Tag Archive for Cell phone

Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes BanksLost in last month’s hub-bub over WannaCry ransomware was the revelation that hackers had successfully exploited the SS7 “flaw” in January 2017. In May reports surfaced that hackers were able to remotely pilfer German bank accounts by taking advantage of vulnerabilities in Signaling System 7 (SS7). SS7 is a standard that defines how to public phone system talks to itself to complete a phone call.

Telephone system Signaling System 7 The high-tech heist was initially reported by the German newspaper Süddeutsche Zeitung (auf Deutsch). The attack was  a sophisticated operation that combined targeted phishing emails and SS7 exploits to bypass two-factor authentication (2FA) protection. This is the first publicly known exploit of SS7 to intercept two-factor authentication codes sent by a bank to confirm actions taken by online banking customers.

According to ars technica the attack began with traditional bank-fraud trojans. These trojans infect account holders’ computers and steal the passwords used to log in to bank accounts. From there, attackers could view account balances, but were prevented from making transfers without the one-time password the bank sent as a text message. After stealing the necessary login details via phishing emails, the perpetrators leveraged the SS7 flaw to intercept the associated mTAN (mobile transaction authentication numbers) authentication codes sent to the victims — messages notifying them of account activity — to validate the transactions and remain hidden, investigators say.

Central office equipmentGerman Telecommunications giant O2-Telefonica confirmed details of the SS7-based cyber attacks to the newspaper. Ars says, in the past, attackers have obtained mTANs by obtaining a duplicate SIM card that allows them to take control of the bank customer’s phone number. SS7-facilitated compromises, by contrast, can be done remotely on a much larger quantity of phone numbers.

O2 Telefonica confirmed to Help Net Security that the attackers were able to gain access to the network of a foreign mobile network operator in January 2017. The attackers likely purchased access to the foreign telecommunications provider – this can apparently be done for less than 1,000 euros – and have set up call and SMS forwarding.

Ford Road CO in Dearborn Mi is the Oregon officeTwo-factor authentication (2FA) is a security process in which the user provides two authentication factors to verify they are who they say they are.  2FA provides an extra layer of security and makes it harder for attackers to gain access to a person’s devices and online accounts, because knowing the victim’s password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users’ data from being accessed by hackers who have stolen a password database or used phishing campaigns to get users’ passwords.

News of the incident prompted widespread concern online. Security advocates railed against the popular and continuous use of text messages to authenticate account information while growing evidence suggests that SS7 is an unsafe channel to deliver such data. Security experts told ars that the same SS7-centric hacking techniques used against German banks will become increasingly prevalent in the future, forcing organizations to reconsider how they authenticate user activity.

Cris Thomas, a strategist at Tenable Network Security warns in the article:

Two-factor authenticationWhile this is not the end of 2FA, it may be the end of 2FA over SS7, which comprises a majority of 2FA systems … Vulnerabilities in SS7 and other cellular protocols aren’t new. They have been presented at security conferences for years … there are other more secure protocols available now that systems can switch to…

Cyber security researchers began issuing warning about this flaw in late 2014 about dangerous flaws in SS7. I wrote about the SS7 flaw in September of 2016  and in March 2107. Maybe this will be the wake up call for the carriers. One industry insider quipped:

This latest attack serves as a warning to the mobile community about what is at stake if these loopholes aren’t closed … The industry at large needs to go beyond simple measures such as two-factor authentication, to protect mobile users and their data, and invest in more sophisticated mobile security.

man-in-the-middle attackIn 2014 security researchers first  demonstrated that SS7 could be exploited to track and eavesdrop on cell phones. This new attack is essentially a man-in-the-middle attack on cell phone communications. It exploits the lack of authentication in the communication protocols that run on top of SS7.

