now constitute an essential part of life throughout the world. Fourth generation "Long Term Evolution" (LTE) mobile communication networks are being deployed. The LTE suite of specifications is considered to be significantly better than its predecessors not only in terms of functionality but also with respect to security and privacy for subscribers.
We carefully analyzed LTE access network protocol specifications and uncovered several vulnerabilities. Using commercial LTE mobile devices in real LTE networks, we demonstrate inexpensive, and practical attacks exploiting these vulnerabilities. Our first class of attacks consists of three different ways of making an LTE device leak its location: A semi-passive attacker can locate an LTE device within a 2 this http URL area within a city whereas an active attacker can precisely locate an LTE device using GPS co-ordinates or trilateration via cell-tower signal strength information. Our second class of attacks can persistently deny some or all services to a target LTE device. To the best of our knowledge, our work constitutes the first publicly reported practical attacks against LTE access network protocols.
We present several countermeasures to resist our specific attacks. We also discuss possible trade-offs that may explain why these vulnerabilities exist and recommend that safety margins introduced into future specifications to address such trade-offs should incorporate greater agility to accommodate subsequent changes in the trade-off equilibrium.
IMSI-catchers  StingRay  4G  LTE  cyber-spectrum  Arxiv 
20 days ago by pierredv
Exclusive: Russia Carried Out A 'Stunning' Breach Of FBI Communications System, Escalating The Spy Game On U.S. Soil | HuffPost Sep 2019
"Both compounds, and at least some of the expelled diplomats, played key roles in a brazen Russian counterintelligence operation that stretched from the Bay Area to the heart of the nation’s capital, according to former U.S. officials. The operation, which targeted FBI communications, hampered the bureau’s ability to track Russian spies on U.S. soil at a time of increasing tension with Moscow, forced the FBI and CIA to cease contact with some of their Russian assets, and prompted tighter security procedures at key U.S. national security facilities in the Washington area and elsewhere, according to former U.S. officials. It even raised concerns among some U.S. officials about a Russian mole within the U.S. intelligence community."

"American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams."

Joel Brenner: "we were neither organized nor resourced to deal with counterintelligence in networks, technical networks, electronic networks.”

"Russian spies also deployed “mobile listening posts.” Some Russian intelligence officers, carrying signals intelligence gear, would walk near FBI surveillance teams. Others drove vans full of listening equipment aimed at intercepting FBI teams’ communications."
HuffPost  Russia  surveillance  spying  FBI  cyber-spectrum  vulnerability  cellular 
28 days ago by pierredv
Simjacker – Next Generation Spying Over Mobile | Mobile Security News | AdaptiveMobile, Sep 2019
Via Amie Stepanovich

"... Simjacker. We believe this vulnerability has been exploited for at least the last 2 years by a highly sophisticated threat actor in multiple countries, primarily for the purposes of surveillance. Other than the impact on its victims, from our analysis, Simjacker and its associated exploits is a huge jump in complexity and sophistication compared to attacks previously seen over mobile core networks. It represents a considerable escalation in the skillset and abilities of attackers seeking to exploit mobile networks. "

"This S@T Browser software is not well known, is quite old, and its initial purpose was to enable services such as getting your account balance through the SIM card. Globally, its function has been mostly superseded by other technologies, and its specification has not been updated since 2009, however, like many legacy technologies it is still been used while remaining in the background."
AdaptiveMobile  SIM  cyber-spectrum  spectrum  cellular  vulnerability 
5 weeks ago by pierredv
Stalking cheap Chinese GPS child trackers is as easy as 123... 456 – because that's the default password on 600k+ of these gizmos • The Register, Sep 2019
"Concerned parents who strap GPS trackers to their kids to keep tabs on the youngsters may be inadvertently putting their offspring in danger. Hundreds of thousands of the gizmos ship with pathetic security, including a default password of 123456, allowing them to be potentially monitored by strangers, it is claimed."

"White hats at Avast announced on Thursday they discovered 29 models of gadgets, designed to track their child wearers, had that weak default passcode. "

"once into an account, you can see the kid's GPS coordinates, eavesdrop on the built-in microphone, access any photos on the device, and potentially even make a call to the child"

"The security pros scanned a million account numbers, and said they found more than 600,000 vulnerable devices are in circulation"
TheRegister  GPS  China  cyber-spectrum  cybersecurity  hacking  Avast  surveillance  tracking 
5 weeks ago by pierredv
5G Real Security Threats Lost in Trump's Twitter Diplomacy - CircleID Sep 2019
"A new report on 5G and geopolitics by Oxford Information Labs details the complex landscape of 5G security. Importantly, it draws out how a variety of proven technical concerns around the quality of Huawei security practices and equipment are drowned out by the US' Twitter diplomacy."

"Critical international dialogue on genuine cybersecurity concerns relating to 5G and Huawei are being lost in the noise of the US-China trade war. This includes issues like network resiliency, attack surfaces, remote access, and the move to software-defined networks"

"... the evolution from 4G to 5G will be more complex than previous evolutions in mobile technology. For instance, rather than cookie-cutter networks, 5G implementations will be highly specialised and vulnerable to software exploits."
CircleID  Huawei  5G  security  cyber-spectrum  cybersecurity 
6 weeks ago by pierredv
How dangerous is the KNOB Bluetooth vulnerability and what should I be - Aug 2019
Via Dale Hatfield

"Security researchers recently discovered a way to intercept a Bluetooth connection between two devices, leading to the ability to plainly view all of the data being transmitted between the two devices. The ‘attack’ was successful on 17 different kinds of Bluetooth chips on 24 different devices that they tested, which means that every popular brand of device that uses Bluetooth is vulnerable."

"In essence, the security researchers figured out how to lower the encryption level used to keep Bluetooth connections secured, by jumping in during the initial negotiation process prior to making a connection."

