Tag Archive for Hack

RB | March 26, 2011
No comments

iPad Notes

Researchers Outline iOS Attack to Access Stored Passwords in Six Minutes

Apple ComputersFierceCIO reports that researchers from Germany’s Fraunhofer Institute for Secure Information Technology say (PDF) they can break into an Apple (AAPL) iOS device (iPhone or iPad) to extract stored passwords in just six minutes. The attach requires physical access to the iOS device. Once boosted, large swaths of the iOS file system could be swiftly pried open by hackers.

Data that can be exploited includes account passwords for MS Exchange ActiveSync, LDAP, VPN and Wi-Fi. A successful attack starts with a jailbreak, followed by installing an SSH server to load a script to get access to the keychain entries which contain the passwords.

Based on this weakness, the author says that iOS needs work, “… a proper implementation of security using best practices could require a rewriting of key security components in Apple’s iOS.” He concludes that, “… organizations deploying the iOS hardware at the moment might find it prudent to perform encryption at the app level instead of relying on the iPhone’s or iPad’s broken passphrase system.”

iPhone Password Hack Shows Flawed Security Model

Ars Technica has different article on the latest iOS vulnerability. Ars argues that the attack isn’t entirely new, and is actually a product of Apple’s “DRM approach” to security. Forensics expert Jonathan Zdziarski told Ars that similar exploits have been around since Apple introduced the iPhone 3G. According to Mr. Zdziarski,

The real problem is that Apple hasn’t yet fully implemented a truly secure environment for iOS. Apple has … been relying on their DRM know-how, and just erasing the label that says ‘DRM’ and calling it ