Tag Archive for Apple

Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes BanksLost in last month’s hub-bub over WannaCry ransomware was the revelation that hackers had successfully exploited the SS7 “flaw” in January 2017. In May reports surfaced that hackers were able to remotely pilfer German bank accounts by taking advantage of vulnerabilities in Signaling System 7 (SS7). SS7 is a standard that defines how to public phone system talks to itself to complete a phone call.

Telephone system Signaling System 7 The high-tech heist was initially reported by the German newspaper Süddeutsche Zeitung (auf Deutsch). The attack was  a sophisticated operation that combined targeted phishing emails and SS7 exploits to bypass two-factor authentication (2FA) protection. This is the first publicly known exploit of SS7 to intercept two-factor authentication codes sent by a bank to confirm actions taken by online banking customers.

According to ars technica the attack began with traditional bank-fraud trojans. These trojans infect account holders’ computers and steal the passwords used to log in to bank accounts. From there, attackers could view account balances, but were prevented from making transfers without the one-time password the bank sent as a text message. After stealing the necessary login details via phishing emails, the perpetrators leveraged the SS7 flaw to intercept the associated mTAN (mobile transaction authentication numbers) authentication codes sent to the victims — messages notifying them of account activity — to validate the transactions and remain hidden, investigators say.

Central office equipmentGerman Telecommunications giant O2-Telefonica confirmed details of the SS7-based cyber attacks to the newspaper. Ars says, in the past, attackers have obtained mTANs by obtaining a duplicate SIM card that allows them to take control of the bank customer’s phone number. SS7-facilitated compromises, by contrast, can be done remotely on a much larger quantity of phone numbers.

O2 Telefonica confirmed to Help Net Security that the attackers were able to gain access to the network of a foreign mobile network operator in January 2017. The attackers likely purchased access to the foreign telecommunications provider – this can apparently be done for less than 1,000 euros – and have set up call and SMS forwarding.

Ford Road CO in Dearborn Mi is the Oregon officeTwo-factor authentication (2FA) is a security process in which the user provides two authentication factors to verify they are who they say they are.  2FA provides an extra layer of security and makes it harder for attackers to gain access to a person’s devices and online accounts, because knowing the victim’s password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users’ data from being accessed by hackers who have stolen a password database or used phishing campaigns to get users’ passwords.

News of the incident prompted widespread concern online. Security advocates railed against the popular and continuous use of text messages to authenticate account information while growing evidence suggests that SS7 is an unsafe channel to deliver such data. Security experts told ars that the same SS7-centric hacking techniques used against German banks will become increasingly prevalent in the future, forcing organizations to reconsider how they authenticate user activity.

Cris Thomas, a strategist at Tenable Network Security warns in the article:

Two-factor authenticationWhile this is not the end of 2FA, it may be the end of 2FA over SS7, which comprises a majority of 2FA systems … Vulnerabilities in SS7 and other cellular protocols aren’t new. They have been presented at security conferences for years … there are other more secure protocols available now that systems can switch to…

Cyber security researchers began issuing warning about this flaw in late 2014 about dangerous flaws in SS7. I wrote about the SS7 flaw in September of 2016  and in March 2107. Maybe this will be the wake up call for the carriers. One industry insider quipped:

This latest attack serves as a warning to the mobile community about what is at stake if these loopholes aren’t closed … The industry at large needs to go beyond simple measures such as two-factor authentication, to protect mobile users and their data, and invest in more sophisticated mobile security.

man-in-the-middle attackIn 2014 security researchers first  demonstrated that SS7 could be exploited to track and eavesdrop on cell phones. This new attack is essentially a man-in-the-middle attack on cell phone communications. It exploits the lack of authentication in the communication protocols that run on top of SS7.

