Tag Archive for Wi-Fi

Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes BanksLost in last month’s hub-bub over WannaCry ransomware was the revelation that hackers had successfully exploited the SS7 “flaw” in January 2017. In May reports surfaced that hackers were able to remotely pilfer German bank accounts by taking advantage of vulnerabilities in Signaling System 7 (SS7). SS7 is a standard that defines how to public phone system talks to itself to complete a phone call.

Telephone system Signaling System 7 The high-tech heist was initially reported by the German newspaper Süddeutsche Zeitung (auf Deutsch). The attack was  a sophisticated operation that combined targeted phishing emails and SS7 exploits to bypass two-factor authentication (2FA) protection. This is the first publicly known exploit of SS7 to intercept two-factor authentication codes sent by a bank to confirm actions taken by online banking customers.

According to ars technica the attack began with traditional bank-fraud trojans. These trojans infect account holders’ computers and steal the passwords used to log in to bank accounts. From there, attackers could view account balances, but were prevented from making transfers without the one-time password the bank sent as a text message. After stealing the necessary login details via phishing emails, the perpetrators leveraged the SS7 flaw to intercept the associated mTAN (mobile transaction authentication numbers) authentication codes sent to the victims — messages notifying them of account activity — to validate the transactions and remain hidden, investigators say.

Central office equipmentGerman Telecommunications giant O2-Telefonica confirmed details of the SS7-based cyber attacks to the newspaper. Ars says, in the past, attackers have obtained mTANs by obtaining a duplicate SIM card that allows them to take control of the bank customer’s phone number. SS7-facilitated compromises, by contrast, can be done remotely on a much larger quantity of phone numbers.

O2 Telefonica confirmed to Help Net Security that the attackers were able to gain access to the network of a foreign mobile network operator in January 2017. The attackers likely purchased access to the foreign telecommunications provider – this can apparently be done for less than 1,000 euros – and have set up call and SMS forwarding.

Ford Road CO in Dearborn Mi is the Oregon officeTwo-factor authentication (2FA) is a security process in which the user provides two authentication factors to verify they are who they say they are.  2FA provides an extra layer of security and makes it harder for attackers to gain access to a person’s devices and online accounts, because knowing the victim’s password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users’ data from being accessed by hackers who have stolen a password database or used phishing campaigns to get users’ passwords.

News of the incident prompted widespread concern online. Security advocates railed against the popular and continuous use of text messages to authenticate account information while growing evidence suggests that SS7 is an unsafe channel to deliver such data. Security experts told ars that the same SS7-centric hacking techniques used against German banks will become increasingly prevalent in the future, forcing organizations to reconsider how they authenticate user activity.

Cris Thomas, a strategist at Tenable Network Security warns in the article:

Two-factor authenticationWhile this is not the end of 2FA, it may be the end of 2FA over SS7, which comprises a majority of 2FA systems … Vulnerabilities in SS7 and other cellular protocols aren’t new. They have been presented at security conferences for years … there are other more secure protocols available now that systems can switch to…

Cyber security researchers began issuing warning about this flaw in late 2014 about dangerous flaws in SS7. I wrote about the SS7 flaw in September of 2016  and in March 2107. Maybe this will be the wake up call for the carriers. One industry insider quipped:

This latest attack serves as a warning to the mobile community about what is at stake if these loopholes aren’t closed … The industry at large needs to go beyond simple measures such as two-factor authentication, to protect mobile users and their data, and invest in more sophisticated mobile security.

man-in-the-middle attackIn 2014 security researchers first  demonstrated that SS7 could be exploited to track and eavesdrop on cell phones. This new attack is essentially a man-in-the-middle attack on cell phone communications. It exploits the lack of authentication in the communication protocols that run on top of SS7.

Developed in 1975, today, over 800 telecommunications companies around the world, including AT&T (T) and Verizon (VZ), use SS7 make sure their networks interoperate. This technology has not kept up with modern times.  In May 2017, Wired published an article which explains some of the ways to secure SS7. Overcoming SS7 insecurity requires implementing a series of firewalls and filters that can stop the attacks. Researchers Wired spoke to suggest that adding encryption to SS7 would shield network traffic from prying eyes and bolster authentication. Both of these changes are unpopular with the carriers, because they cost money and can impact the network core, so don’t expect any network changes to address the SS7 flaw anytime soon.

Carriers should use SS7 firewall to secure the SS7 networkThe Register reports that the FCC’s Communications Security, Reliability and Interoperability Council found that the proposed replacement for SS7 on 5G networks, dubbed the Diameter protocol has security holes too.

In March 2017, Oregon Sen. Ron Wyden and California Rep. Ted Lieu sent a letter to Homeland Security’s John Kelly requesting that DHS investigate and provide information about the impact of SS7 vulnerabilities to U.S. companies and governmental agencies. Kelly has not responded to the letter, according to the Wired article.

