Paul Hardwick: Wireless

T-Mobile Bans Others' Apps On Their Phones.

Fri, 02 Mar 2007 02:53:54 GMT

T-Mobile Bans Others' Apps On Their Phones. cshamis writes "T-Mobile has recently changed their policies and now tell their customers with appropriate data plans and with Java-Micro-App-capable T-Mobile phones: no third-party network applications. You can, of course, still use their incredibly clunky and crippled built-in WAP browsers, but GoogleMaps and OperaMini are left high and dry. Would anyone care to speculate if this move is likely to retain or repel customers?" [Slashdot]

How To Tell If Your Cell Phone Is Bugged.

Wed, 28 Feb 2007 22:56:25 GMT

How To Tell If Your Cell Phone Is Bugged.

Blog Update (February 27, 2007): New! A short free video demonstrating this topic:
Play Via YouTube or Play Via Google Video. More information at this blog entry.

Greetings. A story is making the rounds right now regarding FBI use of cell phones as remote bugs. I originally wrote about this concept in my PRIVACY Forum in 1999 ("Cell Phones Become Instant Bugs!") so the issue is real, but we still need to bring the current saga back down to earth.

This discussion doesn't only relate to "legal" bugs but also to the use of such techniques by illegal clandestine operations, and applies to physically unmodified cell phone hardware (not phones that might have had separate, specialized bugs physically installed within them by third parties).

[Lauren Weinstein's Blog]

Verizon Wireless wins injunction against text spam | CNET News.com

Wed, 28 Feb 2007 22:43:47 GMT

Verizon Wireless said Monday that it has won a permanent injunction against a company it accused of sending text message spam, a significant step in keeping the unsolicited messages off cell phones.

In the judgment, Specialized Programming and Marketing and its owner, Charles Henderson, are prohibited from sending text message spam to Verizon Wireless customers. They are also required to pay damages in excess of $200,000. Verizon Wireless filed the suit after nearly 100,000 text messages were sent to Verizon Wireless customers offering them a prize vacation for a cruise to the Bahamas.

Initially, Verizon Wireless filed the suit against Passport Holidays in October 2005 in U.S. District Court in Trenton, N.J. The mobile operator won a permanent injunction against Passport Holidays in February 2006 to stop the company from sending further spam. Passport also was required to pay $10,000 in damages to Verizon Wireless.

During litigation, Passport Holidays named Specialized Programming and Marketing and Henderson as the company and individual that actually sent the spam that formed the basis for the suit. In February 2006, Verizon Wireless filed an amended complaint naming Specialized Programming and Marketing and Henderson. This latest decision brings the case to a conclusion, Verizon Wireless said.

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Wed, 28 Feb 2007 00:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 22:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

Privacy Concerns a Major Roadblock for Location-based Services Says Survey.

Mon, 26 Feb 2007 23:40:51 GMT

Privacy Concerns a Major Roadblock for Location-based Services Says Survey. "Providers must give users control over location-based features to allay privacy concerns." [GT: Security and Privacy]

Pharming Attack Targeted Bank Customers Worldwide.

Fri, 23 Feb 2007 16:58:49 GMT

Pharming Attack Targeted Bank Customers Worldwide. A pharming attack that targeted online banking customers in the U.S., Europe and Asia-Pacific has been shut down. [PC World: Latest Technology News]

Core CS & Core PS Network High-Level Security Requirements.

Thu, 22 Feb 2007 15:58:10 GMT

Core CS & Core PS Network High-Level Security Requirements. Jamie Fisher submits this extensive white paper on mobile/cellular security network. By Jamie Fisher. [Infosec Writers Latest Security Papers]

Drive-By Pharming Attack Could Hit Home Networks.

Fri, 16 Feb 2007 18:42:34 GMT

Drive-By Pharming Attack Could Hit Home Networks. Rob wrote in with a link to a CBR Online article discussing drive-by pharming, a new exploitation technique developed by Indiana University and Symantec Corporation. While it's not known if the technique is in use 'in the wild', the exploit could easily co-opt the web-browsing habits of a user that had not properly configured their router. "The attack works because most of the popular home routers ship with default passwords, default internal IP address ranges, and web-based configuration interfaces. The exploit is a single line of JavaScript loaded with a default router IP address, a default password, and an HTTP query designed to reconfigure the router to use the attacker's DNS servers." The article goes on to discuss several related and more advanced techniques related to this one, which security companies will have to keep in mind to guard against future attacks. [Slashdot]

New Credit Cards May Leak Personal Information.

Fri, 16 Feb 2007 15:35:47 GMT

New Credit Cards May Leak Personal Information. Many 'contactless' credit cards can leak their owner's name and card number for reading at a distance. [PC World: Latest Technology News]

Privacy and Security Law Blog: Expanded Privacy Obligations for Telecom Carriers and VoIP Providers Under Consideration at the FCC

Thu, 15 Feb 2007 22:21:50 GMT

The FCC is reportedly close to issuing a decision that would modify current rules governing the use, disclosure of, and access to certain information related to telephone subscriber calling records. Current rules require telecommunications carriers to treat this information, known in the industry as customer proprietary network information (CPNI), as confidential and to limit its use and disclosure. CPNI is broadly defined to include information that relates to the quantity, technical configuration, type, destination, location and amount of use of a telecommunications service. Generally speaking this includes call detail records, call volumes, customer account information, billing information, technical information, service destination, and the service plans to which a customer subscribes. Following several high-profile pretexting cases in 2005 which lead to the release of telephone subscriber records the FCC initiated a proceeding to revisit the scope and effectiveness of its current CPNI rules.

Although the FCC has not yet released a decision outlining how it will amend current CPNI regulations, lobbying and advocacy before the agency has been particularly heavy in recent weeks. This renewed activity comes as a result of reports that the FCC will soon adopt an order expanding current CPNI regulations in several ways. While the details of the new measure are still being worked out, reports suggest that the draft order will impose several new obligations on telecommunications carriers. These obligations include the following:

Mobile Attacks Jumped Fivefold in 2006, Study Says.

Wed, 14 Feb 2007 00:14:44 GMT

Mobile Attacks Jumped Fivefold in 2006, Study Says. The number of security attacks reported by mobile phone operators in 2006 jumped fivefold over the year before, a McAfee study reports. [PC World: Latest Technology News]

New Capabilities Drive Cell Phone Security Demands.

Wed, 14 Feb 2007 00:07:48 GMT

New Capabilities Drive Cell Phone Security Demands. The growing functionality of mobile phones is driving demand for new and stronger security products. [PC World: Latest Technology News]

Conference Attendees Drop Ball on Wi-Fi Security.

Sat, 10 Feb 2007 22:55:59 GMT

Conference Attendees Drop Ball on Wi-Fi Security. More than half of the wireless LAN devices being used at this week's RSA Conference on information security are themselves unsecured. [PC World: Latest Technology News]

My health records? Let me check my cell.

Fri, 02 Feb 2007 06:30:05 GMT

My health records? Let me check my cell. Blue Cross of Northeastern Pennsylvania plans next month to allow its 600,000 members to access their health records on cell phones or handheld devices. [Computerworld Privacy News]

Don't fall victim to the 'Free Wi-Fi' scam

Mon, 29 Jan 2007 19:58:24 GMT

The next time you're at an airport looking for a wireless hot spot, and you see one called "Free Wi-Fi" or a similar name, beware -- you may end up being victimized by the latest hot-spot scam hitting airports across the country.

You could end up being the target of a "man in the middle" attack, in which a hacker is able to steal the information you send over the Internet, including usernames and passwords. And you could also have your files and identity stolen, end up with a spyware-infested PC and have your PC turned into a spam-spewing zombie. The attack could even leave your laptop open to hackers every time you turn it on, by allowing anyone to connect to it without your knowledge.

If you're a Windows Vista user, you're especially susceptible to this attack because of the difficulty in identifying it when using Vista. In this article, you'll learn how the attack works and how to keep yourself safe from it if you use Windows XP or Vista.

