June 12th, 2009

Researchers demo wireless keyboard sniffer for Microsoft 27Mhz keyboards

Posted by Dancho Danchev @ 10:28 am

Categories: Botnets, Malware, Microsoft, Passwords, Privacy, Research, Wireless

Tags: Wireless Keyboard, Logitech, Microsoft Corp., Wireless, Keyboards, Hardware, Peripherals, Dancho Danchev

Researchers from Remote-Exploit.org, the home of the BackTrack pen-testing Linux distribution, have recently released an open source wireless keyboard sniffer Keykeriki, capable of sniffing and decoding keystrokes of Microsoft 27Mhz based keyboards through on-the-fly deciphering of XOR based encryption.

Their wartyping — decoding signals from wireless keyboards — proof of concept is based on a research paper published by the group one and a half years ago:

Read the rest of this entry »

March 6th, 2009

Security holes in Apple Time Capsule, AirPort Base Station

Posted by Ryan Naraine @ 5:53 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Locally Running Web Servers, Malware, Mobile (In)Security, Patch Watch, Wi-Fi security, Wireless

Tags: Message, IPv6, Packet, Apple Inc., Telecommunications, Networking, Security, Ryan Naraine

Apple has released a firmware update with fixes for three documented security vulnerabilities affecting its Time Capsule and AirPort Base Station products.

The vulnerabilities could lead to denial-of-service or information disclosure attacks via specially crafted packets. Details on the vulnerabilities:

Read the rest of this entry »

January 22nd, 2009

GPU-Accelerated Wi-Fi password cracking goes mainstream

Posted by Dancho Danchev @ 1:09 pm

Categories: Hackers, Passwords, Pen testing, Wi-Fi security, Wireless

Tags: Security, WiFi, Wardriving, Password Recovery, Password Cracking, ElcomSoft, Dancho Danchev

No weak password can survive a GPU-accelerated password recovery attack. Last week’s released Wireless Security Auditor is prone to shorter the time it takes for a network administrator to pen-test the strength of the WPA/WPA2-PSK passwords used on the wireless network. Its core functionality of shortening the wireless password recovery time up to a hundred times based on the GPU used, is naturally going to empower unethical wardrivers with the ability to easily guess the no longer considered secure 8 character passwords.

Read the rest of this entry »

December 12th, 2008

McCain sells off unwiped campaign BlackBerry to reporter for $20

Posted by Adam O'Donnell @ 12:52 pm

Categories: Data theft, Governments, Mobile (In)Security, Privacy, United States of America, Wireless

Tags: Information Security, Phone, Data Retention, RIM BlackBerry, McCain, Handhelds, Security, Hardware, Adam O'Donnell

A reporter picked up a used BlackBerry in the massive liquidation of the McCain campaign holdings. It turns out that someone forgot to wipe the contents of the Blackberry’s memory.
Read the rest of this entry »

October 16th, 2008

Survey: 88% of Mumbai's wireless networks easy to compromise

Posted by Dancho Danchev @ 3:11 pm

Categories: Hackers, Passwords, Pen testing, Privacy, Wi-Fi security, Wireless

Tags: Security, Wireless Security, Wardriving, Deloitte, India, Dancho Danchev

Deloitte’s recently released Wireless Security Survey assessing Mumbai’s — India’s financial capital — state of security awareness in respect to wireless security, shows an ugly picture of insecure wireless networks in both, business, and residential districts. With Mumbai being the home of India’s most important financial institutions, next to the majority of multinational corporations, it may also turn into the playground for the next high profile data breach.

The key findings of the survey are:

• Of the 6729 wireless networks seen, 36% appeared to be unprotected i.e. without any encryption
• 52% were using low level of protection i.e. Wired Equivalent Privacy (WEP) encryption
• Over 95% of the networks broadcast their SSID, with 25% of these using their router’s default SSID
• Balance 12% were using the more secure Wi-Fi Protected Access (WPA)

What’s the practical applicability of these insecurities?

Read the rest of this entry »

October 1st, 2008

What, me worry (about mobile viruses)?

Posted by Adam O'Donnell @ 8:29 am

Categories: Anti Virus, Malware, Mobile (In)Security, Wireless

Tags: Mobile, Handset, Malware, Cell Phone, Virus, Mobile Malware, Handset Population, Cyberthreats, Spyware, Adware & Malware, Advertising & Promotion

Kaspersky, via PC Magazine, has graciously told the public to worry about mobile phone worms. I’m not worried, and there are many reasons why you shouldn’t be concerned… yet.
Read the rest of this entry »

August 27th, 2008

iPhone passcode lock rendered useless

Posted by Ryan Naraine @ 6:19 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Locally Running Web Servers, Mobile (In)Security, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Vulnerability research, Wireless

Tags: Apple iPhone, Register, Telecom & Utilities, E-mail, Online Communications, Ryan Naraine

Do not trust that passcode lock on Apple’s iPhone.

