Sigillu

Secure Communications

RIM’s Deal: Saudi Arabia Can Access BlackBerry User Data

Saudi Arabia’s government announced it reached a deal with Research In Motion (RIMM) that will allow the Canadian maker of BlackBerry smartphones to continue operating its service there. Under the agreement, RIM will put a server in the nation that will allow the government to monitor messages to and from Blackberries. All of RIM’s servers have been in Canada until now so the company could guarantee confidentiality for its customers though the encryption process on those servers.

According to several news sources, similar deals will probably be sought by other countries that have voiced concerns about the Blackberry encryption procedures. First among these is the United Arab Emirates, which threatened to shut down RIM’s services there on Oct. 11. India and Indonesia have also said they’re concerned about the RIM confidentiality system and their inability to track information that they claim may not be in the best interests of their governments.

Link

August 8, 2010 Posted by | Android, APAC, BlackBerry, Canada, cellular phone, email, EMEA, encryption, Iphone, privacy, security, spy, technology, USA | Leave a comment

Hacker Spoofs Cell Phone Tower to Intercept Calls

LAS VEGAS — A security researcher created a cell phone base station that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear.

The device tricks the phones into disabling encryption and records call details and content before they’re routed on their proper way through voice-over-IP.

The low-cost, home-brewed device, developed by researcher Chris Paget, mimics more expensive devices already used by intelligence and law enforcement agencies – called IMSI catchers – that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that’s stronger than legitimate towers in the area.

“If you have the ability to deliver a reasonably strong signal, then those around are owned,” Paget said.

Paget’s system costs only about $1,500, as opposed to several hundreds of thousands for professional products. Most of the price is for the laptop he used to operate the system.

Doing this kind of interception “used to be a million dollars, now you can do it with a thousand times less cost,” Paget said during a press conference after his attack. “If it’s $1,500, it’s just beyond the range that people can start buying them for themselves and listening in on their neighbors.”

Paget’s device captures only 2G GSM calls, making AT&T and T-Mobile calls, which use GSM, vulnerable to interception. Paget’s aim was to highlight vulnerabilities in the GSM standard that allows a rogue station to capture calls. GSM is a second-generation technology that is not as secure as 3G technology.

Encrypted calls are not protected from interception because the rogue tower can simply turn it off. Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed.

“Even though the GSM spec requires it, this is a deliberate choice on the cell phone makers,” Paget said.

The system captures only outbound calls. Inbound calls would go directly to voicemail during the period that someone’s phone is connected to Paget’s tower.

The device could be used by corporate spies, criminals, or private investigators to intercept private calls of targets.

“Any information that goes across a cell phone you can now intercept,” he said, except data. Professional grade IMSI catchers do capture data transfers, but Paget’s system doesn’t currently do this.

His setup included two RF directional antennas about three feet long to amplify his signal in the large conference room, a laptop and open source software. The system emitted only 25 milliwatts, “a hundred times less than your average cell phone,” he said.

Paget received a call from FCC officials on Friday who raised a list of possible regulations his demonstration might violate. To get around legal concerns, he broadcast on a GSM spectrum for HAM radios, 900Mhz, which is the same frequency used by GSM phones and towers in Europe, thus avoiding possible violations of U.S. regulations.

Just turning on the antennas caused two dozen phones in the room to connect to Paget’s tower. He then set it to spoof an AT&T tower to capture calls from customers of that carrier.

“As far as your cell phones are concerned, I am now indistinguishable from AT&T,” he said. “Every AT&T cell phone in the room will gradually start handing over to my network.”

During the demonstration, only about 30 phones were actually connecting to his tower. Paget says it can take time for phones to find the signal and hand off to the tower, but there are methods for speeding up that process.

To address privacy concerns, he set up the system to deliver a recorded message to anyone who tried to make a call from the room while connected to his tower. The message disclosed that their calls were being recorded. All of the data Paget recorded was saved to a USB stick, which he destroyed after the talk.

Customers of carriers that use GSM could try to protect their calls from being intercepted in this manner by switching their phones to 3G mode if it’s an option.