Developed in 1975, today, over 800 telecommunications companies around the world, including AT&T (T) and Verizon (VZ), use SS7 make sure their networks interoperate. This technology has not kept up with modern times.  In May 2017, Wired published an article which explains some of the ways to secure SS7. Overcoming SS7 insecurity requires implementing a series of firewalls and filters that can stop the attacks. Researchers Wired spoke to suggest that adding encryption to SS7 would shield network traffic from prying eyes and bolster authentication. Both of these changes are unpopular with the carriers, because they cost money and can impact the network core, so don’t expect any network changes to address the SS7 flaw anytime soon.

Carriers should use SS7 firewall to secure the SS7 networkThe Register reports that the FCC’s Communications Security, Reliability and Interoperability Council found that the proposed replacement for SS7 on 5G networks, dubbed the Diameter protocol has security holes too.

In March 2017, Oregon Sen. Ron Wyden and California Rep. Ted Lieu sent a letter to Homeland Security’s John Kelly requesting that DHS investigate and provide information about the impact of SS7 vulnerabilities to U.S. companies and governmental agencies. Kelly has not responded to the letter, according to the Wired article.

Of course the TLA’s would never use this “flaw” in SS7 to spy on us.

The Guardian says that given that the SS7 vulnerabilities reside on systems outside of your control, there is very little you can do to protect yourself beyond not using the services.

PoliticianThey recommend for text messages, avoiding SMS and instead using encrypted messaging services such as Apple’s (AAPL) iMessage, Facebook‘s (FB) WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network to protect your messages from surveillance.

For calls, the Guardian recommends using a service that carries voice over data rather than through the voice call network. This will help prevent your calls from being snooped on. Messaging services including WhatsApp permit calls. Silent Circle’s end-to-end encrypted Phone service or the open-source Signal app also allow secure voice communications.

protect yourself Your location could be being tracked at any stage when you have your mobile phone on. The only way to avoid it is to turn off your phone or turn off its connection to the mobile phone network and rely on Wi-Fi instead.

Related articles

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

What You Need To Know About Germs on Your Cell

What You Need To Know About Germs on Your CellOver 2.6 billion Americans now have a cellphone. And they are walking around with some nasty stuff on their phones. I’m not talking about porn or malware, but real viruses. A recent article at Buzzfeed found that most phones are covered with some pretty scary bugs.

Germs on mobile phoneTo prove the point, the author took swabs of people’s cell phones. She shared her swabs with Dr. Susan Whittier from Columbia University. They found that all phones had germs, bacteria, protozoa, viruses, and fungi on them. Some which are good for us and some are bad for us. The tests reveled that most phones had five kinds of harmless germs from the skin, mouth, nose, and the environment.

Staphylococcus epidermidis (not aureus): If you were to just swab your skin, this is what you’d find, Dr. Whittier says. It is totally normal and it would get on the phone from regular daily use, like touching it or talking on it.

All phones had germs, bacteria, protozoa, viruses, and fungi on themMicrococcus: This makes up the normal skin flora, especially on the face, Dr. Whittier says. Everyone has different skin bacteria, it depends on the person. It can get on your phone if you touch your face a lot or talk on it often.

Streptococcus viridians: This bug lives in the mouth and throat, so it’ll get on your phone from talking or from your fingers after touching your lips, after coughing, etc. It’s usually harmless, but it can also cause infections at in vulnerable people.

Swab cell phones for germsMoraxella: This is from sinuses and it’s often found in people with recurrent sinusitis or post-nasal drip. In high levels it can cause inner ear and bloodstream infections. It’s still a pretty normal thing to find on a phone.

Bacillus: Bacillus is a common bacteria from the environment, so it’s basically a sign that you’ve been outdoors. A lot of Bacillus means the phone is super dirty.

Now the bad news, pathogens – potentially disease-causing strains of bacteria – were found on some of the phones tested. This is alarming. Think: salmonella, Ebola, bird flu, etc.