The feature, which lets users set a four-digit pincode to limit access to the device, can be easily bypassed with a few finger taps on the iPhone to give an intruder access to sensitive information.

Here are a few steps to reproduce this vulnerability (requires physical access to a passcode-protected device) to access the phone, e-mail and SMS messages, Google Maps and the full Safari browser:

• Read the rest of this entry »

August 20th, 2008

Visa, banks to test real-time fraud alerts

Posted by Ryan Naraine @ 8:53 am

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Java, Malware, Mobile (In)Security, Passwords, Phishing, Rootkits, Spam and Phishing, Spyware and Adware, Web 2.0, Web Applications, Wireless

Tags: Bank, Visa Inc., Transaction, Cardholder, Financial Services, Telecom & Utilities, Ryan Naraine

Credit card giant Visa is teaming up with with eight North American banks to deliver fraud alerts in real-time via SMS (text messages) and e-mails to cell phones.

The pilot program will allow about 2,000 Visa cardholders to set thresholds that will trigger an immediate transaction alert to a mobile device.  Once an alert is received, a cardholders can verify the transaction details, and if the transaction appears to be irregular, can immediately contact their bank to help stop further transactions on the card.

Alert types included in the pilot include:

Read the rest of this entry »

July 24th, 2008

Apple looking to hire iPhone hacker

Posted by Ryan Naraine @ 8:43 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Hackers, Hirings and firings, Kernel-level Exploits, Malware, Mobile (In)Security, Patch Watch, Pen testing, Research, Reverse Engineering, Wireless, Zero-day attacks

Tags: Apple iPhone, Apple Inc., Hacker, Security Mechanism, Security, Ryan Naraine

Apple is in the market for someone capable of hacking into the iPhone.

According to this job listing, the company is looking for an iPhone Security Engineer capable of, among other things, developing “proof of concept” attacks on the device’s current security mechanisms.

The successful candidate will be tasked primarily with validating the security architecture for the iPhone.

Some responsibilities:

• Review and provide feedback on security mechanisms implemented in OS X
• Provide risk analysis of potential security threats to our embedded products
• Develop “proof of concept” attacks on the current security mechanisms
• Come up with new and innovative ways of increasing security while preserving ease-of-use and increasing the quality of the end-user experience.
• Work cooperatively with other parts of CoreOS on cross-functional technologies and initiatives to enhance security and security policies

[ SEE: Apple caught neglecting iPhone security ]

This moves comes amidst news that the latest versions of iPhone are vulnerable to vulnerabilities that could aid phishing and spamming attacks.

Apple has also been criticized in the past for inordinate delays in shipping iPhone patches, a problem caused mostly because Apple’s agreement with carriers require every minor release is reviewed and approved, a mind-numbingly slow/exhaustive process.

* Photo credit: quinn.anya’s Flickr photostream (Creative Commons 2.0)

June 26th, 2008

Security researchers hack the London underground train for free ride

Posted by Nathan McFeters @ 7:22 pm

Categories: Complex Attacks, Dutch, Governments, Hackers, RFID, United Kingdom, Vulnerability research, Wireless, Zero-day attacks

Tags: Card, Smart Card, Researcher, Smart Cards, Security, Nathan McFeters

A group of Dutch security researchers were able to clone the “smartcards” that commuters use to pay fares in the London Underground system, allowing the group to ride for free.  This is an interesting attack vector that I actually talked to Adam Laurie about when I was at Black Hat Amsterdam.  I’ve spoken about similar hacks with a number of security researchers, and there’s been some interesting ideas proposed on the subject.  In fact, I may just try this on the laundry cards used in my apartment complex.  I promise a full write up on how it was done if I manage to pull something off.

I originally saw this story commented on in an article on Wired by Alexander Lew, which commented that:

There are more than 17 million of the transit cards, called Oyster Cards, in circulation. Transport for London says the breach poses no threat to passengers and “the most anyone could gain from a rogue card is one day’s travel.” But this is about more than stealing a free fare or even cribbing any personal information that might be on the cards.

Oyster Cards feature the same Mifare chip used in security cards that provide access to thousands of secure locations. Security experts say the breach poses a threat to public safety and the cards should be replaced.

 ”The cryptography is simply not fit for purpose,” security consultant Adam Laurie told the Telegraph. “It’s very vulnerable and we can expect the bad guys to hack into it soon if they haven’t already.”

For those not familiar, Adam Laurie is a major player in the computer security research field and has done a ton of interesting research on all number of wireless technology.  I’m working on getting Adam to write up a guest editorial or two on what he’s been working on lately. 

Read on…

[Images courtesy of Transport For London]

Read the rest of this entry »