Payments News: Mobile Malware A Risk - January 22, 2007

Mon, 29 Jan 2007 17:56:59 GMT

TowerGroup has published a new research report titled "Fraud, Virus and ID Theft: Mobile Malware Stands to Create a New Beginning" - saying that as the use of mobile devices for banking and payments increases, incidents of mobile virus and mobile malware are likewise going to be on the upswing.

Computers, Freedom and Privacy - Montreal, May 1-4 2007

Fri, 29 Dec 2006 00:41:06 GMT

Come to CFP2007 in Montreal, May 1-4 2007. There's a lot at stake.

Computers, Freedom and Privacy 2007 - Call For Proposals

Fri, 29 Dec 2006 00:37:58 GMT

Call For Proposals - The deadline for proposals is January 20, 2006

The Program Committee of the Seventeenth Conference on Computers, Freedom, and Privacy (CFP2007) seeks your proposals for innovative conference sessions and speakers.

Cellphones That Track the Kids - New York Times

Thu, 21 Dec 2006 15:47:29 GMT

Let's face it: we're in love with the idea of secret location trackers. In "The Da Vinci Code," the bad guys slap a location-tracking button onto Tom Hanks's clothing. In "The Matrix," a location-tracking scorpion robot crawls into Keanu Reeves's abdomen. In "Total Recall," a tracking device is implanted into Arnold Schwarzenegger's nose.

Many parents may have fleetingly harbored the fantasy of equipping their children with such tracking devices (though perhaps not through their noses or navels). You could find out instantly where your teenager was, or find out that your middle-schooler didn't come home after school because of a rendezvous you forgot about.

But this is one sci-fi gadget that's no longer fi, thanks to advanced sci -- satellite-based tracking based on Global Positioning System (G.P.S.) technology. At least five companies -- Wherify Wireless, Guardian Angel Technology, Disney Mobile, Verizon Wireless and Sprint -- have built G.P.S. tracking into something children carry voluntarily: cellphones.

FCC Won't Release Cell Carrier Reliability Data.

Mon, 18 Dec 2006 21:59:24 GMT

FCC Won't Release Cell Carrier Reliability Data. imuffin writes "MSNBC is reporting that the FCC has been collecting data on the reliability of different cell phone carriers in the US. This data could be invaluable to consumers trying to choose a company to sign a lengthy contract with. Just the same, the FCC won't release the data to consumers, citing national security risks. The data collection on cell services began in 2004, but were simultaneously pulled from public view. FOIA requests to obtain the data have been denied, and commentators feel this is simply for the government's convenience." From the article: "'There is nothing mysterious behind it, it is corporate competition protection,' said [terrorism analyst Roger Cressey] ... 'The only reason for the government to not let these records get out is then one telco provider could run a full-page ad saying 'the government says we're more reliable.'' Cressey added that he couldn't imagine a scenario where the reports would be valuable to terrorists." [Slashdot: Your Rights Online]

Microsoft Tweaks Windows XP Wireless Security.

Thu, 14 Dec 2006 20:03:35 GMT

Microsoft Tweaks Windows XP Wireless Security.

Microsoft last month quietly issued a long-overdue update to fix a simple yet potentially dangerous security weakness in the way embedded wireless cards work on Windows XP laptops.

[...]

This patch did not show up when I ran a Microsoft Update scan on my HP laptop (even under optional updates), but you can manually download and install it from here.

[Security Fix]

TracFone Sues to Block Cellphone Unlocking Exemption.

Thu, 07 Dec 2006 18:28:31 GMT

TracFone Sues to Block Cellphone Unlocking Exemption.

As we reported just before Thanksgiving, the Copyright Office and Library of Congress recently announced a set of new DMCA exemptions, including one that entitles a person to unlock a cellphone without worrying about DMCA liability.

Now prepaid wireless vendor TracFone has sued the Library of Congress to block the new exemption. According to the complaint, filed in federal court in Florida, the grant of the unlocking exemption

(1) violates the Administrative Procedures Act (APA) because the Copyright Office refused to accept TracFone's late submissions;
(2) violates due process; and
(3) violates separation of powers because "the DMCA's delegation of rulemaking authority to the Library of Congress and the Copyright Office is an unconstitutional intra-branch delegation of Congress' legislative responsibilities."

I'll admit I'm intrigued by the third argument, but I imagine people at the Copyright Office are muttering "no good deed goes unpunished" over all this.

[EFF: Deep Links]

How To Tell If Your Cell Phone Is Bugged

Wed, 06 Dec 2006 15:18:13 GMT

How To Tell If Your Cell Phone Is Bugged. Lauren Weinstein writes to point us to his essay on the realities of using an idle cell phone as a bug, as a recent story indicated the FBI may have done in a Mafia case. --- From the essay: "There is no magic in cell phones. From a transmitting standpoint, they are either on or off... It is also true that some phones can be remotely programmed by the carrier to mask or otherwise change their display and other behaviors in ways that could be used to fool the unwary user. However, this level of remote programmability is another feature that is not universal... But remember -- no magic! When cell phones are transmitting -- even as bugs -- certain things are going to happen every time that the alert phone user can often notice." [Slashdot: Your Rights Online]

Congress unlocks US cellphones.

Sat, 25 Nov 2006 02:36:09 GMT

Congress unlocks US cellphones.

But censorware research is illegal, again

The US copyright office will permit mobile phone subscribers to unlock their phones, allowing them to be used by rival network providers.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Cellphone Surveillance.

Sat, 25 Nov 2006 00:15:48 GMT

Cellphone Surveillance.

There has been a spurt of media attention paid to the privacy and surveillance concerns of GPS enabled cellphones:

GPS Surveillance Creeps into Daily Life (New Standard)
Cellphone as Tracker: X Marks Your Doubts (New York Times)
Phone service allows people to track their friends (San Francisco Chronicle)

I don't have a lot of time to comment right now, but this excerpt from the New Standard article sums up much of my concern:

Koroknay-Palicz also sees long-term consequences of this monitoring.

"If we raise kids with no expectation of privacy, then they're going to become adults and voters and people of influence in society with no expectation of privacy," he said. "All the expectations of privacy are going to be eroded by the population of adults who grew up with no privacy and don't see the problem with trading away privacy."

Coney of EPIC agreed that parents are buying the "safety and security" sales pitch without evaluating the bigger picture, including who else has access to the tracking data.

"A parent might think this is a means to know where their child is," Coney told TNS, "but it also may be recorded and retained by the person or the entity that provides the service, and they may use it for their own purposes, because there are no laws out there to... prohibit that from happening."

[michaelzimmer.org]

FCC delivers a swift kick in the Mass(port).

Wed, 22 Nov 2006 04:50:33 GMT

FCC delivers a swift kick in the Mass(port).

Rules for Wi-Fi freedom

Comment In a decision with significant ramifications for the travelling public, the FCC has ruled that the Massachusetts Port Authority (Massport) cannot block a Wi-Fi access point in the Continental Airlines lounge at Boston's Logan International Airport.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

CRM News: Customer Service: Cell Phone Traffic-Tracking Raises Customer Privacy Concerns

Wed, 15 Nov 2006 06:38:12 GMT

"This is your personal information. Shouldn't you have the right to control whether people know where you are?" asked Melissa Ngo of the Washington-based Electronic Privacy Information Center. "When I signed up for a cell phone, I did not sign up to be tracked."

Mobile phones that track your buddies | Tech News on ZDNet

Wed, 15 Nov 2006 06:18:01 GMT

Boost Mobile, a so-called mobile virtual-network operator owned by Sprint Nextel, will offer a two-hour demonstration of buddy-tracking technology created by a start-up called Loopt. The start-up, founded by two Stanford University graduates while they were still students, is the latest to offer a mobile-tracking system that enables people to do things like get a bead on friends' whereabouts.