Developed in 1975, today, over 800 telecommunications companies around the world, including AT&T (T) and Verizon (VZ), use SS7 make sure their networks interoperate. This technology has not kept up with modern times.  In May 2017, Wired published an article which explains some of the ways to secure SS7. Overcoming SS7 insecurity requires implementing a series of firewalls and filters that can stop the attacks. Researchers Wired spoke to suggest that adding encryption to SS7 would shield network traffic from prying eyes and bolster authentication. Both of these changes are unpopular with the carriers, because they cost money and can impact the network core, so don’t expect any network changes to address the SS7 flaw anytime soon.

Carriers should use SS7 firewall to secure the SS7 networkThe Register reports that the FCC’s Communications Security, Reliability and Interoperability Council found that the proposed replacement for SS7 on 5G networks, dubbed the Diameter protocol has security holes too.

In March 2017, Oregon Sen. Ron Wyden and California Rep. Ted Lieu sent a letter to Homeland Security’s John Kelly requesting that DHS investigate and provide information about the impact of SS7 vulnerabilities to U.S. companies and governmental agencies. Kelly has not responded to the letter, according to the Wired article.

Of course the TLA’s would never use this “flaw” in SS7 to spy on us.

The Guardian says that given that the SS7 vulnerabilities reside on systems outside of your control, there is very little you can do to protect yourself beyond not using the services.

PoliticianThey recommend for text messages, avoiding SMS and instead using encrypted messaging services such as Apple’s (AAPL) iMessage, Facebook‘s (FB) WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network to protect your messages from surveillance.

For calls, the Guardian recommends using a service that carries voice over data rather than through the voice call network. This will help prevent your calls from being snooped on. Messaging services including WhatsApp permit calls. Silent Circle’s end-to-end encrypted Phone service or the open-source Signal app also allow secure voice communications.

protect yourself Your location could be being tracked at any stage when you have your mobile phone on. The only way to avoid it is to turn off your phone or turn off its connection to the mobile phone network and rely on Wi-Fi instead.

Related articles

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Whose Time Is It?

Whose Time Is It?What time is it? If you looked at the lower right corner of your Windows PC screen, you know what time it is. That is good enough for most people, but followers of the Bach Seat want to know more. How does Microsoft know that time it is? Microsoft and everybody else uses Internet Engineering Task Force (IETF) RFC 7822 standard protocol called Network Time Protocol (NTP).

Network Time ProtocolNTP is one of the oldest Internet protocols still in use. NTP was designed by UMich alum David Mills at the University of Delaware. NTP can maintain time to within tens of milliseconds over the public Internet, and better than one millisecond accuracy on a LAN. Like many other things in the network world, NTP is set up as a hierarchy. At the top of the tree are “Atomic Clocks” (Stratum 0). Corporations, governments and the military run atomic clocks.

USNO NTP Servers

Atomic clocks are high-precision timekeeping devices which use the element cesium, which has a frequency of 9,192,631,770 Hertz. That means it “oscillates” a little over nine billion times a second. Knowing the oscillation frequency and then measuring it in a device creates an incredibly accurate timekeeping mechanism. Atomic clocks generate a very accurate interrupt and timestamp on a connected Stratum 1 computer. Stratum 0 devices are also known as reference clocks.

Stratum 1 – These are computers attached to stratum 0 devices. Stratum 1 servers are also called “primary time servers”.

Stratum 2 – These are computers that synchronize over a network with stratum 1 servers. Stratum 2 computers may also peer with other stratum 2 computers to offer more stable and robust time for all devices in the peer group.

Stratum 3 computers synchronize with stratum 2 servers. They use the same rules as stratum 2, and can themselves act as servers for stratum 4 computers, and so on.

NIST's first atomic beam clockOnce synchronized, with a stratum 1, 2 or 3 server, the client updates the clock about once every 10 minutes, usually requiring only a single message exchange. The NTP process uses User Datagram Protocol port 123. The NTP timestamp message is 64-bits and consist of a 32-bit part for seconds and a 32-bit part for fractional second. 64-bits gives NTP a time scale of 232 seconds (136 years) and a theoretical resolution of 2?32 seconds (233 picoseconds). NTP uses an epoch of January 1, 1900 so the first roll over will be on February 7, 2036.

