Sigillu

Secure Communications

RIM’s Deal: Saudi Arabia Can Access BlackBerry User Data

Saudi Arabia’s government announced it reached a deal with Research In Motion (RIMM) that will allow the Canadian maker of BlackBerry smartphones to continue operating its service there. Under the agreement, RIM will put a server in the nation that will allow the government to monitor messages to and from Blackberries. All of RIM’s servers have been in Canada until now so the company could guarantee confidentiality for its customers though the encryption process on those servers.

According to several news sources, similar deals will probably be sought by other countries that have voiced concerns about the Blackberry encryption procedures. First among these is the United Arab Emirates, which threatened to shut down RIM’s services there on Oct. 11. India and Indonesia have also said they’re concerned about the RIM confidentiality system and their inability to track information that they claim may not be in the best interests of their governments.

Link

August 8, 2010 Posted by | Android, APAC, BlackBerry, Canada, cellular phone, email, EMEA, encryption, Iphone, privacy, security, spy, technology, USA | Leave a comment

Sigillu Contact Us Page

July 23, 2010 Posted by | Android, BlackBerry, bugging devices, Canada, cellular phone, contraespionaje, correo electronico, countersurveillance, criptografia, dispositivos de escucha, eavesdrop, email, email, encryption, escuchas telefonicas, espionage, espionaje, ilegal, illegal, inalambrico, intercepcion, Iphone, mensajes de texto, mobile, Nextel, Nokia, PBX, phone tap, privacidad, privacy, security, seguridad, Skype, SMS, spy, surveillance, tap, technology, tecnologia, telefonia celular, text message, USA, Windows, Windows Mobile, wireless, wiretap | Leave a comment

Your Phone Number Can Be Easily Hacked, and Here’s How

“It’s really interesting to watch a phone number turn into a person’s life,” security researcher Nick DePetrillo told the Los Angeles Times in a report published yesterday. According to Petrillo and fellow expert Don Bailey, the mere digits of your cell phone number can betray your name, your travel itinerary, and your work and home address; it can also allow others to listen in on your voice messages and personal phone calls.

Using “widely available information and existing techniques,” DePetrillo and Bailey reportedly were able to construct detailed files on a cellphone user. Find out how after the break.

As “white hat hackers,” meaning the good guys that hack you to expose security gaps and then figure ways to patch them, DePetrillo and Bailey have learned that by using special software to spoof a call from the target number, tricking the cell phone company into thinking the call is coming from the target’s cell phone: The Caller ID system then identifies the victim’s name for you. As the LA Times points out, a hacker could create their own phonebook of numbers and corresponding identities.

From there, the hacker can then query the cellphone network to discover the location of the phone. Websites such as InstaMapper are openly accessible and free to use. With this, one can hypothetically track and generate a general schedule of your movements.

Moreover, there is always the possibility of malicious applications, which appear to do one thing but in reality can collect private information. For example, security expert Tyler Shields created an application called “TXSBBSPY,” which when installed on a Blackberry, could read text messages, listen to voice mail, and even turn on the phone’s mic at will.

Today, smartphones including the iPhone, Blackberry, and Android devices comprise about 21% of the cell phone market, and often contain sensitive information like other phone numbers, e-mails, and banking information. Nielsen Co. estimates the smartphone to become the new standard by 2011. However, as the smartphone is a recent development, Shields says that we are only living in the “late ’90s” when it comes to mobile security.

The obvious solutions, of course, are to 1) keep your cell phone number private; 2) shield your number with services like Google Voice; 3) use common sense – don’t access suspicious software and links.

July 7, 2010 Posted by | bugging devices, cellular phone, countersurveillance, eavesdrop, email, English, Uncategorized, USA | , , , , , , , , , , , , , | Leave a comment

On iPhone, beware of that AT&T Wi-Fi hot spot

cnet – A security researcher has discovered that any wireless network can pretend to be an AT&T Wi-Fi hot spot and thus lure unsuspecting iPhone users to an untrusted network connection.