"In order to actually pull this off in real life, the perpetrator would need a really specialized and expensive piece of equipment, be relatively nearby and could only exploit the connection at the very moment that the two devices where attempting to pair with one another."
cyber-spectrum  cybersecurity  Bluetooth  vulnerability 
8 weeks ago by pierredv
Hack in the box: Hacking into companies with “warshipping” | Ars Technica
"For under $100, compact hardware can turn a shipped package into a horse for attacks."

"Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque."
cybersecurity  vulnerability  cyber-spectrum  ArsTechnica 
9 weeks ago by pierredv
NASA report: Passenger aircraft nearly crashes due GPS disruption - GPS World | RNTF - Aug 2019
A report filed with NASA’s Aviation Safety Reporting System and published in June outlines how a passenger aircraft flew off course during a period of GPS jamming and nearly crashed into a mountain. Fortunately, an alert radar controller intervened, and the accident was averted.
GPS  RNTF  GPSWorld  jamming  cyber-spectrum  spectrum-vulnerability 
10 weeks ago by pierredv
Navigation War in Persian Gulf Hits the News | RNTF, Aug 2019
Blog Editor’s Note: Below are a warning published by the US Maritime Administration, and a press report that quotes an unnamed US defense official. Long time readers will discern that there is a bit of confusion in the two reports about what exactly is going on in terms of spoofing (GPS or just communications?), jamming, and so on. But there is certainly a lot happening.

It should be no surprise that Iran is jamming GPS and perhaps spoofing signals as they have clearly done that before and these are common, easily employed techniques in today’s low intensity warfare.

This kind of navigation warfare has been going on around the world and in the Persian Gulf for quite some time. The first public report was when Iran bragged about capturing a CIA drone operating in Afghanistan in 2011 by spoofing its GPS receiver.

A couple thoughts on the below reports:

The “AIS spoofing” discussed is not the same thing as spoofing GPS signals. AIS is identification equipment carried by a vessel that be programmed to report that the vessel is any type the user wishes. So an Iranian patrol boat can enter into its AIS that it is an British oil tanker, for example in the hopes of deceiving other vessels that don’t have it in sight.
A “US defense official” claims that Iran has been “jamming GPS signals” in the hopes ships will wander into their waters. That would not really be effective, and it wouldn’t make sense, since they clearly have the ability to spoof signals. This could make the ships sail, not wander, into their territorial seas. The folks we have spoken to haven’t seen any signs, yet, of spoofing, but we wouldn’t be surprised if they discover it eventually.
We are not sure about the US defense official’s credibility, though, as at the end of the CNN article “The official said the Iranian jammers have no effect on US military warships and aircraft.” – Yeah, right.
RNTF  GPS  cyber-spectrum  jamming  spoofing  navigation 
10 weeks ago by pierredv
Hacking Cars To Trigger Gridlock IEEE Spectrum - IEEE Spectrum, Aug 2019
Via Dale

"Paralyzing 20 percent of cars during rush hour could gridlock Manhattan"

"physicist Peter Yunker at the Georgia Institute of Technology and his colleagues wanted to explore what might happen if hackers attacked not just single cars, but multiple vehicles simultaneously. "
IEEE-Spectrum  spectrum-vulnerability  cyber-spectrum 
10 weeks ago by pierredv
D-Link Agrees to Make Security Enhancements to Settle FTC Litigation | Federal Trade Commission
"Smart home products manufacturer D-Link Systems, Inc., has agreed to implement a comprehensive software security program in order to settle Federal Trade Commission allegations over misrepresentations that the company took reasonable steps to secure its wireless routers and Internet-connected cameras."
FTD  D-Link  cyber-spectrum  cybersecurity 
11 weeks ago by pierredv
5G security enhancements take aim at emerging threats | FierceWireless Jul 2019
"While complex 5G networks present an expanded threat surface for potential security attacks, enhancements in the next-generation technology also provide transformational security safeguards, according to 5G Americas president Chris Pearson."

"5G Americas, along with project leaders from AT&T and Cisco, released a white paper (PDF) Wednesday detailing 5G security threats, enhancements and standards development meant to handle more stringent protections that will be required by new services and applications."

"Specific 5G security enhancements, according to 5G Americas, include:

Unified authentication framework that enables seamless mobility across different access technologies and support of concurrent connections
User privacy protection for vulnerable information often used to identify and track subscribers
Secure Service-Based Architecture and slice isolation, optimizing security that prevents threats from spreading to other network slices
Native support for secure steering of roaming (SoR), allowing operators to steer customers to preferred partner networks, which improves customer experience, reduces roaming charges, and prevents roaming fraud
Improved SS7 and Diameter protocols for roaming
Improved rogue base station detection and mitigation
Additional proprietary operator and vendor analytics for more layers of security
5G  cybersecurity  cyber-spectrum  FierceWireless 
11 weeks ago by pierredv
Fooling LiDAR, the auto-drive failsafe | RNTF Jul 2019
"In the experiments researchers succeeded in creating undetectable targets, exposing vulnerabilities in LiDAR detection systems through an evolution-based black box algorithm."

"Last summer we saw a paper from researchers who spoofed all the GNSS constellations at once, and at the very modest price of $400. – If you are on a fixed income and $400 seems to be a lot, think about the tens of billions of dollars invested to produce GNSS signals.

The next month we saw a paper from researchers who decided that spoofing the signal might not be enough to mislead a vehicle driver. So they figured out how to also send a false map that looked like were the driver was, but, along with spoofed GNSS signals, would help misdirect the target vehicle. Just perfect for kidnapping, stealing cargo, or luring a driver into some other dangerous situation.

This summer we saw a paper from Regulus that reported on their ability to cause a Tesla in auto-drive mode to suddenly brake, accelerate, and exit the highway early and at the wrong point (we understand their co-worker in the car was scared silly). Thanks to the car’s LiDAR (a radar-like sensor), they were not able to direct the car off the road.