Microsoft (MSFT) has a mixed history of complying with NTP. All Microsoft Windows versions since Windows 2000 include the Windows Time service (“W32Time”) which was originally implemented to support the Kerberos version 5 authentication protocol. It required time to be within 5 minutes of the correct value to prevent replay attacks. The NTP version in Windows 2000 and XP violates several aspects of the NTP standard. Beginning with Windows Server 2003 and Vista, MSFT’s NTP which was reliable to 2 seconds. Windows Server 2016 can now support 1ms time accuracy.

Atomic clockIn 2014 a new NTP client, ntimed, was started. As of May 2017, no official release was done yet, but ntimed can synchronize clocks reliably under Debian and FreeBSD, but has not been ported to Windows or Apple (AAPL) macOS.

Accurate time across a network is important for many reasons; discrepancies of even fractions of a second can cause problems. For example:

  • Distributed procedures depend on coordinated times to make sure proper sequences are followed.
  • Authentication protocols and other security mechanisms depend on consistent timekeeping across the network.
  • File-system updates carried out by a number of computers depend on synchronized clock times.
  • Network acceleration and network management systems also rely on the accuracy of timestamps to measure performance and troubleshoot problems.
  • Each individual blockchain includes a timestamp representing the approximate time the block was created.

NTP has known vulnerabilities. The protocol can be exploited and used in distributed denial of service (DDoS) attacks for two reasons: First, it will reply to a packet with a spoofed source IP address; second, at least one of its built-in commands will send a long reply to a short request.

More vulnerabilities were recently discovered in NTP. SearchSecurity.com reports that security researcher Magnus Stubman discovered the vulnerability and, instead of going public, took the mature route and privately informed the community of his findings. Mr. Stubman wrote that the vulnerability he discovered could allow unauthenticated users to crash NTPF with a single malformed UDP packet, which will cause a null point dereference. The article explains this means that an attacker could be able to craft a special UDP packet which targets NTP, resulting in an exception bypass that can crash the process. A patch to remediate specific vulnerability — named NTP 4.2.8p9  — was released by the Network Time Foundation Project .

This is a Windows only vulnerability at this time. The author urges anyone running the NTP daemon on a Windows systems to patch it as soon as possible. This particular DoS attack against NTP could incapacitate a time-server and cause havoc in the network. The easiest fix is to apply the NTP patch the article states.

rb-
NTP is important to your network and patching and protecting it should be a priority. The threat to your environment is real. If NTP is not patched, an attacker could take advantage of the chaos created by this vulnerability to hide their tracks since timestamps on files and in logs won’t match.

Way back in the day, when I was a network administrator, I inherited a network where a directory services container was frozen. Seems that time had never been properly set up on the server holding the replica and as time passed, the server time drifted away from network time and at some point we could not make changes or force a replica update. That meant a late night call to professional services to kill the locked objects and then apply DSRepair –xkz (I think) and then re-install an R/O replica.

 

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Can Toshiba Stay in Business?

Can Toshiba Stay in Business?Updated 06-22-2017 – As predicted below, the NYT reports that the Japanese government formed a coalition including the US venture capital firm Bain Capital to buy Toshiba’s microchip division. Estimates are the deal is worth approx. $20 Billion.

Toshiba is being driven to sell off its crown jewel, its microchip business, to stabilize the international giant. The New York Times reports that the stalwart of Japan’s postwar rise as a global industrial giant warned that its has doubts over whether it could stay in business. In a filing in Japan, Toshiba said it wrote off more than $6 billion connected to Westinghouse Electric’s troubled nuclear reactor projects in the United States, had created “substantial uncertainty” over its ability to continue as a going concern.

ToshibaThe Toshiba microchip division is the number two global provider of NAND flash memory. NAND flash memory is a type of non-volatile storage technology that does not need power to retain data. Flash memory is electronic (solid-state) non-volatile computer storage medium that can be electrically erased and reprogrammed.

Toshiba originally invented flash memory in the early 1980s from EEPROM (electrically erasable programmable read-only memory). They introduced it to the market in 1984. Called flash memory, after the flash on a camera, the chips have become an essential building blocks of the modern electronics industry.