MRSA, the flesh eating bacteriaThe most dangerous bug found on a phone was MRSA. MRSA, the flesh-eating bacteria, is a Staphylococcus aureus bacteria that is resistant to many antibiotics, including methicillin. MRSA can cause serious infections in the skin and internal organs, and can be fatal in vulnerable people. It can spread easily between people and surfaces — often in health care settings, but it can also live on surfaces, like subway handles, doorknobs, community bathrooms and showers, and especially gyms.

Columbia’s Whittier explained, “It’s a little worrisome for a phone to test positive for MRSA because it isn’t part of our normal flora”. We also know that MRSA loves to lurk on gym equipment and locker rooms, so it’s not completely abnormal to have it on your phone. About half the population carries Staph aureus with no problems. But this also makes it easy to spread between people and cause disease. Dr. Whittier warns that if Staph aureus gets into an open wound it can cause major skin and blood infections, which can result in boils, food poisoning, toxic shock syndrome, and even death.

E.Coli bacteriaPoop. You’ve heard of E. coli. E. coli outbreaks have shut down  restaurants like Chipolte and has caused many supermarket food recalls. It was found on mobile phones. It’s a fecal organism, so it’s usually found in poop but it can also live in the gastrointestinal tract along with other gut bacteria. Buzzfeed reports there are different types of E. coli, and some strains are way more pathogenic than other ones.  E. coli has the potential to cause serious food poisoning and even death.

E, coli infections spread through the fecal-oral route. You will get sick if you touch your mouth with contaminated hands after using the bathroom or touching fecal matter. Turns out this is very common. In 2015 Verizon found that 90% of cell phone users use their mobile phone in the bathroom. A 2013 study by Michigan State University found that just 5% of people properly washed their hands after using the bathroom.

Don't use your cell phone in the tioletThe Columbia MD warns this is why you shouldn’t bring your phone to the bathroom or use it while eating. E. coli on a phone could be from the person’s stool if they didn’t wash their hands or another person’s stool if the phone went into a public bathroom because fecal matter sprays everywhere when the toilet flushes

What to do? Even if you’re an avid hand-washer, your phone can still be picking up germs all day long. The Buzzfeed article makes two recommendations to keep you phone safe. Keep your mobile phone out of the bathroom (where gross stuff like Norovirus lurks). And don’t use your cell phone while you’re eating, since that can transmit bacteria and viruses to your mouth and get you sick.

How can you keep those nasty bugs off your phone? The article recommends cleaning your phone once a week using this magical “phone soap.” It’s not actually soap — it’s a charger box that shoots out UV lights that “kill 99.9% of germs using UV rays” at Amazon.

rb-

Wash your handsBack in 2013, I wrote about dirty mobile phones spreading Ebola here.

The advice from 2012 on how to disinfect you cell is still the same in 2016. Use a soft, slightly damp, lint-free cloth. Avoid getting moisture in openings. Don’t use window cleaners, household cleaners, aerosol sprays, solvents, alcohol, ammonia, or abrasives to clean iPhone. The front and back glass surfaces have an oleophobic coating. To remove fingerprints, wipe these surfaces with a soft, lint-free cloth. The ability of this coating to repel oil will diminish over time with normal usage, and rubbing the screen with an abrasive material will further diminish its effect and may scratch the glass.

 

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

What Happens To Old Smartphones

What Happens To Old SmartphonesThe Business Insider has some new stats on what happens to old smartphones, when people are done with them. The article says for the most part, they just sit around. The author cites a survey by Gazelle, a site that takes trade-ins of old smartphones, tablets and laptops. As you can see in this chart, 51% of people put old smartphones in a drawer or closet, according to Gazelle’s research.

MarketWatch estimates that all of those old phones sitting around are worth $34 billion. (That’s all phones, not just smartphones.) Companies like Gazelle are trying to get people to sell their smartphones to Gazelle, so it can resell the phones around the world and make a nice profit.