Below is a report on a paper that shows that LiDAR, which many are regarding as the automated driving fail-safe, can also be fooled."
RNTF  GPS  spoofing  lidar  navigation  cyber-spectrum 
july 2019 by pierredv
Hackers Made an App That Kills to Prove a Point | WIRED, Jul 2019
"... yet months of negotiations with Medtronic and regulators to implement a fix proved fruitless. So the researchers resorted to drastic measures. They built an Android app that could use the flaws to kill people."

"The researchers, who also include Jesse Young and Carl Schuett, say they found it easy to reverse engineer the simple encoding and validity checks meant to protect the signal, enabling an attacker to capture the fob's commands. A hacker could then use readily available, open source software to program a radio that masquerades as a legitimate MiniMed remote, and send commands that the pumps will trust and execute. After establishing that initial contact, hackers can then control that radio through a simple smartphone app to launch attacks"

"Both Medtronic and regulators acknowledge that there is no way to patch the flaws on the affected insulin pump models, or to completely disable the remote feature. "

"Rios says the research group demonstrated its proof of concept app to FDA officials in mid-June of this year; Medtronic announced its voluntary recall program a week later. "
hacking  security  cyber-spectrum  Wired  Medtronic  vulnerability 
july 2019 by pierredv
What Are the Top 5G Security Challenges? - SDxCentral
Via Scott Fox, Jul 2019

"The Department for Digital, Culture, Media and Sport of the United Kingdom government released a technical report on 5G architecture and security in December 2018. It outlined four security mechanisms 5G networks need to meet.

First, cross-layer security. A unified framework is needed to coordinate different security methods for each security layer, such as applications or the IoT.

Then, end-to-end security. There should be a secure connection for the communication paths between the user and the core network. The distributed nature of 5G networks makes this challenging.

Cross-domain security is a must. 5G networks create a massive amount of novel use cases with unique requirements. Since the vertical market will only grow in order to fulfill those novel use cases, the report calls for cooperation between those in the 5G system to enact integrated security solutions that go across domains.

Finally, the concept of secure-by-design. As the network changes and evolves, security must be built into the design during development."
5G  cybersecurity  cyber-spectrum 
july 2019 by pierredv
Medtronic Recalls MiniMed Insulin Pumps as FDA Warns About Hacking Risk |
Via Jeff Reed, June 2019

"The US Food and Drug Administration issued a warning on Thursday about possible risk of hacking for some diabetes patients’ insulin pumps. Certain insulin pumps from Medtronic MiniMed have been recalled due to potential cybersecurity risks and it’s recommended for people who use those insulin pumps to switch to different models, according to the FDA."

"In the United States, Medtronic has identified about 4,000 patients who are potentially using insulin pumps that are vulnerable to this issue"
FDA  hacking  cyber-spectrum  cybersecurity 
july 2019 by pierredv
Hacking these medical pumps is as easy as copying a booby-trapped file over the network • The Register Jun 2019
"Two security vulnerabilities in medical workstations can exploited by scumbags to hijack the devices and connected infusion pumps, potentially causing harm to patients, the US government revealed today"

"An attacker successfully exploiting the critical flaw could remotely install malicious firmware, thereby disabling the workstation or altering its function."
TheRegister  healthcare  cyber-spectrum  cybersecurity  vulnerability  DHS 
june 2019 by pierredv
Marek’s Take: Network slicing is a security nightmare for operators | FierceWireless
“Even if you put security to one side, operationalizing network slicing with any kind of agility, at any kind of scale, is going to be very complex. When you then add in the security requirements — as you have to — that adds yet more complexity,” said Patrick Donegan, founder and principal analyst with HardenStance.

"And 5G networks alone have more security challenges than 3G and 4G networks. . . . each network function has a very large number of secured trusted relationships that have to be up and running continuously."

"But it’s unclear which entity will ultimately be responsible for the security of a network slice. Will it be the underlying operator? Or the enterprise/MVNO that is operating the slice?"

"... there are new players entering the space that see network slicing as an opportunity. For example, cloud providers may be able to offer a solution to this complex undertaking ... [Oracle]"
FierceWireless  5G  cyber-spectrum  cybersecurity  opinion 
june 2019 by pierredv
Protecting 5G against IMSI catchers - Ericsson Jun 2017
"IMSI catchers are devices used to intercept wireless traffic and trace subscribers by their long-term identifiers (IMSIs). While the phenomenon is often exaggerated, IMSI catchers do pose a threat to subscriber privacy. On-going 5G standardization done in 3GPP is a golden opportunity to improve subscribers’ privacy by constructing a protocol architecture that protects against IMSI catchers."

"The mobile device needs to transmit its long-term identifier IMSI to the network at times. The concept we propose builds on an old idea that the mobile device encrypts its IMSI using home network’s asymmetric key before it is transmitted over the air-interface."
Ericsson  cyber-spectrum  5G  IMSI-catchers  spoofing 
may 2019 by pierredv
Fighting IMSI catchers: A look at 5G cellular paging security - Ericsson May 2019
"The latest 5G standard includes several new privacy safeguards against IMSI catchers or Stingrays. By design, the new standard protects against privacy attacks in the UPLINK (through a concealed long-term identifier called SUCI). In addition, it also ensures the privacy of paging message distribution in the DOWNLINK. This latest built-in privacy enhancement is the joint effort of many working groups across 3GPP and mitigates the risk of the newest 5G-capable devices being identified or tracked via, for example, side-channel information in 5G cellular paging protocol."

"In one of our earlier blog posts, we wrote about protecting 5G against IMSI catchers, which is a significant privacy enhancement introduced for the 5G standard in the UPLINK direction. . . . In this blog post, we introduce the 5G standard's DOWNLINK privacy enhancements, specifically in the 5G cellular paging protocols."