But Paget said he could also capture phones using 3G by sending out jamming noise to block 3G. Phones would then switch to 2G and hook up with his rogue tower. Paget had his jammer and an amplifier on stage but declined to turn them on saying they would “probably knock out all Las Vegas cell phone systems.”

Photo: Dave Bullock

Link

August 1, 2010 Posted by | cellular phone, eavesdrop, EMEA, encryption, espionage, illegal, mobile, phone tap, privacy, security, spy, tap, technology, USA, wiretap | Leave a comment

Sigillu Contact Us Page

July 23, 2010 Posted by | Android, BlackBerry, bugging devices, Canada, cellular phone, contraespionaje, correo electronico, countersurveillance, criptografia, dispositivos de escucha, eavesdrop, email, email, encryption, escuchas telefonicas, espionage, espionaje, ilegal, illegal, inalambrico, intercepcion, Iphone, mensajes de texto, mobile, Nextel, Nokia, PBX, phone tap, privacidad, privacy, security, seguridad, Skype, SMS, spy, surveillance, tap, technology, tecnologia, telefonia celular, text message, USA, Windows, Windows Mobile, wireless, wiretap | Leave a comment

On iPhone, beware of that AT&T Wi-Fi hot spot

cnet – A security researcher has discovered that any wireless network can pretend to be an AT&T Wi-Fi hot spot and thus lure unsuspecting iPhone users to an untrusted network connection.

Samy Kamkar, who created a worm that garnered him a million friends on MySpace overnight in 2005, said in an interview this week that he can hijack any iPhone within Wi-Fi range in what is often dubbed a “man-in-the-middle” attack because of the way the devices are configured to recognize AT&T Wi-Fi connections merely by the name “attwifi.”

Typically, an iPhone will look for a specific MAC address–the unique identifier for the router–to verify that the wireless network is a device a user agreed to join previously. However, if the iPhone has previously connected to any one of the numerous free AT&T Wi-Fi hot spots (offered at virtually every Starbucks in the U.S., for example) the device will ignore what the MAC address says and simply connect to the network if it has “AT&T Wifi” attached, Kamkar said.

“The iPhone joins the network by name with no other form of authentication,” he said.

Kamkar said he made this discovery recently when he was at a Starbucks and disconnected from the AT&T Wi-Fi network.

“I went into the settings to disconnect and the prompt was different from normal,” he said. “I went home and had my computer pretend to be an AT&T hot spot just by the name and my iPhone continued to connect to it. I saw one or two other iPhones hop onto the network, too, going through my laptop computer. I could redirect them, steal credentials as they go to Web sites,” among other stealth moves, if he had wanted to.

To prove that a hijack is possible, Kamkar wrote a program that displays messages and can make other modifications when someone is attempting to use the Google Maps program on an iPhone that has been intercepted. He will be releasing his hijacking program via his Twitter account: http://twitter.com/samykamkar.

Kamkar hasn’t attempted the hijack on an iPod Touch, but plans to determine whether it has the same vulnerability.

iPhone users can protect themselves by disabling their Wi-Fi, or they can turn off the automatic joining of the AT&T Wi-Fi network, but only if the device is within range of an existing AT&T hot spot, Kamkar said.

Asked for comment an Apple spokeswoman said: “iPhone performs properly as a Wi-Fi device to automatically join known networks. Customers can also choose to select to ‘Forget This Network’ after using a hot spot so the iPhone doesn’t join another network of the same name automatically.”

Kamkar, an independent researcher based in Los Angeles, first made a name for himself by launching what was called the “Samy” worm on MySpace in order to see how quickly he could get friends on the social-networking site. The cross-site scripting (XSS) worm displayed the words “Samy is my hero” on a victim’s profile and when others viewed the page they were infected.

He served three years of probation under a plea agreement reached in early 2007 for releasing the worm.

Source: cnet

June 22, 2010 Posted by | bugging devices, cellular phone, countersurveillance, eavesdrop, email, encryption, English, espionage, illegal, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, text message, USA, wireless, wiretap | , , , , , , , , , , , , | Leave a comment

Hacker Unleashes BlackBerry Spyware

Proof-of-concept demonstrates ease at which mobile spyware can be created to pilfer text messages and email, eavesdrop, and track victim’s physical location via smartphone’s GPS.