What happens to old smartphones

rb-

I’ve cover electronics recycling a number of times on Bach Seat.

Wireless Charging Market Amped Up

Wireless Charging Market Amped UpThose of us tired of dealing with tangled cord and bulky wall warts may get some relief in the near future. iSuppli Corp. is predicting that a flood of new electronic gizmos with wireless charging capabilities will be inundating the market. The market research firm believes that the global market for wireless charging devices for smart phones like the RIM (RIMM) Torch, tablet computers such as the Apple (AAPL) iPad2 media players like the Apple iPod Touch will drive global market for wireless charging devices to 234.9 million units in 2014, up 65% from 3.6 million in 2010, according to iSuppli.

iSuppli Wireless Charging Units Tina Teng, senior analyst for wireless research at iSuppli told Itnewslink.com, “Over the next five years, wireless charging devices will find their way into an increasing number of applications, including mobile phones, portable media players, digital still cameras and mobile PCs.”

Mobile phones will drive wireless charging acceptance according to Ms. Teng, ” …mobile phones will contribute the largest share of revenue to wireless charging-not only because of the large volume of mobile devices expected to benefit from the technology, but also because of participation by name brands in manufacturing the device, providing much-needed market recognition in the process.”

Evelyn Beatrice Longman--“Genius of Electricity,” 1915, Gilded Bronze, Bedminster, NJ.  Photography Lee sandsteadDespite the optimism, iSuppli believes there are still barriers to widespread adoption of wireless charging. Manufacturers will have to make wireless charging in their devices down to the circuit board level which will drive down costs. The wireless charging industry will need to adopt a common standard to ensure interoperability among products. Currently, all products are proprietary. Skins made by one company, will not work with the charger pad of another. “Until the industry finds a standard to follow, the wireless charging industry will be fragmented, and consumers will hesitate to adopt any solution that could be compromised by the rival companies,” Itnewslink.com quotes Ms. Teng, “However, an open, standardized system will create a healthier competitive environment and prompt manufacturers to join forces-which will enhance consumer awareness and lead to adoption in the markets.”

There are four wireless charging technologies. The wireless charging technologies include Near-field magnetic resistance, Far-field magnetic resistance, Conductive magmatic resistance and Inductive magnetic resistance wireless charging systems.

  • Far-field magnetic resonance, a technology that has raised safety as well as health concerns and for which no commercial products are available for the time being.
  • Inductive wireless charging utilizes the principle of electromagnetic induction where current generated from the induced magnetic field in the receiver coil charges devices is the most widely wireless charging technology adopted by the value chain.  the technology enjoys wide support from semiconductor vendors, device manufacturers, accessories makers as well as retailers according to the Wireless Design and Development web site. The most successful proponent of magnetic induction is Powermat, a Michigan-based company which I wrote about in 2010, that also owned 62 percent share of the wireless charging market as reported by Wireless Design and Development.

iSuppli notes that most companies are not ready with commercial products yet, several high-profile manufacturers are looking at producing wireless charging solutions. The companies include Texas Instruments (TXN) and ST-Ericsson from the semiconductor side; Nokia Corp (NOK) . and Research In Motion Ltd. from the device manufacturer side; and Logitech (LOGI) and Case-Mate from the accessory manufacturer side.

Product-specific wireless charging systems consist of a charger as well as a so-called “skin” or receiver sold for specific devices. These product-specific devices contrast with aftermarket solutions, which are universal chargers and various skins that can be used with multiple consumer electronics. Growth is also projected for aftermarket wireless charging, with revenue rising at a massive five-year Compound Annual Growth Rate (CAGR) of 133.4 percent.

Electrical rats nestrb-

I hate the cluttered cluster of cables on my desk. The wireless chargers should clean up that mess, but until the manufacturers get their act together and build in some interoperability from the factory, they still got a problem.

What do you think?

Is wireless charging a practical technology?

Do you have a wireless charging rig?

 

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.