"While in 4G paging timing was determined based on a long-term identifier (called IMSI), now in 5G they are determined based on a temporary identifier (called 5G-S-TMSI). . . . The effect of this change is that it becomes infeasible for an over-the-air attacker to deduce information about a device's long-term identifier by monitoring the air interface and detecting which paging occasions the device is monitoring. "

"While in 4G, the paging identifier could be either a long-term or a temporary identifier, on 5G networks, it can only be a temporary identifier."

"While in 4G, it is optional to refresh the temporary identifier - the S-TMSI - after paging, on 5G networks it becomes compulsory to refresh the 5G-S-TMSI. "
Ericsson  5G  cyber-spectrum  IMSI-catchers  surveillance  cybersecurity 
may 2019 by pierredv
The radio navigation planes use to land safely is insecure and can be hacked | Ars Technica May 2019
Radios that sell for $600 can spoof signals planes use to find runways.

"Like many technologies built in earlier decades, the ILS was never designed to be secure from hacking. Radio signals, for instance, aren’t encrypted or authenticated. Instead, pilots simply assume that the tones their radio-based navigation systems receive on a runway’s publicly assigned frequency are legitimate signals broadcast by the airport operator. This lack of security hasn’t been much of a concern over the years, largely because the cost and difficulty of spoofing malicious radio signals made attacks infeasible.

Now, researchers have devised a low-cost hack that raises questions about the security of ILS, which is used at virtually every civilian airport throughout the industrialized world. Using a $600 software defined radio, the researchers can spoof airport signals in a way that causes a pilot’s navigation instruments to falsely indicate a plane is off course. "

"... all are careful to note that this kind of spoofing isn't likely to cause a plane to crash in most cases. ILS malfunctions are a known threat to aviation safety, and experienced pilots receive extensive training in how to react to them"
aviation  spoofing  cyber-spectrum  ArsTechnica  ILS 
may 2019 by pierredv
FCC Chairman Pai: Private sector should build 5G; security is key issue | FierceWireless
"Looking at the bigger picture, “we believe 5G security issues need to be addressed upfront,” he said in prepared remarks. “Making the right choices when deployment is beginning is much easier than trying to correct mistakes once network construction and operation is well underway. Moreover, decisions that impact 5G security need to be made with the long term in mind. Focusing too heavily on short-term considerations could result in choices that are penny-wise but pound foolish.”"
FierceWireless  5G  security  cyber-spectrum  cybersecurity  FCC  Ajit-Pai 
may 2019 by pierredv
Can I sue because my GPS might be spoofed? | RNTF Apr 2019
The U.S. Supreme Court’s answer seems to be “yes.”

Earlier this year it declined to hear an appeal from Fiat Chrysler and let a class action suit against the company go ahead. The plaintiffs assert that their vehicles were designed without sufficient cyber-security protections.
RNTF  GPS  litigation  liability  cyber-spectrum  cybersecurity 
april 2019 by pierredv
Secure Your Data, But Don't Overlook the Wireless Net | Insight for the Connected Enterprise
having now read the “Cyber-Spectrum Resilience Framework” report myself, I, too agree, that it raises some important issues for consideration by virtually every enterprise that relies on wireless service to support its business
cyber-spectrum  spectrum-vulnerability  cybersecurity 
april 2019 by pierredv
Researchers find 36 new security flaws in LTE protocol | ZDNet
"A group of academics from South Korea have identified 36 new vulnerabilities in the Long-Term Evolution (LTE) standard used by thousands of mobile networks and hundreds of millions of users across the world.

The vulnerabilities allow attackers to disrupt mobile base stations, block incoming calls to a device, disconnect users from a mobile network, send spoofed SMS messages, and eavesdrop and manipulate user data traffic."

"The research team's discoveries aren't exactly new. Several academic groups have identified similar vulnerabilities in LTE over the past years on numerous occasions --July 2018, June 2018, March 2018, June 2017, July 2016, October 2015 ... These vulnerabilities have been the driving force behind efforts to create the new and improved 5G standard --which, unfortunately, isn't that secure either, with some researchers already poking holes in it as well."

"They discovered this sheer number of flaws by using a technique known as fuzzing --a code testing method that inputs a large quantity of random data into an application and analyzes the output for abnormalities, which, in turn, give developers a hint about the presence of possible bugs."

"Because the flaws reside in both the protocol itself and how some vendors have implemented LTE in their devices, researchers believe many other flaws still exist in the real world."
cybersecurity  cyber-spectrum  spectrum-vulnerability  LTE  cellular  vulnerability  fuzzing  hacking 
april 2019 by pierredv
Security flaw in Medtronic heart defibrillators is serious, DHS says, but don't panic - Cyberscoop Mar 2019
"The Department of Homeland Security has issued an advisory warning that a vulnerability in Medtronic heart defibrillators could allow hackers to change the settings in a medical device from within radio range."

"The issue involves Conexus, Medtronic’s radio-frequency protocol that’s used for communication between medical technology such as defibrillators, home monitoring devices and other clinician programming tools. Conexus connections fail to implement any kind of authentication or authorization, according to DHS. That means that, in situations where a product’s radio is activated, outsiders can exploit the connection to read and write memory in the cardiac device."
healthcare  cyber-spectrum  spectrum-vulnerability 
march 2019 by pierredv
Family tracking app leaked real-time location data for weeks - Engadget Mar 2018
"Family tracking apps can be very helpful if you're worried about your kids or spouse, but they can be nightmarish if that data falls into the wrong hands. Security researcher Sanyam Jain has revealed to TechCrunch that React Apps' Family Locator left real-time location data (plus other sensitive personal info) for over 238,000 people exposed for weeks in an insecure database. It showed positions within a few feet, and even showed the names for the geofenced areas used to provide alerts. You could tell if parents left home or a child arrived at school, for instance."