Tyler Shields, senior researcher for Veracode’s Research Lab, also released proof-of-concept source code for a spyware app he created and demonstrated at the hacker confab in Washington, D.C., that forces the victim’s BlackBerry to hand over its contacts and messages. The app also can grab text messages, listen in on the victim, as well as track his physical location via the phone’s GPS. The spyware sits on the victim’s smartphone, and an attacker can remotely use the app to dump the user’s contact list, email inbox, and SMS message. It even keeps the attacker updated on new contacts the victim adds to his contact list. “This is a proof-of-concept to demonstrate how mobile spyware and applications for malicious behavior are trivial to write just by using the APIs of the mobile OS itself,” Shields says.{hwdvideoshare}id=23|width=|height={/hwdvideoshare}Smartphones are expected to become the next big target as they get more functionality and applications, yet remain notoriously unprotected, with only 23 percent of its users deploying security on these devices. And smartphone vendors for the most part have been lax in how they vet applications written for their products, security experts say.

“Personal information is traveling from the PC to the smartphone. The same data they are attacking on the PC is now on a lower-security form factor where security is less mature,” Shields says. “It makes sense that [attackers] will follow the money to that new device.”

His spyware app, TXSBBSpy, could be plugged into an innocuous-looking video game or other application that a user would download. Then the bad guys could harvest contacts they could sell for spamming purposes, for instance, he says. Although Shields’ spyware app is only a blueprint for writing a spyware app, writing one of these apps is simple, he says.

“If we try to tell ourselves that the bad guys don’t already know how to do this, we’re lying. This is trivial to create,” he says. Shields has posted a video demo of his BlackBerry spyware tool.

Indeed, smartphone apps were a hot topic last week: A researcher at Black Hat DC demonstrated his own spyware app for iPhones, SpyPhone, which can harvest email addresses as well as information from the user’s Safari searches and his or her keyboard cache. Nicolas Seriot, a software engineer and scientific collaborator at the Swiss University of Applied Sciences, says Apple iPhone’s review process for apps doesn’t stop these types of malicious apps from being downloaded to iPhone users.

Veracode’s Shields says app stores such as BlackBerry’s, where users download free or fee-based applications for their phones, can be misleading to users. “The app store makes the problem worse by giving customers a sense of security, so they don’t necessarily screen for this ‘trust’ button,” Shields says.

The problem is that mobile spyware is “trivial” to create, and the security model of most mobile platforms is inadequate because no one uses the security features and sandboxing methods that protect user data, he says.

Shields recommends that enterprises using BlackBerry Enterprise Server set policies that restrict users from downloading third-party applications or whitelist the ones that are vetted and acceptable.

Users can also configure their default app permissions so that when an app tries to access a user’s email or contact list, the OS prompts the user for permission. Shields says to avoid setting an app to “trusted application status.”

As for app store owners like BlackBerry AppWorld, Apple iTunes, and Google Android Marketplace, Shields recommends the vendors check the security of all applications in these stores. That way, apps would undergo a rigorous vetting process before they hit the stores. “Some are [doing this], but I’m not sure to what degree,” he says. “Regardless of what they are catching or not, they are not telling us what they are looking for.”

Shields’ TXSBBSpy spyware, meanwhile, isn’t the first such tool for the BlackBerry. There’s the controversial tool FlexiSPY, aimed at tracking employees, children, or cheating spouses, but considered by anti-malware companies as malicious code. And there has been at least one documented case of a major spyware infiltration on the BlackBerry: Users in the United Erab Emirates last year were sent a spyware-laden update to their BlackBerrys on the Etisalat network.

Written by :

June 22, 2010 Posted by | bugging devices, cellular phone, countersurveillance, eavesdrop, email, encryption, English, espionage, illegal, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, text message, Uncategorized, USA, wireless, wiretap | , , , , , , , , , , | Leave a comment

Surveillance Self Defense (From EFF’s site)

Easy interception. Cell phone communications are sent through the air like communications from a walkie-talkie, and encryption is usually inadequate or absent. Although there are substantial legal protections for the privacy of cell phone calls, it’s technologically straightforward to intercept cell phone calls on many cell networks without the cooperation of the carrier, and the technology to do this is only getting cheaper. Such interception without legal process could be a serious violation of privacy laws, but would be immensely difficult to detect. U.S. and foreign intelligence agencies have the technical capacity to intercept unencrypted and weakly encrypted cell phone calls on a routine basis.