Of course the TLA’s would never use this “flaw” in SS7 to spy on us.

The Guardian says that given that the SS7 vulnerabilities reside on systems outside of your control, there is very little you can do to protect yourself beyond not using the services.

PoliticianThey recommend for text messages, avoiding SMS and instead using encrypted messaging services such as Apple’s (AAPL) iMessage, Facebook‘s (FB) WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network to protect your messages from surveillance.

For calls, the Guardian recommends using a service that carries voice over data rather than through the voice call network. This will help prevent your calls from being snooped on. Messaging services including WhatsApp permit calls. Silent Circle’s end-to-end encrypted Phone service or the open-source Signal app also allow secure voice communications.

protect yourself Your location could be being tracked at any stage when you have your mobile phone on. The only way to avoid it is to turn off your phone or turn off its connection to the mobile phone network and rely on Wi-Fi instead.

Related articles

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Who Owns Ruckus Today?

Who Owns Ruckus Today?Ruckus Wireless was founded in 2004 and supplied Wi-Fi services and equipment to enterprises and service providers. At its peak, it had annual revenues of almost $400 million and more than 1,000 employees. Ruckus was the first firm to roll out enterprise 802.11ac Wave 2 AP. The company’s products powered high-profile public Wi-Fi installations, such as New York City’s LinkNYC.

Ruckus WirelessIn April 2016, San Jose, CA-based Brocade  purchased Ruckus Wireless in a deal worth about $1.5 billion. Brocade is most famous for data center SAN switches and a player on the NFV and SDN scene. Brocade planned to add Ruckus’s Wi-Fi products to its enterprise networking business.

At the time of the purchase, Brocade CEO Lloyd Carney said, “The acquisition will strengthen Brocade’s ability to pursue emerging market opportunities around 5G mobile services, Internet of Things (IoT), Smart Cities, OpenG technology for in-building wireless, and LTE/Wi-Fi convergence,”

BrocadeRuckus changed hands. Irvine, CA based chip maker Broadcom (AVGO), which supplies to phone vendors purchased Brocade for $5.9 billion. But the chipmaker said it plans to divest the Brocade IP networking business that consists of wireless networking, data center switching and software networking offerings.

Brocade CEO Lloyd Carney wrote on the company’s website. “In terms of our IP Networking business, due to competitive overlap with some of Broadcom’s most important customers, Broadcom will seek a buyer for the business.” The Ruckus product line competes with industry titans like Cisco and Apple.

BroadcomBroadcom CEO Hock Tan said in a press release, “… we will find a great home for Brocade’s valuable IP networking business that will best position that business for its next phase of growth.” It seems Broadcom has found a firm willing to take Ruckus off their hands.

FierceCable is reporting that cable set-top box manufacturer Arris (ARRS) is in talks with Broadcom to pay around $1 billion for Brocade’s wireless network edge business – i.e Ruckus Wireless. The article says Arris CFO David Potts told investors that the vendor might transition into serving the wireless needs of its customers. Arris client, Comcast is developing a wireless service based on its MVNO relationship with Verizon.

cable set-top box manufacturer Arris Reports are that Arris does not want  to buy other parts of the business being divested by Brocade. Brocade is reportedly looking for a buyer for the rest of their IP portfolio, which includes data centers, switching and software.

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Do Christmas Lights Slow Wi-Fi?

Do Christmas Lights Slow Wi-Fi?A new holiday tradition is to spread FUD about how your Christmas lights can interfere with your Wi-Fi signal. This year’s holiday Wi-Fi FUD spreader is the UK communications regulator Ofcom. Ofcom hinted that “Fairy Lights” may slow down your 2.4GHz Wi-Fi signal and everyone went crazy.

Christmas treeThe theoretical science says it does. C|Net explains that Wi-Fi uses radio waves. Christmas lights emit a very weak electromagnetic field that can, theoretically, interfere with the radio waves being transmitted from your Wi-Fi router. The more lights, the stronger the electromagnetic field. Also, the closer the lights are to the router, the more it may interfere with the Wi-Fi.

Institute of Electrical and Electronics Engineers Fellow and communications technology consultant Stuart Lipoff, told C|Net how you’re affected really comes down to what type of Christmas lights you use. “The older technology that was used to make the lights blink can indeed cause radio interference. In this case, the lights were arranged into a string of small low voltage incandescent lamps in series with each other. The total number of lamps in the string were such that the combined voltage of all of them was equal to the 110 volts in a typical US home.