"While the data is safe for now, the incident illustrates a problem with tracking apps as a whole: it's difficult to verify that developers are securing your location info every step of the way. If they don't and there's a breach, it could lead to very real threats that could include physical danger."
Engadget  GPS  surveillance  data-leaks  hacking  spectrum-vulnerability  cyber-spectrum  vulnerability 
march 2019 by pierredv
Breaking LTE on Layer Two -, 2019
Breaking LTE on Layer Two
David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper
Ruhr-Universität Bochum & New York University Abu Dhabi
security  LTE  spectrum-vulnerability  cyber-spectrum 
march 2019 by pierredv
[pdf] Next-generation networks, next-level cybersecurity problems - Positive Technologies
"In preparation for the brave new world of 5G and IoT, the last few years have seen operators make significant CapEx investments in their next-generation networks. However, despite spending billions upgrading from a protocol developed in the 70’s (ss7) to Diameter (4G and 5G), flaws exist that allow an attacker to carry out eavesdropping, tracking, fraud, theft, and worse."
networking  cybersecurity  cyber-spectrum  spectrum-vulnerability  SS7  Diameter  cellular  PositiveTechnologies 
march 2019 by pierredv
SS7 vulnerabilities and attack exposure report, 2018 - Positive Technologies
Via Dale

"This report reveals the results of SS7 security analysis. Signaling System 7 (SS7) is used for exchanging data between network devices in telecommunications networks. While this standard was being developed, only fixed-line operators had access to the SS7 network, so its security was not first on the priority list. Today the signaling network is not isolated, and this allows an intruder to exploit its flaws and intercept calls and SMSs, bypass billing, steal money from mobile accounts, or affect mobile network operability."

"Although new 4G networks use another signaling system, Diameter, SS7 security issues have not been forgotten, because mobile operators should ensure 2G and 3G support and interaction between networks of different generations. Moreover, research shows that Diameter is prone to the same threats. This protocol's vulnerabilities along with possible cross-protocol attacks that use Diameter and SS7 flaws will be outlined in the next report."


"The research has shown that the level of security of mobile communication networks is still low. The overwhelming majority of networks remain vulnerable, which allows criminals to intercept subscribers' voice calls and messages, perform fraudulent operations, and disrupt service availability for subscribers."
SS7  Diameter  spectrum-vulnerability  cyber-spectrum  cybersecurity  telecoms  2G  3G  4G  PositiveTechnologies 
march 2019 by pierredv
ToRPEDO Privacy Attack on 4G/5G Networks Affects All U.S. Carriers | Threatpost | Feb 2019
"Privacy-breaking flaws in the 4G and 5G mobile protocols could allow attackers to intercept calls, send fake amber alerts or other notifications, track location and more, according to a research team from Purdue University and the University of Iowa."

"The researchers uncovered three connected types of attacks that use this paging mechanism. The primary attack, dubbed ToRPEDO (short for TRacking via Paging mEssage DistributiOn), can be used to verify the location of a specific device. Attackers could also inject fake paging messages and mount denial-of-service (DoS) attacks, the team said.

Two other attacks enabled by ToRPEDO, the IMSI-Cracking attack and PIERCER (short for Persistent Information ExposuRe by the CorE netwoRk), allow an adversary to fully uncover the victim’s unique International Mobile Subscriber Identity (IMSI) number, if the phone number is known — opening the door to targeted user location-tracking."

"The TMSI is randomly assigned by the MME and is used to cloak the IMSI from side-channel attacks. The TMSI is supposed to change on a regular basis; however, previous sniffing attacks have been demonstrated that take advantage of the fact that this is not always the case."

"Beyond imprecise location-tracking and device status, ToRPEDO opens the door to much more serious attacks. For instance, once the attacker knows the victim’s paging occasion from ToRPEDO, the attacker can hijack the victim’s paging channel."

"Also, the researchers were able to validate that a tweet mentioning the victim’s Twitter handle triggers paging if the victim sets the Twitter app with push notifications on. This allows the attacker to associate a Twitter persona with a specific phone and phone number – and this likely extends to other services with push notifications, allowing he or she to start building a personal profile of the victim."

"Fortunately, each of the attacks have specific inherent mitigations."

In a paper presented at Mobile World Congress in Barcelona this week, the researchers explained that the issues arise from weaknesses in the cellular paging (broadcast) protocol. They started with the fact that when a mobile device is in its idle, low-power state, it will conserve battery life partly by polling for pending services only periodically.
5G  4G  privacy  IMSI  sniffing  surveillance  cyber-spectrum  spectrum-vulnerability 
february 2019 by pierredv
Researchers Demonstrate Serious Privacy Attacks on 4G and 5G Protocols
A group of academic researchers have revealed a design weakness in the 4G/5G protocol which can be exploited by an attacker to identify the victim's presence in a particular cell area just from the victim's soft-identity such as phone number and Twitter handle. "Any person with a little knowledge of cellular paging protocols can carry out this attack," said Syed Rafiul Hussain, one of the co-authors of the paper, told TechCrunch.

The abstract below from the paper released today called "Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information" specifies the dangers of the discovered vulnerability.
cyber-spectrum  spectrum-vulnerability  4G  5G  CircleID 
february 2019 by pierredv
Cybersecurity for Autonomous Vehicles Must Be a Top Concern for Automakers - IEEE - The Institute Jan 2019
Via Dale, "no mention of jamming, spoofing, and replay attacks"

"Auto manufacturers have begun taking steps to mitigate cybersecurity risks in their autonomous vehicles."

Problems identified:
= lack of consensus
= standards needed
automobile  cyber-spectrum  cybersecurity  IEEE 
february 2019 by pierredv
Ericsson: Expired certificate caused O2 and SoftBank outages | ZDNet Dec 2018
"An expired certificate was the cause of a data outage across O2 and SoftBank mobile services in the United Kingdom and Japan, respectively, Ericsson has revealed."