Samy Kamkar, who created a worm that garnered him a million friends on MySpace overnight in 2005, said in an interview this week that he can hijack any iPhone within Wi-Fi range in what is often dubbed a “man-in-the-middle” attack because of the way the devices are configured to recognize AT&T Wi-Fi connections merely by the name “attwifi.”

Typically, an iPhone will look for a specific MAC address–the unique identifier for the router–to verify that the wireless network is a device a user agreed to join previously. However, if the iPhone has previously connected to any one of the numerous free AT&T Wi-Fi hot spots (offered at virtually every Starbucks in the U.S., for example) the device will ignore what the MAC address says and simply connect to the network if it has “AT&T Wifi” attached, Kamkar said.

“The iPhone joins the network by name with no other form of authentication,” he said.

Kamkar said he made this discovery recently when he was at a Starbucks and disconnected from the AT&T Wi-Fi network.

“I went into the settings to disconnect and the prompt was different from normal,” he said. “I went home and had my computer pretend to be an AT&T hot spot just by the name and my iPhone continued to connect to it. I saw one or two other iPhones hop onto the network, too, going through my laptop computer. I could redirect them, steal credentials as they go to Web sites,” among other stealth moves, if he had wanted to.

To prove that a hijack is possible, Kamkar wrote a program that displays messages and can make other modifications when someone is attempting to use the Google Maps program on an iPhone that has been intercepted. He will be releasing his hijacking program via his Twitter account: http://twitter.com/samykamkar.

Kamkar hasn’t attempted the hijack on an iPod Touch, but plans to determine whether it has the same vulnerability.

iPhone users can protect themselves by disabling their Wi-Fi, or they can turn off the automatic joining of the AT&T Wi-Fi network, but only if the device is within range of an existing AT&T hot spot, Kamkar said.

Asked for comment an Apple spokeswoman said: “iPhone performs properly as a Wi-Fi device to automatically join known networks. Customers can also choose to select to ‘Forget This Network’ after using a hot spot so the iPhone doesn’t join another network of the same name automatically.”

Kamkar, an independent researcher based in Los Angeles, first made a name for himself by launching what was called the “Samy” worm on MySpace in order to see how quickly he could get friends on the social-networking site. The cross-site scripting (XSS) worm displayed the words “Samy is my hero” on a victim’s profile and when others viewed the page they were infected.

He served three years of probation under a plea agreement reached in early 2007 for releasing the worm.

Source: cnet

June 22, 2010 Posted by | bugging devices, cellular phone, countersurveillance, eavesdrop, email, encryption, English, espionage, illegal, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, text message, USA, wireless, wiretap | , , , , , , , , , , , , | Leave a comment

Hacker Unleashes BlackBerry Spyware

Proof-of-concept demonstrates ease at which mobile spyware can be created to pilfer text messages and email, eavesdrop, and track victim’s physical location via smartphone’s GPS.

Tyler Shields, senior researcher for Veracode’s Research Lab, also released proof-of-concept source code for a spyware app he created and demonstrated at the hacker confab in Washington, D.C., that forces the victim’s BlackBerry to hand over its contacts and messages. The app also can grab text messages, listen in on the victim, as well as track his physical location via the phone’s GPS. The spyware sits on the victim’s smartphone, and an attacker can remotely use the app to dump the user’s contact list, email inbox, and SMS message. It even keeps the attacker updated on new contacts the victim adds to his contact list. “This is a proof-of-concept to demonstrate how mobile spyware and applications for malicious behavior are trivial to write just by using the APIs of the mobile OS itself,” Shields says.{hwdvideoshare}id=23|width=|height={/hwdvideoshare}Smartphones are expected to become the next big target as they get more functionality and applications, yet remain notoriously unprotected, with only 23 percent of its users deploying security on these devices. And smartphone vendors for the most part have been lax in how they vet applications written for their products, security experts say.

“Personal information is traveling from the PC to the smartphone. The same data they are attacking on the PC is now on a lower-security form factor where security is less mature,” Shields says. “It makes sense that [attackers] will follow the money to that new device.”