WestinghouseThe two main types of flash memory are named after the NAND and NOR logic gates. The individual flash memory cells have internal characteristics similar to those of the corresponding gates.

Where EPROMs had to be completely erased before being rewritten, NAND-type flash memory may be written and read in blocks (or pages) which are generally smaller than the entire device. NOR-type flash allows a single machine word (byte) to be written—an erased location—read independently.

NAND flash memoryThe NAND type operates primarily in memory cards, USB flash drives, some solid-state drives, and similar products for general storage and transfer of data. NAND or NOR flash memory is also often used to store configuration data in many digital products, a task previously made possible by EEPROM or battery-powered static RAM. One key disadvantage of flash memory is that it can only endure a relatively small number of write cycles in a specific block.

Toshiba manufactures its NAND Flash Memories at its Yokkaichi Operations to maintain quality.

Samsung Electronics Co. (005930) is the biggest maker of flash memory chips, followed by Toshiba, SK Hynix and U.S.-based Micron Technology (MU).

many as 12 companies have approached Toshiba with proposalsA sale of Toshiba’s chip business, while offering the business a lifeline, would take away its most successful business — and, more broadly, would represent a shift of a major technology away from Japan, depending on the buyer. The Toshiba sale is still in its early stages, and the NYT say as many as 12 companies have approached Toshiba with proposals. Reports are that Toshiba is asking bidders to value its operations at about $17.6 billion (2 trillion yen), and make at least a 50 percent investment.

One of the better-known suitors is Hon Hai Precision Industry, also known as Foxconn. Foxconn is the assembler of Apple (AAPL) iPhones and is world’s largest contract electronics maker. Foxconn is based in Taiwan but performs most of its manufacturing in mainland China. According to the article Foxconn could pay billions to buy the business.

offered $27 billionSources told Japanese public broadcaster NHK the first round of the Toshiba auction drew 10 offers. Toshiba has narrowed the field of bidders for its chip unit to four: U.S. chipmaker Broadcom (AVGO), a private equity firm Silver Lake Partners which reportedly offered $18 billion; SK Hynix; Western Digital (WDC); and Foxconn (2354), reports say Foxconn offered $27 billion.

Apple is considering teaming up with its supplier Foxconn to bid for Toshiba semiconductor business, Japan’s NHK reported. Apple is considering investing at least several billion dollars to take a stake of more than 20 percent as part of a plan that would have Toshiba keep a partial holding so the business remains under U.S. and Japanese control, NHK reported.

The authors point out Toshiba’s situation is a remarkable turnabout for Japan, a country that once controlled the majority of microchip markets. In the past Japanese companies have banded together to rescue flailing domestic rivals and not let them fold or be acquired by foreigners.

BankersThe article speculates that the Japanese government may cobble together a “team Japan” offer, but the response from potential participants — who would have to explain the spending to shareholders — has been tepid. “It is fundamentally unthinkable that the Industry Ministry would intervene and take some kind of action,” Hiroshige Seko, the industry minister, said at a news conference, further dampening expectations.

Mark Newman, an analyst at Sanford C. Bernstein, argued in a report that Toshiba’s memory business remained valuable enough that selling it amounted to “selling the crown jewels to pay next month’s rent.”

Apple teaming up with its supplier Foxconn to bid for ToshibaJapanese politicians and industry leaders have voiced concerns over Chinese investors’ buying advanced chip production technology; semiconductors and memory are a major priority of China’s industrial policy. That could hinder any deal with Foxconn, said Mr. Newman, of Sanford C. Bernstein.

The worry is that Foxconn “would build huge fabs in China,” Mr. Bernstein said, referring to semiconductor fabrication plants. “The jobs would move to China from Japan, and furthermore China would go after market share at the expense of crushing industry economics, so the U.S., Taiwan, Korea, Japan all get hurt substantially by this arrangement.” Foxconn has been successful in attracting subsidies from the Chinese government to build large-scale production facilities in China.