"The issue affected nodes in the core networks of customers using two software versions of the Serving GPRS Support Node - Mobility Management Entity (SGSN-MME)"

O2  Ericsson  cyber-spectrum  spectrum-vulnerability  outages 
february 2019 by pierredv
DHS admits rogue stingrays in Washington, DC. - TechSpot, Apr 2018
In a letter obtained by the Associated Press from the Department of Homeland Security to Senator Ron Wyden (D-Oregon), the United States government formally acknowledges they have found unauthorized IMSI catchers in different parts of Washington DC and possibly other areas of the country.

IMSI catchers, commonly known as stingrays, are most commonly used by the FBI and other law enforcement agencies around the country to locate a particular phone by essentially acting as a legitimate cell tower that the targeted phone attaches to. Stingrays also have the capability to intercept text messages and even phone calls.

"Overall, [DHS' National Protection and Programs Directorate] believes the malicious use of IMSI catchers is a real and growing risk," wrote acting undersecretary, Christopher Krebs.
TechSpot  cyber-spectrum  spectrum-vulnerability  cybersecurity  StingRay 
february 2019 by pierredv
Mystery of Blocked Key Fobs at Parking Lot 'Likely' Solved, Canadian Ministry Says
In a Facebook post on Friday, Westview characterized the fob-blocking culprit as “faulty consumer electronic equipment stuck in transmit mode in the are.” The co-op added, “We want to communicate that this was NOT the result of any intentional criminal activity, or any other activity that was speculated.”
Gizmodo  interference  security  cyber-spectrum  cybersecurity  spectrum-vulnerability  automobile  hacks 
february 2019 by pierredv
3G & 4G Networks Are Prone to Stingray Surveillance Attacks - Jul 2017
"3G and 4G LTE devices deployed worldwide have a critical security vulnerability that could be used by Stingray devices, security researchers revealed at the Black Hat Conference in Las Vegas. Researchers said all the modern and high-speed networks have a protocol flaw that enables mobile devices to connect with the cell operator, allowing attackers to track and monitor users."

"Many believe that the modern protocols, unlike 2G, protect users against easy-to-use tracking and surveillance. However, latest research reveals a flaw in the authentication and key agreement, which enables a phone to communicate securely with the user’s cell network."

"While this flaw doesn’t reportedly allow attackers to intercept calls or messages, it does enable them to monitor consumption patterns and track the phone location."
StingRay  IMSI-catcher  3G  4G  cellular  spectrum-vulnerability  cyber-spectrum  spoofing 
february 2019 by pierredv
New security flaw impacts 5G, 4G, and 3G telephony protocols | ZDNet, Jan 2019
"A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards."

"Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols."

According to "a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year. ..., the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks."

"Instead of intercepting mobile traffic metadata, this new vulnerability reveals details about a user's mobile activity, such as the number of sent and received texts and calls, allowing IMSI-catcher operators to create profiles for each smartphone holder."

"For example, two other academic studies from French and Finnish researchers also found that IMSI-catcher attacks are still possible against the upgraded 5G-AKA protocol, despite 3GPP's claims."
ZDNet  cyber-spectrum  cybersecurity  spectrum-vulnerability  3G  4G  5G  StingRay  IMSI-catchers  3GPP 
february 2019 by pierredv
Opinion | If 5G Is So Important, Why Isn’t It Secure? - The New York Times, Jan 2019
"The Trump administration’s so-called “race” with China to build new fifth-generation (5G) wireless networks is speeding toward a network vulnerable to Chinese (and other) cyberattacks. So far, the Trump administration has focused on blocking Chinese companies from being a part of the network, but these efforts are far from sufficient. We cannot allow the hype about 5G to overshadow the absolute necessity that it be secure."

"Shortly after taking office, the Trump F.C.C. removed a requirement imposed by the Obama F.C.C. that the 5G technical standard must be designed from the outset to withstand cyberattacks. For the first time in history, cybersecurity was being required as a forethought in the design of a new network standard — until the Trump F.C.C. repealed it. The Trump F.C.C. also canceled a formal inquiry seeking input from the country’s best technical minds about 5G security, retracted an Obama-era F.C.C. white paper about reducing cyberthreats, and questioned whether the agency had any responsibility for the cybersecurity of the networks they are entrusted with overseeing."
NYTimes  Tom-Wheeler  cyber-spectrum  cybersecurity  5G  cellular 
january 2019 by pierredv
Yes, you can remotely hack factory, building site cranes. Wait, what? • The Register
"Did you know that the manufacturing and construction industries use radio-frequency remote controllers to operate cranes, drilling rigs, and other heavy machinery? Doesn't matter: they're alarmingly vulnerable to being hacked, according to Trend Micro."

"In addition to basic replay attacks, where commands broadcast by a legitimate operator are recorded by an attacker and rebroadcast in order to take over a targeted plant, attack vectors also included command injection, "e-stop abuse" (where miscreants can induce a denial-of-service condition by continually broadcasting emergency stop commands) and even malicious reprogramming. During detailed testing of one controller/receiver pair, Trend Micro researchers found that forged e-stop commands drowned out legitimate operator commands to the target device."

"Just to keep site managers' blood pressure high, Trend Micro highlighted that not only could script kiddies carry out some of these types of attack against industrial plants, a remote attacker could achieve persistent access by using a battery-powered cellular modem dropped off at a quiet part of a site with a drone."
TheRegister  hacking  cyber-spectrum  vulnerability  cybersecurity 
january 2019 by pierredv
APNewsBreak: US suspects cellphone spying devices in DC, Apr 2018
"For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages."

Christopher Krebs, DHS, “noted in the letter that DHS lacks the equipment and funding to detect Stingrays”

"Every embassy “worth their salt” has a cell tower simulator installed, Turner said. They use them “to track interesting people that come toward their embassies.” The Russians’ equipment is so powerful it can track targets a mile away, he said."