It certainly won't be the last. For nearly a decade, technology visionaries have talked of a day when people would be able to use their cell phones to get directions, track their friends, keep tabs on their kids or simply find the nearest coffee shop. Now those services are finally starting to take trickle into the marketplace.

Exploit Targets Widely Deployed Wireless Flaw.

Wed, 15 Nov 2006 01:19:41 GMT

Exploit Targets Widely Deployed Wireless Flaw.

A security researcher has released a set of instructions for exploiting a security flaw in the wireless Internet devices built into millions of new laptops from HP, Dell, Gateway and other computer makers. An attacker could use the flaw to take complete control over any vulnerable machine located within a few hundred feet, so be forewarned that reading the rest of this post could make you awfully leery of that guy sitting in the corner booth at Starbucks gleefully clacking away on his laptop.

According to the the latest addition to the Month of Kernel Bugs project, the vulnerability resides in a flawed device driver from Broadcom Corp. that is bundled with many different laptops and built in to some devices made by Linksys and Zonet. The flaw is exploitable on vulnerable Windows machines whether or not the machine is connected to a wireless network. In fact, it is the wireless card's background scan for available wireless networks that apparently triggers the flaw.

Security researcher Johnny "Cache" Ellch said he reported the bug to Broadcom last month, and that the exploit code he released today is tailored to work on a very specific version of the Broadcom driver (Version 3.50.21.10). Still, he said, it appears that every version except a brand new one currently being distributed is vulnerable.

"The exploit only needs to be modified slightly for other versions," Ellch wrote in an online chat conversation with Security Fix.

The Broadcom flaw also highlights a serious set of problems with fixing security vulnerabilities in device-driver software. For starters, who is responsible for shipping a patch? Many different companies use Broadcom chips and rebrand the hardware and drivers as their own. Linksys appears to be the only vendor that has a downloadable update for some of its affected devices. In addition, it's not clear what sorts of mechanisms the PC makers have in place to push updates (should they become available) out to customers.

Apparently, these are questions that a number of security experts are also asking now. In an alert jointly posted today by the Zeroday Emergency Response Team (ZERT is the group that made headlines earlier this year for releasing an unofficial patch to fix a dangerous Windows flaws), the Metasploit Project, the SANS Internet Storm Center and SecuriTeam, the groups explained why writing a one-sized-fits-all patch would not work in this instance.

"Though most of these vendors and manufacturers use the same basic driver, it differs enough that in most cases a single patch just won't cut it," the groups wrote in their alert. "Further, building a patch for all the different drivers from each vendor and all their versions, as well as test against them, is impractical."

Paul Vixie, a ZERT volunteer, said Microsoft's Windows Update and Automatic Update patch deployment network could play a huge role in pushing fixes out to affected machines, but he said that process would likely be complicated and take some time.

"Any way they try to address this is going to be a mess, and moving the fix to the user is going to be a lot like moving water with a fork," Vixie said. "This is dangerous because we know that people who like to do bad things are going to take advantage of this, that's no longer an open question."

There is evidence to suggest the Linksys patch may plug the security hole in certain operating systems, but it's not altogether straightforward and we may not be at the stage where it would be responsible to explain how to do that. I suspect that a number of PC makers will come forward with updates to fix this problem in the coming days and weeks, and Security Fix will point to those as they are made available.

In the meantime, many laptops sold these days come with a button you can push to disable the built-in wireless card. If your laptop came with one of those, it might not be a bad idea to get into the habit of using it.

[Security Fix]

Report: Singapore teen faces 3 years' jail for tapping into another's wireless Internet - iht,asia,Singapore Internet Charges - Asia - Pacific - International Herald Tribune

Mon, 13 Nov 2006 23:57:41 GMT

SINGAPORE: A Singapore teenager has been charged with tapping into someone else's wireless Internet connection, a crime that carries a penalty of up to three years in jail, a newspaper reported Saturday.

Garyl Tan Jia Luo, 17, is the first person to be charged with this crime under the Computer Misuse Act, the Straits Times reported.

The report said Tan is accused of using a laptop computer to gain unauthorized access to a home wireless network on May 13.

The newspaper said a neighbor had apparently lodged a complaint against Luo.

Jailtime For Leeching Wireless?

Mon, 13 Nov 2006 23:54:15 GMT

Jailtime For Leeching Wireless? jginspace writes "A 17-year-old from Singapore is is facing three years' jailtime for accessing his neighbor's wireless network. His neighbor complained and now the unfortunate Tan Jia Luo is facing charges under the computer misuse act and is scheduled to appear in court on Wednesday." [Slashdot: Your Rights Online]

Intel Drafts Privacy License for Mobile Device Software.

Fri, 10 Nov 2006 23:52:30 GMT

Intel Drafts Privacy License for Mobile Device Software.

On the heels of Microsoft's recent release of privacy guidelines for software developers, here's an excellent example of another company working with privacy scholars to try to protect end-user privacy when using location-based mobile devices. From ComptuerWorld:

Intel Drafts Privacy License for Mobile Device Software

Intel Corp. has attached a privacy license to its new location-aware software product, intended to protect cell phone users' personal information as mobile devices increasingly rely on tracking technology to provide targeted services.

Installed on a smart phone or ultramobile PC, location-aware software can use GPS (Global Positioning System) technology to produce tailored information like driving directions, nearby restaurants and movie schedules. The downside of that feature is that handsets can double as tracking devices if location data is not kept private. The abuse of such access could range from civil liberties violations to physical threats in the cases of vulnerable people like battered spouses, Intel fears.

So, Intel has added a privacy addendum to the Eclipse Public License it uses for the software application called Privacy Observant Location System (POLS), according to a posting on Intel's Web site by John Miller, the privacy and security policy manager of Intel's corporate technology group.

The addendum says that vendors must inform the end-user what information is recorded and how long it is stored, and it requires developers to include opt-out capability so users can change those settings, Miller said.

[...]

Intel built this value-conscious design/policy feature by working with the Value Sensitive Design Research Lab at the University of Washington, the Berkeley Center for Law & Technology, and other academics and lawyers.

The challenge, of course, will be enforcement of the policy. As the folks at Intel acknowledge:

Intel faces a continuing challenge as it must convince developers to abide by its privacy initiative. The new addendum is useless if software developers don't obey it, so the company has begun a campaign to build support in the open-source community. Intel has asked members of the Open Source Initiative to refine and adopt the policy as an acceptable amendment to the OSI's standard open-source license, and made available to the open-source community at large.

"We believe that a bottoms-up effort to encourage the development of privacy-sensitive social norms is necessary, and in fact critical, for both privacy and public adoption of the technology," Miller said. "We post this information here with the hope that others will see value in this approach."

[via Pogo Was Right]

[michaelzimmer.org]

Wireless insecurity: do not use the cheerleader defence.

Fri, 10 Nov 2006 02:40:53 GMT

Wireless insecurity: do not use the cheerleader defence.

Don't try this at home, folks

Comment The message boards are alive with misguided advice about wireless networks. Switch off your security, they say: you'll get away with murder.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Intel Drafts Privacy License for Location-Aware Cell Phones.

Fri, 10 Nov 2006 02:25:01 GMT

Intel Drafts Privacy License for Location-Aware Cell Phones. Newly written addendum would prevent mobile electronics from becoming tracking devices by allowing consumers to opt-out. [PC World: Latest Technology News]

Exploit Released for Unpatched Apple Wi-Fi Flaw.

Thu, 09 Nov 2006 01:58:53 GMT

Exploit Released for Unpatched Apple Wi-Fi Flaw.

Update, 4:35 p.m. ET: Lynn Fox over at Apple called back with the following statement:

"We were recently made aware of this security issue in our first generation AirPort card, which has not shipped since October 2003. This issue affects a small percentage of previous generation AirPort enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs. We are currently investigating the issue."