His spyware app, TXSBBSpy, could be plugged into an innocuous-looking video game or other application that a user would download. Then the bad guys could harvest contacts they could sell for spamming purposes, for instance, he says. Although Shields’ spyware app is only a blueprint for writing a spyware app, writing one of these apps is simple, he says.

“If we try to tell ourselves that the bad guys don’t already know how to do this, we’re lying. This is trivial to create,” he says. Shields has posted a video demo of his BlackBerry spyware tool.

Indeed, smartphone apps were a hot topic last week: A researcher at Black Hat DC demonstrated his own spyware app for iPhones, SpyPhone, which can harvest email addresses as well as information from the user’s Safari searches and his or her keyboard cache. Nicolas Seriot, a software engineer and scientific collaborator at the Swiss University of Applied Sciences, says Apple iPhone’s review process for apps doesn’t stop these types of malicious apps from being downloaded to iPhone users.

Veracode’s Shields says app stores such as BlackBerry’s, where users download free or fee-based applications for their phones, can be misleading to users. “The app store makes the problem worse by giving customers a sense of security, so they don’t necessarily screen for this ‘trust’ button,” Shields says.

The problem is that mobile spyware is “trivial” to create, and the security model of most mobile platforms is inadequate because no one uses the security features and sandboxing methods that protect user data, he says.

Shields recommends that enterprises using BlackBerry Enterprise Server set policies that restrict users from downloading third-party applications or whitelist the ones that are vetted and acceptable.

Users can also configure their default app permissions so that when an app tries to access a user’s email or contact list, the OS prompts the user for permission. Shields says to avoid setting an app to “trusted application status.”

As for app store owners like BlackBerry AppWorld, Apple iTunes, and Google Android Marketplace, Shields recommends the vendors check the security of all applications in these stores. That way, apps would undergo a rigorous vetting process before they hit the stores. “Some are [doing this], but I’m not sure to what degree,” he says. “Regardless of what they are catching or not, they are not telling us what they are looking for.”

Shields’ TXSBBSpy spyware, meanwhile, isn’t the first such tool for the BlackBerry. There’s the controversial tool FlexiSPY, aimed at tracking employees, children, or cheating spouses, but considered by anti-malware companies as malicious code. And there has been at least one documented case of a major spyware infiltration on the BlackBerry: Users in the United Erab Emirates last year were sent a spyware-laden update to their BlackBerrys on the Etisalat network.

Written by :

June 22, 2010 Posted by | bugging devices, cellular phone, countersurveillance, eavesdrop, email, encryption, English, espionage, illegal, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, text message, Uncategorized, USA, wireless, wiretap | , , , , , , , , , , | Leave a comment

Sigillu Banner

March 19, 2010 Posted by | APAC, Argentina, BlackBerry, Bolivia, Brazil, bugging devices, Canada, Caribbean, cellular phone, Central America, Chile, Colombia, contraespionaje, correo electronico, countersurveillance, criptografia, dispositivos de escucha, eavesdrop, Ecuador, email, EMEA, encryption, escuchas telefonicas, espionage, espionaje, ilegal, illegal, inalambrico, intercepcion, Iphone, Israel, mensajes de texto, Mexico, mobile, Nextel, Nokia, Paraguay, Peru, phone tap, privacidad, privacy, security, seguridad, Skype, spy, surveillance, tap, technology, tecnologia, telefonia celular, text message, Uruguay, USA, Venezuela, Windows, Windows Mobile, wireless, wiretap | Leave a comment

Radio Interview about Gold Lock Hacker Challenge

Gold Lock is proud to announce that Douglas Haskins, Channel Manager-North America, is scheduled to be interviewed by Federal News Radio AM1500 in Washington, DC, Monday 12/14/09 at 8:30am (eastern time).  Federal News Radio contacted Gold Lock to schedule the radio interview to discuss the Gold Lock Hacker Challenge: a $250,00o prize to anyone who can hack a 10 minute encrypted conversation.