"Shutting down rogue Stingrays is an expensive proposition that would require wireless network upgrades the industry has been loath to pay for, security experts say. It could also lead to conflict with U.S. intelligence and law enforcement."
surveillance  security  privacy  sellular  StingRay  cellular  cyber-spectrum 
january 2019 by pierredv
How spies can use your cellphone to find you – and eavesdrop on your calls and texts, too - The Washington Post, May 2018
"The letter [from the Department of Homeland Security to Sen. Ron Wyden (D-Ore.)], dated May 22 and obtained by The Washington Post, described surveillance systems that tap into a global messaging system that allows cellular customers to move from network to network as they travel. The decades-old messaging system, called SS7, has little security, allowing intelligence agencies and some criminal gangs to spy on unwitting targets — based on nothing more than their cellphone numbers."

"Researchers say that SS7 tracking systems around the world now create millions of “malicious queries” — meaning messages seeking unauthorized access to user information — each month."

"Firewalls installed by carriers in recent years block many of the malicious queries, but many others are successful in eliciting unauthorized information from cellular carriers worldwide."

"Criminals last year used SS7 to intercept security codes that a bank texted to its customers in Germany, allowing the criminals to steal money from accounts, according to news reports."

"Carriers worldwide have gradually added better security, but SS7 does not have any way to verify that carriers sending data requests are who they claim to be. The firewalls increasingly installed by carriers, meanwhile, protect their own customers but typically not people who are roaming on the network, said Engel, the German researcher who first reported the security and privacy risks of SS7."

"DHS, which declined to comment for this article, issued a report on SS7 cellphone security in April 2017 that noted the risk to federal personnel"

"The DHS report recommended that carriers adopt new protections. An FCC group, the Communications Security, Reliability and Interoperabilty Council, issued recommendations for improving SS7 security in March 2017 that U.S. carriers have largely adopted

CSRIC recos, see

FCC, Communications Security, Reliability and Interoperability Council,
WORKING GROUP 10: Legacy Systems Risk Reductions Final Report(Mar. 2017)
WashingtonPost  cybersecurity  cellular  cyber-spectrum  SS7  crime 
december 2018 by pierredv
New 4G, 5G Network Flaw 'Worrisome' Oct 2017
"4G and 5G wireless networks' Evolved Packet Core (EPC) architecture can be exploited to intercept and collect mobile data as well as launch denial-of-service (DoS) attacks, according to new research. "
4G  5G  cybersecurity  cyber-spectrum 
december 2018 by pierredv
Opinion | Our Cellphones Aren’t Safe - The New York Times, Dec 2018
America’s cellular network is as vital to society as the highway system and power grids. Vulnerabilities in the mobile phone infrastructure threaten not only personal privacy and security, but also the country’s. According to intelligence reports, spies are eavesdropping on President Trump’s cellphone conversations and using fake cellular towers in Washington to intercept phone calls. Cellular communication infrastructure, the system at the heart of modern communication, commerce and governance, is woefully insecure. And we are doing nothing to fix it.
technology  security  privacy  NYT  EFF  opinion  cyber-spectrum  cellular 
december 2018 by pierredv
Lessons from the O2 Network Outage: The Real Cost of Manual Processes, Juha Holkkola Dec 2018
"While the finding that network downtime constitutes 93.5% of the real total cost of manual network management steps was a real eye-opener, these numbers reveal an even more interesting finding. That is, if one invests 20 million into automating the propagation of human errors, the chances are that the cost of downtime can greatly exceed the value of the actual automation investment itself. "
spectrum-vulnerability  denial-of-spectrum  cyber-spectrum  CorcleID  O2  hacking 
december 2018 by pierredv
Connected Vehicle Security Vulnerabilities | IoT Security Headlines, Mar 2018
"In the history of mandatory regulation of computerized vehicles, an E-Letter entitled, “Black box is not safe at all,” was published in Science [1] in 2017. It mentioned that on-board diagnostics (OBD-II) specifications were made mandatory for all cars sold in the United States in 1996. The European Union made European OBD (EOBD) mandatory for all gasoline (petrol) vehicles sold in the European Union starting in 2001."
cyber-spectrum  automobile  transportation  spectrum-vulnerability  cybersecurity  hacks  jamming  spoofing 
december 2018 by pierredv
O2 4G data network restored after day-long outage - BBC News, Dec 2018
“Ericsson UK boss Marielle Lindgren said the "faulty software" that had caused the issues was being decommissioned. … Ericsson said there had been network disruption for customers in multiple countries. Ericsson president Börje Ekholm … said "an initial root cause analysis" had indicated that the "main issue was an expired certificate in the software versions installed with these customers".”
BBC  Ericsson  cellular  O2  cyber-spectrum 
december 2018 by pierredv
Outages show the need to think clearly about national security | PolicyTracker: Dec 2018
"On Thursday, millions of smartphone users in the UK lost their data services after the O2 network suffered technical problems. While the problem only lasted a day, it was one of the biggest mobile network outages because it hit the many external services that rely on the operator’s data network."

"The blackout raises questions over the future of mission-critical applications. What will happen when 5G networks underpin a country’s water supply, electricity grid, emergency services and even self-driving cars?"

"Isn’t it time for an evidence-based approach to the security of networks, based on independent testing of equipment from companies which are prepared to cooperate? Anything else looks suspiciously like a backdoor way of damaging potential competitors."
PolicyTracker  cyber-spectrum  cybersecurity  cellular 
december 2018 by pierredv
Cybersecurity for Mobile Financial Services: A Growing Problem, CGAP Nov 2018
"... industrial-grade PIN harvesting is supplanting these slow approaches to obtaining individual PINs. There are many opportunities to acquire DFS account numbers and the associated PINs without ever meeting (or even knowing) the person whose money is being stolen. USSD is the most common form of access to mobile money services in developing countries, and it does not offer much protection for these sensitive credentials. Credentials can be collected in a number of ways that providers and policy makers should be aware of."
cyber-spectrum  spectrum  cybersecurity  mobile  cellular  CGAP 
november 2018 by pierredv
[pdf] NPTSC minutes, Sep 2017 GB_Minutes_20170906 - GB_Minutes_20170906.pdf
See especially
Department of Homeland Security (DHS), Science and Technology (S&T),
First Responders Group (FRG), Sridhar Kowdley, Program Manager
Mr. Kowdley reported on the recent 2017 First Responder Electronic Jamming Event
NPSTC  cyber-spectrum  denial-of-spectrum 
november 2018 by pierredv
Massive MIMO Will Create More Wireless Channels, But Also More Vulnerabilities - IEEE Spectrum, Nov 2018
"As wireless communications systems have to accommodate an ever-increasing number of data transfers, a lack of sufficient protocols for ensuring that data is transferred to the correct user could leave systems open to an attack."