Original Post From Earlier Today:

Security researcher HD Moore today released computer code showing how attackers can exploit an unpatched flaw present in the wireless drivers in some Apple Macintosh computers.

"With all the hype and buzz about the now infamous Apple wireless device driver bugs (brought to attention at Black Hat, by Johnny Cache and David Maynor, covered up and FUD'ed by others), hopefully this will bring some light (better said, proof) about the existence of such flaws in the Airport device drivers," said LMH (the alias of the hacker who runs the Kernelfun blog) -- referring to an Apple wireless driver issue covered by Security Fix earlier this year (the links in the quote are his).

Moore said he tested the exploit on a 1.0Ghz PowerBook running Mac OS X 10.4.8 with the latest updates (Halloween, 2006). "The fastest way to trigger this bug is to place the card into active scanning mode. This can be accomplished by launching Kismac [a wireless network scanning program] with the active scanning driver, or by using the 'airport' utility provided with OS X."

While Apple released updates in September to fix at least three problems in its wireless drivers, there is currently no fix available from Apple for the flaw detailed by Moore.

I exchanged a series of e-mails with Moore today to ask about some of this exploit's more technical details, which can be viewed here for anyone interested. In a nutshell, he says the exploit is somewhat unreliable as written, but that it could be made more so if someone spent a bit more time finessing it. He also said "it may be possible to make this exploit reliable by hammering the Airport driver with requests while triggering the bug."

Moore has since folded the exploit into Metasploit 3.0, a free software tool built to help users exploit security flaws against a variety of operating systems and third-party software applications.

The vulnerability is the first in a series of daily bug details to be released over the next 29 days as part of the "Month of Kernel Bugs" project. LMH said we can expect at least five more Apple kernel bugs to be detailed in the coming days, as well as kernel flaws in Linux, BSD, and Solaris 10 systems.

The "kernel" is probably the most vital and fundamental area of any computer system, as it handles the transfer of information between hardware and software on a machine, among other things. Kernel flaws are serious vulnerabilities, but kernel flaws that are exploitable remotely are extremely dangerous, because an attacker can use them to completely subvert the security of the target machine, usually regardless of the presence of security software or the system privileges of the user account the victim happens to be running at the time.

I put a call in to Apple spokeswoman Lynn Fox and will update this post if I hear back from the company. I also pinged David Maynor from SecureWorks to determine if this was related to the exploit I saw at the BlackHat security conference in Las Vegas this summer, but I've not yet received a response from him either.

I did catch up with Maynor's co-presenter, Johnny "Cache" Ellch, who said the bug Moore released today is unrelated to the flaw detailed at Black Hat.

[Security Fix]

Beaucoup Cell-Phone Security.

Wed, 01 Nov 2006 08:08:33 GMT

Beaucoup Cell-Phone Security. Want a phone that can recognize you and refuse to work if you get too far away from it? A new Japanese mobile phone comes with a security card that doubles as a credit card, and has facial ID capability and password protection. [Wired News: Top Stories]

GPS Phone Tells Others Where You Are.

Wed, 01 Nov 2006 07:51:27 GMT

GPS Phone Tells Others Where You Are. An anonymous reader writes, "According to CNet, a company called Benefon has launched a cell phone with a built in GPS receiver [~] nothing new there. However, this particular GPS cell phone, called the Twig, does something extra. It can send your GPS coordinates to another Twig owner and then that person can navigate directly to you using the preloaded navigation software. Sounds like this could save a lot of time and effort when trying to explain to the in-laws where your new apartment is." The article says that the phone will cost £330 in the UK, or about $625. [Slashdot]

Wi-Fi Exploits Coming to Metasploit

Fri, 27 Oct 2006 11:11:36 GMT

The Metasploit Project plans to add 802.11 (Wi-Fi) exploits to a new version of its point-and-click attack tool, a move that simplifies the way wireless drivers and devices are exploited.

The controversial open-source project, created and maintained by HD Moore, of Austin, Texas, has added a new exploit class that allows modules to send raw 802.11 frames at one of the most vulnerable parts of the operating system.

In recent months, there has been an increase in public awareness around the severity of wireless driver flaws. At the August 2006 Black Hat Briefings in Las Vegas, researchers David Maynor and Jon "Johnny Cache" Ellch showed off a new technique for breaking into computers via Wi-Fi driver vulnerabilities on Windows and Mac systems.

Slashdot | Wi-Fi Exploits Coming to Metasploit

Fri, 27 Oct 2006 11:09:29 GMT

bucksDrop writes "Eweek.com is reporting that the Metasploit Project will add 802.11 (Wi-Fi) exploits to a new version of its point-and-click attack tool. Metasploit 3 will integrate kernel-mode payloads to allow users to use existing user-mode payloads for both kernel and non-kernel exploits. Metasploit is collaborating with Jon 'Johnny Cache' Ellch and implementing it by wrapping the LORCON library."

PC World - T-Mobile Merges Wi-Fi, Cellular

Wed, 25 Oct 2006 21:21:26 GMT

T-Mobile USA is tapping into home broadband to give cellular customers a better deal.

Subscribers to a new service from the Seattle-based mobile operator will be able to make unlimited U.S. calls via Wi-Fi at home and on Wi-Fi networks that don't require a password. Using the same phone, they can leave the range of the Wi-Fi network and keep talking without an interruption as the call shifts over to the T-Mobile cellular network.

FTC Report:"Let Localities Decide on Muniwireless".

Wed, 11 Oct 2006 21:56:15 GMT

FTC Report:"Let Localities Decide on Muniwireless".

Yesterday, the Federal Trade Commission released a report on municipal broadband. Specifically, the staff report tried to address the question, thoughtfully included in the title of the press release, [base "]Should Municipalities Provide Wireless Internet Service?[per thou] Jon Leibowitz, the one Democrat (the other non-Republican, Pamela Jones Harbor, is an independent), issued a concurring statement strongly supporting the right of localities to provide broadband services as a needed competitor and potential [base "]third pipe[per thou] into the home.

For me, the important bottom line on the Report is that each locality needs to make its own decision on whether to provide internet service, and under what model. Accordingly, it is a phenomenally bad idea to pass laws that impose blanket bans (like Nebraska[base ']s), or which limit the flexibility of localities to act (like Pennsylvania[base ']s law, which gives private companies a right of first refusal before municipalities can build their own systems).

[Public Knowledge - Policy Blog]

Sprint Will Lock Down Your Records, If You Call & Ask.

Sat, 16 Sep 2006 04:53:13 GMT

Sprint Will Lock Down Your Records, If You Call & Ask.

Following on Kim Zetter's piece yesterday on how to protect yourself from private investigators fraudulently getting your phone records ("pretexting"), I called up my wireless provider to see if I could get into my account without the password I placed on the account.

As Kim wrote:

Choose Your Own Passwords. Companies love using Social Security numbers and dates of birth as authentication, despite the fact that neither bit of info is very private. Insist that your health insurance provider and phone companies allow you to use a customer-designated password or a unique identifying number instead. Don't let them bully you into using your Social Security number, and use different passwords for different accounts.

Though I placed a pretty decent password on the account, I was able to convince the representative to send me a copy of my last month's phone bill by providing my social security number, something that's not hard to buy online.

Acknowledging the issue the rep placed a note on the account that no one can get into the account without the password, even if they know my social security number. Now, If I forget the password, I will have to go to a Sprint store and show identification to get at my records or reset the password, according to the representative.

For many people that may be too much of a hassle, but I appreciate that Sprint locked down the account. Too bad there's not a simple check box on the account management system so that people who want this extra (but by no means perfect) level of security can get it without having to bug a call rep.

I'll try talking my way in next week and let you know what happens. [27B Stroke 6]

The Security Plan for Your Wireless LAN.

Sun, 10 Sep 2006 18:37:08 GMT

The Security Plan for Your Wireless LAN. Take advantage of the latest security tools and keep your users informed if you want to achieve wire-free bliss. [CSO Online Data Security Briefing]

California Passes Wi-Fi Guidance Law.

Tue, 05 Sep 2006 15:19:38 GMT

California Passes Wi-Fi Guidance Law. MrNonchalant writes, "California's legislature has passed a law requiring Wi-Fi device manufacturers to include warnings about security. From the article: 'From 1 October 2007, manufacturers must place warning labels on all equipment capable of receiving Wi-Fi signals, according to the new state law. These can take the form of box stickers, special notification in setup software, notification during the router setup, or through automatic securing of the connection. One warning sticker must be positioned so that it must be removed by a consumer before the product can be used.'" [Slashdot: Your Rights Online]

The End of PiggyBacking? Wi-Fi Routers Get a Warning.

Thu, 31 Aug 2006 23:51:37 GMT

The End of PiggyBacking? Wi-Fi Routers Get a Warning.

Wireless routers sold in California will soon come with warning stickers that advise buyers to password protect their home networks, according to this article in Dark Reading.

The law, passed by California legislators and sent to Governor Schwarzenegger for his signature, will apply to wireless routers sold in California that were manufactured post-October 2007. One of the interesting things about California law is that since its tough to know where your product is going to be sold or where your customer lives, California law ends up being de facto national law.

Does this mean the end of piggybacking free Wi-Fi, as Dark Reading suggests it does?

I think no.

There will still be plenty of free Wi-Fi to be found, but it might not be long before some legislator gets it in his head to pass a law banning the use of an open wireless network unless you have some sort of permission.

Maybe it will happen after some guy gets busted downloading mp3s or child pr0n from a neighbor's open connection.

But it's still legally unclear whether borrowing some unsecured bandwidth is stealing (technically trespass to chattels) or fine and dandy.

So if you do occasionally jump on a open wireless network, remember to play nice, be subtle and don't send any passwords in the clear (ideally, not any passwords unless you are on a VPN).

[27B Stroke 6]

Slashdot | Cell Phone Secrets Die Hard

Thu, 31 Aug 2006 19:37:11 GMT

duplo1 writes "According to an article on CNN, "Selling your old phone once you upgrade to a fancier model can be like handing over your diaries. All sorts of sensitive information pile[s] up inside our cell phones, and deleting it may be more difficult than you think." It seems that corporate security policies need to extend their disposal standards to mobile devices; but what is there to educate consumers regarding such a potential breach of privacy?"

Desktop Security Policy Enforcement - How to Secure Your Corporate Mobile Devices.

Wed, 30 Aug 2006 14:29:09 GMT

Desktop Security Policy Enforcement - How to Secure Your Corporate Mobile Devices. This paper, written by Jason Meyer, will discuss the items that make up a secure desktop security policy and explore a few of the available solutions from vendors that meet some or all of the basic requirements. By Jason Meyer. [Infosec Writers Latest Security Papers]

Paris Hilton Accused of Phone Phreakiness.

Fri, 25 Aug 2006 16:48:50 GMT

Paris Hilton Accused of Phone Phreakiness.

You may have read the story from a while back about how hackers broke into socialite Paris Hilton's cell phone account and posted online racy pictures of the hotel heiress stolen from her mobile device (turns out the perpetrators were the same people accused of hacking into consumer database giant LexisNexis last year). But could it be that Hilton herself has begun using some of the same hacker tactics leveraged against her in personal attacks against others?

So says SpoofCard.com, a company that offers "spoofing" services that let people fake the number that appears in the recipient's caller ID display. The company's lawyer, Mark Del Bianco, says Hilton was among some 50 customers whose accounts were suspended for allegedly using Spoofcard's service to break into other peoples' voice mail accounts and listen to their private messages or alter their outgoing messages. Spoofcard said it discovered the violation "while reviewing its customer call records for evidence of fraud and other prohibited conduct."

Several cell-phone providers rely on caller ID to verify that someone checking a voice mail account is calling from the account holder's mobile handset. Sprint, Cingular and T-Mobile all allow consumers to turn off or bypass the passcode-checking function used to safeguard access to voice mail. Del Bianco wouldn't say which wireless provider was the target of all these attacks, but based on previous reporting it is clear that Hilton has been a longtime customer of T-Mobile, and that is likely the target network involved here.

According to Spoofcard, actress Lindsay Lohan was among those whose voice mail accounts were broken into. Del Bianco declined to name other victims or alleged perpetrators, but added that many of the terminated customers and victims whose mailboxes were accessed are celebrities. The company does not plan to press charges against anyone involved, Del Bianco said, but he added that the company would refer the matter to federal authorities if requested to do so.

While faking your caller ID number is not a crime (yet), faking it so that you can break into someone else's voice mail box is. Under Section 2701 of the Federal Stored Wire and Electronic Communications Act, gaining unauthorized access to another person's voicemail and messages is a federal offense punishable by fines and up to five years in prison.

In June, the U.S. House of Representatives approved a bill that would make it a crime to maliciously falsify the caller ID information as seen by the recipient of a phone call.

I contacted Hilton's publicist about this news, but am still awaiting a reply, although the AOL-affiliated entertainment-news site TMZ.com reported that her rep has denied the accusation. I will update the blog if Hilton's folks get back to me.

[Security Fix]

Paris Hilton: Master Hacker?

Thu, 24 Aug 2006 20:30:28 GMT

Paris Hilton: Master Hacker?
Paris Hilton has been caught using a caller I.D. spoofing service to hack Lindsay Lohan, according to spoofing company SpoofCard.

Despite years of warnings, some popular cell phone providers let customers retrieve their voicemail without entering a PIN if they appear to be calling from their own phone -- an easy thing to fake using any of the inexpensive caller ID spoofing services available online.

Spoofcard says they caught Hilton doing exactly that:

SpoofCard.com confirmed that Paris Hilton was among the terminated customers, and that Lindsay Lohan was among those whose voicemail accounts were broken into. SpoofCard has put software controls on its network so that customers can no longer use its service to break into the voicemail boxes of Miss Lohan or the other victims it has identified.

SpoofCard.com discovered the conduct while reviewing its customer call records for evidence of fraud and other prohibited conduct. The company is publicly announcing its action in order to discourage this type of activity and to alert mobile telephone networks and their customers of the need to protect voicemail access with passwords and other security measures.

SpoofCard.com is committed to working with law enforcement and industry groups to end harassing and illegal use of caller ID spoofing technology. In this case, it will cooperate with any law enforcement inquiry into possible violations of the Federal Stored Wire and Electronic Communications Act involving unauthorized access to voicemail boxes.

SpoofCard says they've terminated 50 customers for voicemail hacking. It looks like the company is trying to buff its image now that Congress, the FCC and a state attorney general have all targeted caller ID spoofing services as a danger to consumers.

Of course, it's not bad publicity to be known as Paris Hilton's hacking tool of choice. Hilton's T-Mobile Sidekick was hacked at least twice, so she should get a pass for this one.

[27B Stroke 6]

The Black Hat Wireless Exploit Interview, Verbatim.

Wed, 16 Aug 2006 18:38:59 GMT

The Black Hat Wireless Exploit Interview, Verbatim.

I've received an overwhelming amount of hate mail from Mac enthusiasts over two previous posts on a wireless-device-driver presentation at the Black Hat hacker conference, with people accusing me of all kinds of nasty things. Rather than respond to every wild accusation under the sun, I thought it best to give readers all of the information that I have on this. I am posting here a word-for-word transcription of a taped interview I had with David Maynor of SecureWorks in his hotel room on Tuesday, Aug. 1 -- the eve of his presentation at Black Hat.

I've been asked this many times, so let me make this crystal clear: I had the opportunity to see a live version of the demo Maynor gave to a public audience the next day. In the video shown at Black Hat, he plugged a third-party USB wireless card into the Macbook -- but in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in. As far as I'm aware, only one other person at the conference saw the demo the way I saw it (a Black Hat staff member whom I'm not at liberty to name); the discrepancy over the wireless card is probably the biggest reason why the Mac community was so confused and upset by my original post. I tried to clarify that in a follow-up, and am posting the contents of that interview -- verbatim -- to give the public all of the information I have about this particular exploit.