The article speculates that Foxconn could take the Toshiba technology and manufacture it more cheaply in China. Such a move could drive down pricing for memory, a boon for Apple and low-cost Chinese smartphone makers. But it would also propel China forward in its long push to become internationally competitive in semiconductors. Mr. Newman has warned that competition in NAND chips could heat up next year, creating the possibility of oversupply and putting more pressure on Toshiba’s ability to put in effect next-generation technologies.

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

How Much Code Does It Take?

How Much Code Does It Take?David McCandless from Information is Beautiful tries to answer the question how many millions of lines of code does it take to? For reference, the Visual Capitalist calculates that a million lines of code (MLOC), if printed, would be about 18,000 pages of text. That’s 14x the length of Leo Tolstoy’s War and Peace. The total lines of code to run systems varies widely as Mr. McCandless shows in the infographic.

  • pages of textIt took less than a million lines of code to run the NASA Space Shuttle.
    • It takes less than 5 million lines of code to run the Mars Rover Curiosity.
    • The latest version of the Firefox web browser includes just under 10 million lines of code.
    General Motors’ (GM) Chevy Volt requires just over 10 million lines of code.
    Microsoft (MSFT) Office 2008 for the Apple (AAPL) Mac consists of over 35 million lines of code
    • And it took 50 million lines of code to bring us Microsoft Vista.
    • Finally, all Google (GOOG) services combine for a whopping 2 billion lines – that means it would take 36 million pages to “print out” all of the code behind all Google services. That would be a stack of paper 2.2 miles high!
Courtesy of: Visual Capitalist

 

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Who Owns Ruckus Today?

Who Owns Ruckus Today?Ruckus Wireless was founded in 2004 and supplied Wi-Fi services and equipment to enterprises and service providers. At its peak, it had annual revenues of almost $400 million and more than 1,000 employees. Ruckus was the first firm to roll out enterprise 802.11ac Wave 2 AP. The company’s products powered high-profile public Wi-Fi installations, such as New York City’s LinkNYC.

Ruckus WirelessIn April 2016, San Jose, CA-based Brocade  purchased Ruckus Wireless in a deal worth about $1.5 billion. Brocade is most famous for data center SAN switches and a player on the NFV and SDN scene. Brocade planned to add Ruckus’s Wi-Fi products to its enterprise networking business.

At the time of the purchase, Brocade CEO Lloyd Carney said, “The acquisition will strengthen Brocade’s ability to pursue emerging market opportunities around 5G mobile services, Internet of Things (IoT), Smart Cities, OpenG technology for in-building wireless, and LTE/Wi-Fi convergence,”

BrocadeRuckus changed hands. Irvine, CA based chip maker Broadcom (AVGO), which supplies to phone vendors purchased Brocade for $5.9 billion. But the chipmaker said it plans to divest the Brocade IP networking business that consists of wireless networking, data center switching and software networking offerings.

Brocade CEO Lloyd Carney wrote on the company’s website. “In terms of our IP Networking business, due to competitive overlap with some of Broadcom’s most important customers, Broadcom will seek a buyer for the business.” The Ruckus product line competes with industry titans like Cisco and Apple.

BroadcomBroadcom CEO Hock Tan said in a press release, “… we will find a great home for Brocade’s valuable IP networking business that will best position that business for its next phase of growth.” It seems Broadcom has found a firm willing to take Ruckus off their hands.

FierceCable is reporting that cable set-top box manufacturer Arris (ARRS) is in talks with Broadcom to pay around $1 billion for Brocade’s wireless network edge business – i.e Ruckus Wireless. The article says Arris CFO David Potts told investors that the vendor might transition into serving the wireless needs of its customers. Arris client, Comcast is developing a wireless service based on its MVNO relationship with Verizon.

cable set-top box manufacturer Arris Reports are that Arris does not want  to buy other parts of the business being divested by Brocade. Brocade is reportedly looking for a buyer for the rest of their IP portfolio, which includes data centers, switching and software.

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.