Would be hackers are free to use any tools or technology at their disposal. This contest is open to anyone, anywhere, unless your participation is specifically prohibited by law.

Hackers have until 12:00 AM (GMT/UTC + 02:00 hours) on February 1st 2010 to provide us with the transcript. Read the contest rules for complete details and restrictions. Be sure to complete the entry form on that page before you start trying to grab the gold.

December 10, 2009 Posted by | bugging devices, cellular phone, countersurveillance, eavesdrop, email, encryption, English, espionage, illegal, USA | , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Smartphone security software market shows strong potential for channel

Smartphone security business challenge and channel opportunity

Sales and support opportunities for encryption are likely to grow as smartphones use more business applications, such as SAP, and store more corporate data. As discussed earlier, the potential for antimalware sales and support is enormous when smartphones finally become subject to widespread attack.

While encryption vendors offer mobile-specific products on their own, they are also included as part of their overall corporate endpoint encryption suites. Check Point’s Svegby said PC encryption orders for, say 5,000 seats, often come with an additional 150 to 200 licenses for smartphone encryption.

Some vendors, such as Credant Technologies Inc. and Check Point offer only encryption products, others such as F-Secure Corp. and Kaspersky Lab Inc. offer only antimalware, and still others, such as Symantec and McAfee Inc., offer both encryption and antimalware. In terms of operating systems, most vendors support Windows Mobile and Symbian, and some support Palm OS and Blackberry as well. There have been reports that several vendors are working on iPhone antimalware, as well.

Link

December 3, 2009 Posted by | BlackBerry, cellular phone, email, encryption, Iphone, mobile, Nokia, security, technology, Windows, Windows Mobile | Leave a comment

Six ways to get online from anywhere Can’t find a hotspot? Here’s how to make a Net connection without one.

by Glenn FleishmanMacworld.com

We’re all so accustomed to having Internet access in so many places—at home, at the office, at airports, at coffee shops—that it can be infuriating to travel and find yourself with low-speed service or none at all.

Fortunately, there are six good ways to make sure you—and anyone traveling with you—can can access the Internet using your laptop’s built-in wireless networking, even when you’re nowhere near a Wi-Fi hotspot.

Note: Two of these options—cell phone tethering and using a 3G adapter—connect a laptop to the Net and then share that connection from the laptop.

To set up that sharing, first establish the Net connection to the laptop. Then open the Sharing preference pane (System Preferences -> Sharing) and select Internet Sharing. (Don’t check its box yet.) From the Share Your Connection From drop-down menu, choose the active Internet connection. In the To Computers Using list, check the AirPort box. If you want to password-protect the connection you’re sharing (an advisable thing to do), click AirPort Options and set it there. Finally, check the box next to Internet Sharing to turn sharing on. You may need to repeat these steps each time you enable the connection.

AirPort Express in a hotel room The AirPort Express () is a portable powerhouse of a base station. In hotel rooms that have only wired Ethernet for Internet access, plugging an Express into that wired connection not only lets you work on your laptop from anywhere in the room; it also lets you share that connection with other devices that have Wi-Fi but no Ethernet (such as an iPhone) and with family members or colleagues. Apple says the AirPort Express can support up to ten simultaneous Wi-Fi connections. You may first need to connect your laptop via Ethernet to register or activate the room’s connection, then plug in the AirPort Express. Make sure to activate WPA2 Personal encryption so your shared connection isn’t accessible to just anyone.

 

Tethering with your cell phone Tethering services for cell phones let you turn the mobile device into a modem. The phone connects to the Net over a 2.5G or 3G network; you then connect your laptop to the phone via Bluetooth or USB—voila, you’re online. You can then use your laptop as a base station to share that connection via Wi-Fi. Unfortunately, the iPhone doesn’t yet offer tethering in the United States; AT&T promises that it’s coming. If you’re using another phone, check with your cell provider. Some phones may let you tether, but the provider might slap expensive transfer fees on top of whatever data plan you already pay for.