Link

June 21, 2010 Posted by | cellular phone, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, USA, wiretap | Leave a comment

Phone Eavesdropping in Vogue Again

With traditional identity theft channels now closing, fraudsters are increasingly targeting unprotected voice conversations to obtain confidential insider information, passwords and PIN codes without detection. Voice correspondence is almost always uncharted territory for business security armour under the false assumption that phone hacking is a highly sophisticated and expensive means of attack.

The days of phone fraud involving thousands of pounds of equipment and an extensive army of technology experts are long gone. Only in December it was revealed that a computer engineer had broken the algorithm used to encrypt the majority of the world’s digital mobile phone calls online, and published his method…

Link


June 13, 2010 Posted by | bugging devices, eavesdrop, espionage, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, wiretap | Leave a comment

Silvio Berlusconi wiretap victory in confidence vote

Wiretapping is a widespread practice in Italy. Just this week it emerged that both Pope Benedict XVI and Hillary Clinton, the US secretary of state, had been inadvertently taped by Italian investigators.

They were recorded during telephone conversations with the head of Italy’s civil protection agency, Guido Bertolaso, who was being wire-tapped as part of an investigation into allegations of corruption over the awarding of contracts for the building of a venue for last year’s G8 conference.

The prime minister has insisted that police have been allowed to carry out far too many wiretaps. He has claimed that the leaking of transcripts to the media could destroy the reputation of public figures before a case had even come to trial.

Link

June 12, 2010 Posted by | EMEA, espionage, illegal, phone tap, privacy, security, spy, USA, wiretap | Leave a comment

Legal spying via the cell phone system

Two researchers say they have found a way to exploit weaknesses in the mobile telecom system to legally spy on people by figuring out the private cell phone number of anyone they want, tracking their whereabouts, and listening to their voice mail.
Independent security researcher Nick DePetrillo and Don Bailey, a security consultant with iSec Partners, planned to provide details in a talk entitled “We Found Carmen San Diego” at the Source Boston security conference on Wednesday.
“There are a lot of fragile eggs in the telecom industry and they can be broken,” Bailey said in an interview with CNET. “We assume the telecom industry protects our privacy. But we’ve been able to crack the eggs and piece them together.”
The first part of the operation involves getting a target’s cell phone number from a public database that links names to numbers for caller ID purposes. DePetrillo used open-source PBX software to spoof the outgoing caller ID and then automated phone calls to himself, triggering the system to force a name lookup.
“We log that information and associate it with a phone number in a (caller ID) database,” DePetrillo said. “We created software that iterates through these numbers and can crawl the entire phone database in the U.S. within a couple of weeks… We have done whole cities and pulled thousands of records.”
“It’s not illegal, nor is it a breach of terms of service,” Bailey said.
Next up is matching the phone number with a geographic location. The SS7 (Signaling System) public switched network routes calls around the world and uses what’s called the Home Location Register to log the whereabouts of numbers so networks can hand calls off to one another, DePetrillo said. Individual phones are registered to mobile switching centers within specific geographic regions and they are logged in to that main register, he said.
Only telecom providers are supposed to have access to the location register, but small telcos in the EU are offering online access to it for a fee, mostly to companies using it for marketing data and cost projections, according to DePetrillo.
“Using previous research on the subject as a starting point, we’ve developed a way to map these mobile switching center numbers to caller ID information to determine what city and even what part of a city a phone number is in” at any given moment, he said. “I can watch a phone number travel to different mobile switching centers. If I know your phone number, I can track your whereabouts globally.”
For instance, the researchers were able to track a German journalist talking to a confidential informant in Serbia and follow his travels back to Germany, as well as obtain the informant’s phone number, Bailey said.
Bailey said he had contacted telecom providers with the information on how industry outsiders were able to get to information believed to be privileged to the providers, but said the hands of GSM providers in the U.S. are tied.
“The attack is based on the assumption of how the networks work worldwide,” he said. “For interoperability and peer sake, the larger providers in the U.S. have to hand out the information to other providers.”
Asked what cell phone users can do to protect themselves, Bailey said, “people are just going to have to be made aware of the threat.”
It’s also relatively easy to access other people’s voice mail, a service that’s been around for years from providers like SlyDial. They operate by making two nearly simultaneous calls to a target number, one of which disconnects before it is picked up and another that goes straight into voice mail because of the earlier call. This enables the caller to go directly to voice mail without the phone ringing. DePetrillo and Bailey re-created that functionality for purposes of their legal spying scenario.
“If I want to find Brad Pitt, I find his number using the caller ID database, use Home Location Register access to figure out what provider he has. T-Mobile is vulnerable to voice mail spoofing so I get into his voice mail and listen to his messages,” said DePetrillo. “But I can also have the system tell me the numbers of the callers and I can take those numbers and look them up in the caller ID database and use the Home Location Register system to find their providers and break into their voice mail, and so on.”
This can allow someone to make a social web of people, their cell numbers, the context of their voice mail, and their relationships to others, he said.
“These attack scenarios are applicable to corporations and individual users alike,” DePetrillo said. “Corporations specifically should start to take a look at their security policies for executives as this can impact a business very hard, with insider trading, tracking of executives, etc.”