Christmas lightsSince most modern Christmas tree lights are based on solid-state LEDs and often use an external electronic flashing controller and do not create radio noise. However, there are some LEDs that have an additional blink controlled chip right inside the LED bulb. It turns out that these devices also create significant radio interference as this internal controller cycles the LED chip from on to off. The reason is somewhat analogous to the spark problem in incandescent blinker bulbs in that when the LED is between fully on and fully off it can exhibit negative resistance that causes it create radio energy.”

Christmas lightsYou can simulate this by taking an AM radio, tuning it to a frequency not in use in your area, and switching something on and off rapidly a few times; you should hear a staticky sound. The same thing can be heard during a lightning storm.

Alina Bradford at C|Net tested the theory and found there was a slight variance, be it ever so slight. She says “the variance isn’t a big deal.”

  • PC World says the real Wi-Fi killers are households items that are on 365 days will disrupt you Wi-Fi a whole lot more than your Christmas lights. Microwaves are the worst of the lot, as it’s basically a metal box that when turned on uses high-powered microwaves at around 2.4 GHz (the same frequency as Wi-Fi) creating a black hole around it for Wi-Fi signals.
    Maytag washing machineOther culprits include ovens, freezers, fridges, washing machines, dishwashers… you name it. If it’s metal and has liquid-filled pipes in it, it’s going to kill your Wi-Fi signal according to Panda security.
    Cordless phones are also problematic, as well, and they’re often more of an issue because you’re more likely to have a portable phone on your desk than a microwave.
    Televisions and speakers are basically just electromagnets, and will hurt Wi-Fi performance when placed directly near a router.
    TelevisionsYour neighbor’s router. Depending on how close your router is to someone else’s, there can be a direct effect on its performance. This might prove to be even more problematic if you live in an apartment, as you could be exposed to different signals from all sides. This means that the more interference that there is, the more your router ups its broadcasting, which causes your neighbor’s router to do the same… which just perpetuates the problem.
    Water pipes can also cause interference, because water absorbs radio waves.
    Walls don’t generate electromagnetic fields, but they do can weaken Wi-Fi signals that pass through (up to 25 dB’s can be lost).
    Humans – Yes, you too are a problem! We humans are 55% – 60% water, which makes us a fantastic absorber of Wi-Fi.

Panda Security also suggests a few things you can do to improve your Wi-Fi.

  • Open your doors – Closed doors could effectively block or degrade wireless signals.
  •  Zenith Space CommandChange your Wi-Fi channel – The typical default is channel 6, your router may do this automatically, but if you change your Wi-Fi channel you may find that there is less interference from other routers near to you. Any two channels separated by five or more do not overlap.
  • Change your Wi-Fi Frequency The most common Wi-Fi frequency is 2.4GHz which is also the most polluted. Try using 5.0 GHz. Like changing your Wi-Fi Channel your router may do this automatically, but if you change your Wi-Fi frequency you may find that there is less interference from other routers near to you. You will need to check your devices to see if they support 5.0 GHz Wi-Fi, some older devices, like Apple iPhone 4’s do not.
  • D-Link DIR-895L/R AC5300 Simultaneous Tri-Band WiFi Broadband Router Place your router in the center of your home a router transmits the signal in all directions, so it makes sense to have it at the center of the home. Unfortunately this isn’t always possible due to the cables that come with it.
  • Check your cables – In general, a shorter and higher quality cable will mean a faster connection speed. Also, it is better to use Ethernet cables from your modem to a separate router than run long phone cables.
  • Invest in a new router – There’s no need to break the bank on a new, fancy router, but some of the newer ones on the market offer a notable boost in signal and speed.
  • Turn your house into a Faraday cage to eliminate all outside sources or electromagnetic pollution, which would also mean no telephone or FM connection.

Of course you should also take precautions to ensure that your Wi-Fi connection is secure by putting a strong password on your router and use a modem security setting like WPA2-PSK (AES).

 

 

Ralph Bach has been in IT for over fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

How Safe Is Your Connected Car?

There will be 250 million wirelessly connected cars on the road by 2020 according to Gartner (IT). The technical prognosticators believe that 60% to 75% of them will be capable of consuming, creating and sharing Web-based data. In light of predictions like these and highly publicized demonstrations of network attacks on cars, Intel (INTC) announced it has established the Automotive Security Review Board (ASRB) to help mitigate cyber-security risks associated with connected automobiles.

An Intel presser says ASRB researchers will perform ongoing security tests and audits intended to codify best practices and design recommendations for advanced cyber-security solutions and products to help the automobile industry and drivers. Intel will publish automotive cyber-security best practices white papers, which the company will update based on ASRB findings. Chris Young, senior vice president and general manager of Intel Security, said in the presser,

We can, and must, raise the bar against cyber-attacks in automobiles … Few things are more personal than our safety while on the road, making the ASRB the right idea at the right time.