Make your phone a hotspot A small but growing number of mobile phones have both 3G and Wi-Fi. With the right software, you can turn such phones into hotspots. Joiku’s JoikuSpot Light(free) and JoikuSpot Premium (€15) work on the Symbian S60 smartphone platform. The Light version supports the HTTP protocol alone, so the only thing you can do with it is surf the Web; the Premium version supports all Internet protocols. WalkingHotSpot ($25) works with Symbian S60 as well as many Windows Mobile phones. As with tethering, check with your carrier about extra data fees.

3G adapter for your laptop AT&T, Sprint Nextel, T-Mobile, and Verizon Wireless all offer Mac OS X drivers for a variety of 3G modems, which connect your laptop to the net over 3G data networks; many of those modems connect via the USB port, so they’ll work with any Mac portable. Unfortunately, that access comes at a high price: service plans typically cost $60 a month, with a two-year commitment and a usage limit of 5GB per month (combined uploads and downloads). (Cheaper plans, if a carrier offers them, include ludicrously small amounts of monthly use.)

 

A USB modem may be free with your contract, but it may cost as much as $150 to $250 without one. (If you purchase your modem up front, T-Mobile lets you pay its monthly data rate without a contract.) Fortunately, such modems can be swapped among nearly any Mac or Windows system. You can typically, but not always, share the resulting 3G service via Wi-Fi; some drivers might prevent it.

3G as you go Virgin Mobile (now owned by Sprint Nextel) has a pay-by-the-byte 3G plan. TheBroadband2Go USB modem costs $99; you then buy blocks of usage (in megabytes or gigabytes) as you need them. Pricing starts at $10 for 100 MB (must be used within 10 days) up to $60 for 1 GB (expires in 30 days). For those who travel and need access less frequently, this plan makes great sense. As with other 3G adapters, you can share your Virgin Mobile access via Wi-Fi, too.

3G Wi-Fi router The Novatel MiFi 2200 () isn’t the first hardware to combine 3G data access with a wireless router in one box. But such gateways—the Kyocera KR2, for example—have typically been the size of regular desktop routers. The MiFi, by contrast, can fit in your pocket. It allows up to five simultaneous connections and has an internal rechargable battery, so it can continue to provide that access even you’re away from a power outlet.

 

The MiFi is sold by Verizon Wireless and Sprint Nextel. Both firms charge $100 for it (after rebates, with a contract). Verizon offers data plans (with a two-year contract) for $40 for 250MB per month or $60 for 5GB per month. Sprint Nextel only offers a $60 plan (for 5GB per month, with a two-year contract). The MiFi can be purchased separately for about $250 and used with Verizon’s network at a $15-per-day rate for on-demand usage.

Glenn Fleishman is editor of Wi-Fi Networking News and author of Take Control of Your 802.11n AirPort Network (TidBITS Publishing Inc., 2009).

http://www.macworld.com/article/144012/makeyourownhotspot.html

December 1, 2009 Posted by | cellular phone, email, English, mobile, Technologies, wireless | , , , , , , , | 1 Comment

Secure Devices for Everyone

Lee Gomes02.12.09, 05:00 PM EST 
Forbes Magazine dated March 02, 2009

Once a message is properly scrambled, our sun would burn out before you could unscramble it.

pic

Some perquisites of the American presidency–Air Force One, say–are available only to the occupant of 1600 Pennsylvania Avenue. Many others, though, can be had by anyone, including a mobile phone that’s immune to snooping and spying.

President Obama is, like many of us, an e-mail addict, and press coverage of his new BlackBerry has tended to describe it as some sort of top-secret, supersecure device. In fact, owing to advances in both mathematics and computers, presidential-level security is now available on every desktop computer and can easily be added, for a price, to any mobile device as well.

<link>

 

sigillu.jpg

March 4, 2009 Posted by | cellular phone, email, encryption, English, espionage, mobile, privacy, security, spy, tap, technology | Leave a comment

« Previous Entries