As I turned the tape on, Maynor was just beginning to demonstrate the exploit for me.

Maynor: OK, so the first step in this is we want to turn this [Windows laptop] into a wireless access point.

BK: Oh, so you do have to have it connected?

Maynor: No, this is just for the demo. This is the way we've developed the demo. If I explained it any other way, you wouldn't see anything. It would just say, "Exploit done." This way you can see the results of it.

[Maynor runs the connect-back script that leverages the flaw in the Macbook's wireless device drivers to connect back to the Windows laptop to which it was already associated.]

Maynor: So, I'm going to place a file on the desktop here on the Macbook using this machine here. What should I call it?

BK: I dunno. How about "owned"? [A text file named "owned" shows up on the Macbook desktop.] Wait, OK. Explain to me exactly what you're exploiting in here. Is it a flaw in the Macbook itself?

Maynor: Yes, it's a device driver. The thing is, there's a flaw in the OS, but I don't want to specifically point to it, so in the video you'll see I used a third-party USB device. What I'm trying to do is highlight the problems in device drivers themselves, not any one particular flaw. [Maynor misspoke here, and I later clarified this point with him. The wireless device driver that powers the internal wireless card on the Macbook contains flaws that -- when exploited -- give the attacker the ability to create or delete files, or modify system settings. The flaw is in fact in the Macbook's wireless device driver, which is made by a third party. So again, to be clear, the flaw is not, as he suggests in the transcript of this interview, in the Mac OS X operating system itself.]

BK: Oh. OK, well, then aside from this Macbook example, how many other machines have you been able to find this kind of --

[Security Fix]

LiveScience.com - Cell Phones Automatically Monitored for Better Traffic Updates

Sun, 13 Aug 2006 23:02:55 GMT

A new service that measures radio signals beamed between your cell phone and cell phone towers could soon help speed up your commute.

IntelliOne Technologies, a company that specializes in using mobile phone network usage to measure roadway speeds, has launched a real-world test of its technology along the streets, freeways and highways of Tampa, Florida. Called Need4Speed, the test will run from Aug. 7 to 18.

The company's technology takes advantage of the fact that wireless devices in motion communicate constantly with multiple cell towers. Wireless carriers use this data to maintain and optimize their networks, but this information can also be converted into speed and travel time information for any roadway that has cell phone coverage.

The new service isn't the only example of a creative use for cell phone towers. In another recent study, scientists used dips in cell phone signals during storms to measure rainfall.

Tracking Your Cell Phone for Traffic Reports.

Sun, 13 Aug 2006 22:51:42 GMT

Tracking Your Cell Phone for Traffic Reports. BostonBTS writes "IntelliOne Technologies has just launched a real-world test of Need4Speed, a real-time traffic-monitoring system that tracks drivers' cell phones. From their website: 'Unlike any other solution available today, the IntelliOne Roadway Speed Measurement System produces live roadway speeds for all highways and surface streets where mobile phone coverage exists, accurate to within three miles per hour.' Of course, any compulsory phone-tracking system raises privacy concerns. According to an article on LiveScience, 'the personal identification data of users will be stripped from cell phone signals before they are processed by IntelliOne's software.' The cell phone companies have this data, but IntelliOne says they won't be keeping their copy." [Slashdot: Your Rights Online]

Two charged in Royal phone tap probe.

Thu, 10 Aug 2006 19:47:50 GMT

Two charged in Royal phone tap probe.

Phreaking serious

Two men have been charged with intercepting mobile phone voicemail messages following an investigation into allegations that the phone calls of staff working for Prince Charles were illegally accessed.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Trojan Horse Takes a Bite Out of BlackBerry.

Thu, 10 Aug 2006 19:34:40 GMT

Trojan Horse Takes a Bite Out of BlackBerry. Researcher has developed what he calls the first Trojan horse malware for BlackBerry devices. [PC World: Latest Technology News]

SignOnSanDiego.com -- It's touch and go at Petco Park

Sun, 06 Aug 2006 20:10:41 GMT

The park's concession stands are accepting new contactless credit cards, which contain a small radio chip, allowing users to pass the card in front of a reader to make their purchases. The customer doesn't have to hand over the card and for purchases under $25 doesn't need to sign a receipt.

Jeff Overton, executive vice president of business operations for the Padres, said getting people back into their seats quickly is one of the team's goals.

"In our environment, it's all about speed," he said.

But that speed is not without its pitfalls. Some consumer groups say the technology in the cards raises privacy and security concerns - from theft of consumer data on the cards to the unwanted tracking of a person's movements. Partly because of those concerns, consumers have been slow to embrace the new cards.

The technology - called RFID, or radio-frequency identification device - is nothing new. RFID chips are in security badges and pet implants, and on merchandise so retailers can track their inventory.

But increasingly, credit card companies like JPMorgan Chase, which is in a partnership with the Padres on the new card system, have been championing RFID cards at ballparks and at quick-serve merchants such as 7-Eleven, CVS drugstores and Regal Cinemas. Other companies offering the cards include American Express, Citicorp, HSBC and MBNA.

Intel Issues Patches to Fix Wireless Flaws.

Fri, 04 Aug 2006 22:31:44 GMT

Intel Issues Patches to Fix Wireless Flaws.

Intel has released updates to fix at least seven separate security flaws in the low-level software that powers its Centrino wireless devices. The flaws reside in Intel's wireless "device drivers," and are present at such a fundamental level of the operating system that they could be used by bad guys to spread malicious software like a computer worm wirelessly between vulnerable computers without any action on the part of the user.

The Intel Web site has more information on these flaws and includes a tool that people can use to tell whether they need to download and install software updates to fix the problems. I would strongly advise anyone using a laptop with an embedded wireless card to pay a visit to the page and run the tool, as many, many computer manufacturers embed Intel's hardware and software into their machines.

Yesterday, I wrote about a series of flaws security researchers here at Black Hat were able to find in multiple wireless device drivers. While Intel's update appears unrelated to their presentation, these vulnerabilities are quite serious and we are likely to see similar updates in the not-too-distant future from other companies that make these device drivers. Intel said it is currently working with various computer manufacturers to get their word out to their customers as well.

[Security Fix]

Hijacking a Macbook in 60 Seconds or Less.

Wed, 02 Aug 2006 17:21:31 GMT

Hijacking a Macbook in 60 Seconds or Less.

If you want to grab the attention of a roomful of hackers, one sure fire way to do it is to show them a new method for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine. That's exactly what hackers Jon "Johnny Cache" Ellch and David Maynor plan to show today in their Black Hat presentation on hacking the low-level computer code that powers many internal and external wireless cards on the market today.

The video shows Ellch and Maynor targeting a specific security flaw in the Macbook's wireless "device driver," the software that allows the internal wireless card to communicate with the underlying OS X operating system. While those device driver flaws are particular to the Macbook -- and presently not publicly disclosed -- Maynor said the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS. Still, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the "Mac user base aura of smugness on security."

"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," Maynor said. "The main problem here is that device drivers are a funny mix of stuff put together by hardware and software developers, and these guys are often under the gun to produce the code that will power products that the manufacturer is often in a hurry to get to market."

Maynor said he and his colleague opted in favor of a videotaped demonstration versus a live one because of the possibility that someone in the audience could intercept the traffic sent to a potentially live target and deconstruct the attack -- possibly to use the exploit in the wild against other Macbook users.

One of the dangers of this type of attack is that a machine running a vulnerable wireless device driver could be subverted just by being turned on. The wireless devices in most laptops -- and indeed the Macbook targeted in this example -- are by default constantly broadcasting their presence to any network within range, and most are configured to automatically connect to any available wireless network.