"A major constraint of this approach, especially as the number of communication channels for each base station continues to grow, is the limited number of pilots available. Sometimes, users must be assigned the same pilot sequence, which can interfere with the proper transfer of data and lead to poor system performance. This is called pilot contamination. But this contamination can also be harnessed by an attacker to purposely interfere with data transfers. "

"when an attacker is close to the base station, within 300 meters or closer, he or she can impose their own pilots strongly enough to reduce the total transmission rate of a massive MIMO system by more than 50 percent"

"Pilot contamination can also be used to siphon off data transfers if the attacker’s pilot signals are strong enough, threatening the privacy of wireless communications. "
IEEE-Spectrum  spectrum  cybersecurity  cyber-spectrum  MIMO 
november 2018 by pierredv
Physical layer security in wireless networks: a tutorial - IEEE Journals & Magazine
Wireless networking plays an extremely important role in civil and military applications. However, security of information transfer via wireless networks remains a challenging issue. It is critical to ensure that confidential data are accessible only to the intended users rather than intruders. Jamming and eavesdropping are two primary attacks at the physical layer of a wireless network. This article offers a tutorial on several prevalent methods to enhance security at the physical layer in wireless networks. We classify these methods based on their characteristic features into five categories, each of which is discussed in terms of two metrics. First, we compare their secret channel capacities, and then we show their computational complexities in exhaustive key search. Finally, we illustrate their security requirements via some examples with respect to these two metrics.

wireless  Spectrum  cybersecurity  cyber-spectrum 
november 2018 by pierredv
Securing the spectrum - why information management alone won’t keep a 4iR world safe - The Deployable Fourth Industrial Revolution - QinetiQ April 2018
Dr Anil Shukla, Fellow and Principal Consultant
12 Apr 2018

See also

" as infrastructure providers delve deeper into the 4iR toolbox ... They should"
= Recognise that spectrum resilience is inherently linked to traditional information cyber effects
= Test spectrum resilience against approved frameworks
= Require organisations to report spectrum attacks in the same way they have to report data security breaches
Qinetiq  cybersecurity  Spectrum  cyber-spectrum  denial-of-spectrum 
november 2018 by pierredv
Whitepaper: What does the UK need to do to pursue its spectrum resilience objectives? - QinetiQ Jan 2018
Dr. Anil Shukla
26 Jan 2018

See also

Radio spectrum access is critical. It underpins the UK’s economy and provides significant social value through the range of applications it supports.
spectrum  cybersecurity  Qinetiq  cyber-spectrum  denial-of-spectrum 
november 2018 by pierredv
New SPF Report: Cyber-Spectrum Resilience-Framework
"New UK Spectrum Policy Forum paper identifies 10-step Cyber-Spectrum Resilience Framework for spectrum users to minimise the spectrum threat to their businesses and contribute to the overall national cyber resilience strategy."

To help keep spectrum-using systems safe, the paper includes the below ten-point checklist for spectrum users, managers and installers:

1. Spectrum Audits: Do you know what frequencies you are using and why?
2. Impact assessment: Do you know what would the impact be on your business if you lost access to spectrum?
3. Detect/Monitor/Record: Are you checking the availability and usage of your frequencies?
4. Respond and Recover: Have you got a plan for getting back to business as usual after an interruption to your spectrum access?
5. Reporting: How and when do you report disruption?
6. Practice: Have you stress tested your system and your response and recovery plans?
7. Awareness: Are your staff aware of potential threats to spectrum availability?
8. Update: Do you implement regular updates?
9. Qualified personnel: Do you ensure that you are using suitably qualified personnel (SQP) to configure and control your systems?
10. Board responsibility: Do your Directors take responsibility for spectrum resilience?
cybersecurity  spectrum  UK  SPF-SpectrumPolicyForum  QinetiQ  cyber-spectrum  denial-of-spectrum 
september 2018 by pierredv
A $225 GPS spoofer can send sat-nav-guided vehicles into oncoming traffic * | Ars Technica Jul 2018
Paper at

"A new proof-of-concept attack demonstrates how hackers could inconspicuously steer a targeted automobile to the wrong destination or, worse, endanger passengers by sending them down the wrong way of a one-way road. The attack starts with a $225 piece of hardware that’s planted in or underneath the targeted vehicle that spoofs the radio signals used by civilian GPS services. It then uses algorithms to plot a fake “ghost route” that mimics the turn-by-turn navigation directions contained in the original route. Depending on the hackers’ ultimate motivations, the attack can be used to divert an emergency vehicle or a specific passenger to an unintended location or to follow an unsafe route. The attack works best in urban areas the driver doesn’t know well, and it assumes hackers have a general idea of the vehicle’s intended destination."

"While the proof-of-concept attack is attention-grabbing, a variety of things significantly limit its effectiveness in the real world. "
1) "physical spoofer be in close proximity to the navigation device"
2) " works best when attackers have a general idea of the targeted vehicle’s intended destination"
#) "attacks aren’t nearly as successful in rural or suburban areas or against people who are familiar with the area in which they’re traveling"
ArsTechnica  GPS  spoofing  cybersecurity  navigation  spectrum-vulnerability  cyber-spectrum 
july 2018 by pierredv

Copy this bookmark:

to read