May 13, 2010 Posted by | bugging devices, cellular phone, countersurveillance, eavesdrop, encryption, English, illegal, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, text message, Uncategorized, wireless, wiretap | | Leave a comment

‘Colombian govt involved in illegal wiretaps’

das, wire tapping, colombia, gobernment

In a special report on Tuesday Colombian news source CM& claimed to have access to documents proving that information collected through the surveillance and wiretapping of judges, journalists and politicians conducted by security agency DAS was passed on to members of the government.

The documents were obtained by the Prosecutor General’s Office and used to justify the arrest of five former DAS officials last Friday.

Among the documents is allegedly a file labeled “President Uribe,” which was used by the DAS officials to collate “documents of interest to the Colombian president.”

A second document allegedly shows evidence of the surveillance of journalist Holman Morris by the security agency, including an apparently illegally-obtained email written by Morris.

The final piece of evidence mentioned in CM&’s report documents the opinions and intentions of Supreme Court magistrates concerning the re-election referendum of President Alvaro Uribe.

The report is allegedly also labeled with the word “President” and documents which of the court’s magistrates were against the approval of a referendum that would allow for the potential re-election of Uribe to his third term as president.

In reference to the new evidence, the president of Colombia’s Supreme Court, Jaime Arrubla, said on Mondaythat “everything seemed to indicate” that the government had been directly involved in the wire-tapping of court magistrates, which he found “horrifying.”

Arrubla accused the Colombian government of a “conspiracy of the state against the court, a criminal action” and requested a full investigation of the aides of President Uribe who have been implicated in the scandal.

Speaking to national media, Gustavo Petro, the presidential candidate for political party Polo Democratico, also recommended that an investigation be opened into allegations against President Uribe.

“There is no doubt that the political responsibility lies with President Uribe,” said Petro, adding that the inspector general must conduct investigations, “proceeding according to his duty and showing his independence.”

statement released by the Colombian government on Monday, however, denied all allegations of involvement in the wiretapping scandal, saying, “Following stories in the press related to the investigation carried out by the Prosecutor General’s Office about alleged illegal wiretaps, the Presidency of the Republic wishes to state that not one employee of the Casa de Nariño has met with officials to instruct or order the interception (of communication) or shadowing of magistrates, politicians or any person. All officials are willing to appear before the judicial bodies to ratify that the Casa de Nariño never has given instructions in this sense.”

New evidence collected will primarily be used to investigate charges against the scandal-ridden DAS for illegal wire-tapping and surveillance activities.

Link

April 19, 2010 Posted by | Colombia, espionage, illegal, phone tap, privacy, security, spy, surveillance, tap, wiretap | Leave a comment

« Previous Entries