But according to Maynor and Ellch, this attack can be carried out whether or not a vulnerable targeted laptop connects with a local wireless network. It is, they said, enough for a vulnerable machine to have its wireless card active for such an attack to be successful. That's a trivial demand, given that most wireless devices embedded in laptops these days are switched on by default and are configured to continuously seek out available wireless networks.

Because the software that powers these wireless devices operates at such a fundamentally low level of the operating system, traditional system safeguards like firewalls and anti-virus software most likely will not stop the operating system from accepting a maliciously crafted network probe from an attacker seeking to exploit device driver-specific flaws. The result, said Maynor, is that a system using poorly designed device drivers is vulnerable to compromise just by doing what it was programmed to do.

But that explanation eclipses the larger point that Maynor and Ellch said they are trying to get across: Namely, that wireless device drivers are largely developed and written by an odd mix of hardware and software developers in an environment where time-to-market often trumps any thorough code review for potential security flaws.

Apple -- like many computer manufacturers -- outsources the development of its wireless device drivers to third parties. In Apple's case, the developer in question is Atheros, a company that devises drivers for a number of different wireless cards, each designed with drivers specific to the operating systems on which they will be used.

Maynor and Ellch also found two different device driver flaws for wireless products aimed at Windows systems. This is notable because it points out a security loophole in the way that Microsoft has traditionally processed device drivers. Any time a Windows XP user tries to install a device driver, the system checks whether that driver has been "signed" or approved by Microsoft so as not to cause system stability problems. Many third-party wireless cards designed for Windows systems are not signed by Microsoft, and the system will throw up a warning to that effect any time a user tries to install an unsigned device driver.

But according to Maynor and others, Microsoft only recently began testing whether its approved or "signed" device drivers introduced unforeseen security weaknesses into the system. Microsoft is trying to rectify that problem with Windows Vista -- the next version of its operating system by only allowing the installation of device drivers that have met the company's security testing procedures.

After the demo, Ellch (who is currently pursuing his master's degree in computer security at the Naval postgraduate school in Monterey, Calif.) will talk about a new tool he's developing that can remotely scan and figure out the chipset and driver version of a wireless device on a target computer. So far, Ellch said the tool currently recognizes 13 different wireless device drivers, breaking them down by operating system and firmware version.

"I'm getting this tool to the point where it can tell you not only how many people in a room are running, say, Centrino or Broadcom devices, but that 'x' number are running them on a Windows box with a specific version of the driver," Ellch said. "The userful thing for that information is that if you have a device driver exploit and it's version-specific, you could tweak [the exploit] before you launch it."

Maynor said he and Ellch have been in contact with Apple, Microsoft and other companies responsible for vetting the device drivers that power the embedded or third-party wireless card devices meant for those systems, and that both companies are working with wireless card vendors and original equipment manufacturers (OEMs) to remedy the problems. Assuming the wireless device driver makers affected by these flaws fix the problems, it may be an uphill battle for those vendors to find an easy way for users to upgrade that software.

I should note here that while the bad guys may or may not have known about these security weaknesses for some time, there is not a single shred of evidence that these flaws have been exploited "in the wild" (as security companies like to say). That said, it might not be terrible idea to take advantage of the button your laptop that allows you to turn off the machine's constant search for wireless networks when you're not actively trying to go online.

[Security Fix]

Bluetooth Security.

Tue, 01 Aug 2006 19:44:43 GMT

Bluetooth Security. This paper, written by Colleen Rhodes, will explain what Bluetooth is, how it works, and some of the vulnerabilities and risks associated with it. By Colleen Rhodes. [Infosec Writers Latest Security Papers]

NBC10.com - Cell Phone Picture Called Obstruction Of Justice

Sat, 29 Jul 2006 15:22:10 GMT

PHILADELPHIA -- A Philadelphia family said they are outraged over the arrest of one of their family members.

The family of Neftaly Cruz said police had no right to come onto their property and arrest their 21-year-old son simply because he was using his cell phone's camera. They told their story to Harry Hairston and the NBC 10 Investigators.

"I was humiliated. I was embarrassed, you know," Cruz said.

Cruz, 21, told the NBC 10 Investigators that police arrested him last Wednesday for taking a picture of police activity with his cell phone.

Municipal WiFi is Coming, and Why Privacy Advocates Should Care.

Wed, 26 Jul 2006 16:02:38 GMT

Municipal WiFi is Coming, and Why Privacy Advocates Should Care.

Graham Longford, a postdoc at the Community Wireless Infrastructure Research Project (CWIRP) at the University of Toronto, has contributed a nice essay on the privacy considerations of municipal wi-fi over at the On the Identity Trail blog. Graham notes many of the concerns with Google[base ']s wi-fi plans in San Francisco I[base ']ve expressed before, but also focuses on the city of Toronto[base ']s plan to allow a subsidiary of municipally-owned Toronto Hydro Corporation to build their network, noting too that this subsidiary has [base "]made it very clear that the main purpose of the system is to maximize revenue for its parent company.[per thou] That means data mining.

Graham also proposes a privacy-protecting [base "]Gold Standard[per thou] that any municipal wi-fi system should follow:

allow access without [base "]signing in[per thou]; sign-in procedures often require personal information that enables tracking;

offer a level of access that is free, since fee-based systems (e.g. subscription services) enable the identification of users through credit card or bank account information, unless provision for cash payment is made; and,

forego offering targeted advertising and other customized electronic services based on user identity, location or surfing behaviour; such services may be offered, but on an [base ']Äúopt-in[base ']Äù basis requiring the user[base ']Äôs explicit consent.

Good suggestions. While I haven[base ']t reviewed all the details, I have noticed that the proposed muni wi-fi in my old hometown, Milwaukee, Wisconsin, will provide citizens free access to 60 Web sites, run by government entities or non-profit agencies (any other sites will require a subscription). A good first step.

[michaelzimmer.org]

Crazy-Long Hacker Sentence Upheld.

Tue, 11 Jul 2006 13:27:17 GMT

Crazy-Long Hacker Sentence Upheld. An appeals court upholds a nine-year prison term for a Michigan man who hacked the Lowe's chain of home improvement stores through their unsecured Wi-Fi network. By Kevin Poulsen. [Wired News: Security Blanket]

School Admins Demand Access to Students' Cellphones.

Sat, 08 Jul 2006 17:27:59 GMT

School Admins Demand Access to Students' Cellphones. Reverberant writes "School administrators in Framingham MA have implemented a policy allowing them to not only confiscate cell phones, but also to search through students' cell phone data as part of their anti drug/violence efforts. Students claim that the policy is an invasion of their privacy." [Slashdot: Your Rights Online]

Wi-Fi networks ripe for data theft - Jul. 7, 2006

Sat, 08 Jul 2006 16:22:23 GMT

Think your computer is secure when you log onto a Wi-Fi network at a major hotel?

Think again. Many Wi-Fi networks, including some at major hotels frequented by business travelers, are susceptible to attacks by hackers.

Even worse, these hackers don't even need sophisticated tools to log onto your lap top and steal your personal data or your company's intellectual property, according to Dave Garrison, chief executive of iBAHN, a company that builds secure networks for Wi-Fi "hot spots," or places where people can access the Internet via a wireless connection.

Research commissioned by RSA Security (Charts), which makes security tools and software, found that 25 percent of corporate Wi-Fi networks in New York are not secure, while 26 percent of corporate Wi-Fi networks in London are not secure. About 22 percent of corporate Wi-Fi networks in Paris are not secure.

That's a disturbing trend in an era when data theft is on the rise. Over 88 million data records of U.S. residents have been exposed due to security breaches since February 2005, according to the Privacy Rights Clearinghouse, a non-profit consumer group devoted to privacy rights.

During a demonstration conducted for CNNMoney.com at a large hotel in Manhattan, iBAHN chief technical officer Brett Molen demonstrated how easy it is for one person using a laptop or even a handheld device at an unsecured wireless network to open, copy and delete files from the computer of another user on the same network.