It is the right time to secure the networks in cars. A study released by Atlanta-based PT&C|LWG Forensic Consulting Services looked at what made cars vulnerable to attacks.
Robert Gragg, a forensic analyst with PT&C|LWG told CSO cars with the highest risk of cyber threat tended to have the most features networked together, especially where radio or Wi-Fi networks are connected to physical components of vehicles.

Today’s modern automobile uses between 20 and 70 computers, each with its own specialized use. The article explains that engine control units oversee a wide array of electronic sensors and actuators that regulate the engine and maintain optimal performance. Vehicle manufacturers use the generic term “electronic control units” (ECUs) to describe the myriad of computers that manage various vehicle functions.

For example, the author says ECUs control vehicle safety functions, such as antilock brakes and proximity alerts. The ECU ehich governs climate control systems receives temperature data from sensors inside the cabin and use that to adjust air flow, heating and cooling.

Computer systems in cars

Typically, all of a vehicle’s computer systems can be accessed over a vehicle’s controller area network (CAN) via the radio head unit, a computerized system that runs a car’s or truck’s communications and entertainment system.

Many of today’s modern vehicles can be accessed via cellular, Bluetooth or even WiFi connectivity. While no easy task, the CSO article says, once a hacker gains access to the vehicle’s head unit, its firmware can be used to compromise the vehicle’s CAN, which speaks to all the ECUs. Then it’s just a matter of discovering which CAN messages can control various vehicle functions.

These attacks can happen at a distance. PT&C|LWG study estimated minimum distances from which a vehicle could be hacked according to the wireless communication protocol it is using. For example, a passive anti-theft system could be access from 10 meters, a radio data system (or radio head unit) could be hacked from 100 meters, a Bluetooth system could be accessed from 10 meters, a smart key from five to 20 meters and a vehicle equipped with Wi-Fi… well, it could be hacked from anywhere there’s Internet access (rb- I wrote about this vulnerability in 2011).

That may be a problem. Increasingly, car makers are coming out with vehicles that include Wi-Fi routers for Internet connectivity. PT&C|LWG’s Gragg said.

In more advanced vehicles — the ones that have infotainment systems — wireless security and wireless access points are all connected into the navigation system. So those are more susceptible to hacking because there are just more wireless access points … Anything open to wireless capabilities is susceptible to the hacking.

rb-

In May, both General Motors (of ignition switch cover-up infamyy) and the Auto Alliance, the car maker’s lobbyist, testified against a proposed exemption in copyright law that would allow third-party researchers to get access to vehicle software. A decision in that matter could come any day from the U.S. Copyright Office.

Ralph NaderThe Auto Alliance has also threatened to run to Congress should the Copyright Office rule in favor of the researchers to cover-up threats to the consumer, like Volkswagen and GM. The lobbying group calls legitimate researchers attackers in a letter to a Congressional subcommittee investigating the auto industry’s ability to thwart cyber attackers; “Automakers are facing pressure from the organized efforts of technology pirates and anti-copyright groups to allow the circumvention of protected onboard networks, and to provide hackers with the right to attack vehicles carte blanche under the auspices of research”.

This would set a dangerous precedent for devices connected to the Internet of Things (IOT) to be unregulated. If the automakers are successful in their DMCA claims, it would be deadly for everyone on the road too. 

Who remembers “Unsafe At Any Speed“?

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

 

Prevent Pervy Pics

Prevent Pervy PicsFrom the world of unintended consequences, iPhone users have become the victims of a new phenomenon known as cyber-flashing. Reports out of London state that iPhone users are being sent unsolicited and indecent photographs over an Apple feature called AirDrop.

BluetoothAirDrop is a feature on the iPhone, iPad, and Mac computers where users can send files, such as images, to each other at close range up to 33 feet (10 m) via a Bluetooth connection. Apparently even if the receiver rejects the photo, they are still shown an uncensored preview of the image.

AirDrop initially establishes a connection over Bluetooth, but then uses a direct Wi-Fi connection between the two iPhones to send files, making the transfer much quicker.  It’s supported by devices from the iPhone 5 onwards with iOS 7 released back in 2013.

To prevent the pervy pics from appearing on your iDevice, you need to take action. Mark James, security specialist at ESET UK, explains, you have to set your AirDrop settings to “Contacts only” which will only permit AirDrop file transfers from people in your address book or disable AirDrop entirely. He explains that AirDrop is not turned on by default, but it’s easy to set AirDrop to receive from Everyone, and then forget all about it.

ESET explains how to prevent cyber flashing:

  1. On the home screen of your iPhone, swipe up to open the Control Center.
  2. Tap on AirDrop, below the media playback and volume controls.Tap ‘Off’ or ‘Contacts Only’ to prevent files being sent from strangers.

iPhone

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.