Illinois Governor Signs Legislation to Protect Cell Phone Records, Privacy

Sat, 08 Jul 2006 16:00:37 GMT

Governor Rod R. Blagojevich on Wednesday signed Senate Bill 2554 outlawing the practice of "pretexting" in Illinois. Pretexting is pretending to be an account holder, or to have authorization to access an account, to obtain cell phone records, long distance call records, a person's physical location and other personal records, such as GM OnStar information and any other account information relating to that person, such as dating service information or post office boxes. The governor called for new restrictions on the practice in January, according to a release from his office. According to the Electronic Privacy Information Center (EPIC), Illinois is among the first states in the nation to fight cell phone record pretexting.

"Before we signed this legislation, identity thieves were able to go on the Internet and sell personal phone account information to the highest bidder," said Blagojevich. "Now, identity thieves are on notice -- we do not tolerate violations of personal privacy in Illinois. If you don't respect the law, you'll face stiff penalties."

According to EPIC, there are currently dozens of Web sites practicing cell phone "pretexting." In most cases, these brokers only need a person's cell phone number to obtain these records. In a demonstration of just how easy it is to obtain personal cell phone records, in January a blogger was able to obtain the call history of former presidential candidate and NATO commander Gen. Wesley Clark in just a few hours for less than $100.

SB 2554, sponsored by Sen. Ira Silverstein and Representative Aaron Schock, makes it illegal for an identity thief to use somebody else's personal identification information or personal identification document to portray himself or herself as that person without permission, for the purpose of gaining access to any personal identification information or personal identification document of that person. It also makes it illegal to use personal identifying information to gain access to a person's transactions, actions or communications such as cell phone call records.

MetroWestDailyNews.com - Local / Regional News: Students cry foul over cell phone policy: Teens say officials are 'overreacting' and violating their privacy

Sat, 08 Jul 2006 15:32:28 GMT

Fearing their wireless freedom may be in jeopardy, students at Framingham High School were fuming over a new school policy that allows administrators to seize cell phones and search their contents.

The policy, administrators say, is to improve security and stop the sale of drugs and stolen goods, but students said that the edict is an invasion of privacy.

"It's not anyone's business what is in students' cell phones," said Demitriy Kozlov, who will be a senior in September. "If they think someone's dealing a pound of coke or pot, then there is a reason to, but that doesn't happen here."

Google Responds to SanFran Wi-Fi Privacy Concerns.

Thu, 06 Jul 2006 16:43:53 GMT

Google Responds to SanFran Wi-Fi Privacy Concerns.

Google has responded to some of the privacy concerns with their proposed municipal wi-fi network for the city of San Francisco. In a letter [PDF] sent to the City, they defend requiring a Google Account to access the network, as well as their proposed data collection and retention practices.

Currently, I[base ']m swamped with other obligations, but a quick read of the letter revealed this statement:

Choice. Google WiFi users will enjoy a range of choices with respect to their Google WiFI account information. They may create and use different Google Accounts to access the network or separate Google services, such as Gmail.

This statement is ambiguous about whether a user can log into the WiFi system with one Google Account, but then use a different Google Account in order to check their Gmail, perform web searches, and so on. Are they suggesting users manage multiple Google Accounts depending on how they access the web? That is quite unwieldy. If I want to check my Gmail account via the WiFI network, I have to use the Google Account associated with that Gmail account.

More importantly, Google still hasn[base ']t explained why a Google Account itself is even necessary to use the system. By setting up a Google Account, users are automatically enrolled in a multitude of other data-collection services within Google[base ']s suite of products, including the collection of search histories. Using a Google Account reduces Google[base ']s reliance on tracking a users IP address for the collection of usage statistics - all data can be easily correlated to the Google Account.

Rather than creating a unique account system for the WiFi system, Google has ensured that all WiFi users create Google Accounts and become part of their widening infrastructure for the collection of online browsing habits.

[michaelzimmer.org]

The Fourth of July, 2006 is Privacy Digest's 7th Anniversary

Mon, 03 Jul 2006 17:14:11 GMT

Tomorrow, The Fourth of July 2006, Privacy Digest will have been publishing as this domain for seven years. We were actually around a bit longer as part of another blog. But on July 4, 1999, I decided that the issue was important enough to warrant it's own dedicated domain.

If you would like to help out my Amazon wishlist has a few things I need. More ideas on ways to support us can be found here.

Researchers Use Wi-Fi Driver to Hack Laptop.

Sun, 25 Jun 2006 17:24:19 GMT

Researchers Use Wi-Fi Driver to Hack Laptop. Hack will be demonstrated at the upcoming Black Hat conference. [PC World: Latest Technology News]

Security Analysis of Wireless Modulation Techniques.

Mon, 12 Jun 2006 15:51:43 GMT

Security Analysis of Wireless Modulation Techniques. In this article, Prentice Tyndall discusses the radio modulation schemes behind wireless networking and look at the security vulnerabilities behind these schemes as they apply to wireless topologies. Also discussed are the history of wireless modulation techniques and discover why the wireless frontier has arrived to the place that it is today. By Prentice Tyndall. [Infosec Writers Latest Security Papers]

China's WAPI will not go down without a fight.

Sun, 04 Jun 2006 02:07:15 GMT

China's WAPI will not go down without a fight. Chinese backers of the rejected WLAN Authentication and Privacy Infrastructure or, WAPI, wireless security protocol have accused rivals of unethical behavior in a last-ditch attempt to revive their standardization hopes.

[Network World on Privacy]

Wireless Security Survey Points to More Concern, Greater Security Risks For Mobile Devices.

Sat, 03 Jun 2006 19:42:07 GMT

Wireless Security Survey Points to More Concern, Greater Security Risks For Mobile Devices. As enterprises increasingly are using wireless devices to create and transmit new data and to access the most sensitive information sitting on their corporate servers, the risks are much greater, the stakes are much higher, and the potential loss is much more catastrophic [GT: Security and Privacy]

Mobile Phone Security

Thu, 01 Jun 2006 16:20:15 GMT

Mobile Phone Security. Benny Rayner submits this paper outlining and giving detail on the different threats of the mobile phone. By Benny C. Rayner. [Infosec Writers Latest Security Papers]

Blue Box Podcast #27: Eavesdropping tutorial, VoIP security news, comments and more.

Wed, 24 May 2006 18:06:37 GMT

Blue Box Podcast #27: Eavesdropping tutorial, VoIP security news, comments and more.

Synopsis: Eavesdropping tutorial, VoIP security news for the week, our listener survey, US DoD conference report, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #26, a 51-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 19-minute tutorial on eavesdropping issues, discussion of our our listener survey and a brief report about Dan's visit to the US Dept of Defense Telecommunications Services Interoperability Conference last week in Arizona.

[Blue Box: The VoIP Security Podcast]

Wireless location tracking draws privacy questions | Tech News on ZDNet

Wed, 17 May 2006 12:38:21 GMT

Wireless products that can do everything from tracking your children to finding you a nearby date this weekend seem to fall outside the scope of federal privacy laws, and that may need to change, an industry group said.

At a panel discussion hosted by the Congressional Internet Caucus Advisory Committee, which aims at informing legislative aides, a wireless industry representative on Tuesday said he's concerned that many products that use geographic location technology, such as those found in cars, aren't being held to the same standards as traditional wireless phone carriers.

"We're going to see in the next year pretty much all of the national wireless carriers deploy handsets that work on licensed commercial spectrum and also work off Wi-Fi hot spots," said Michael Altschul, general counsel to the Cellular Telecommunications and Internet Association (CTIA), an international trade association representing wireless carriers, suppliers and providers of wireless services. "I don't want a customer who starts a call in a Starbucks using a Wi-Fi hot spot, then steps outside and the call is handed off to a commercial mobile service, to have different privacy expectations."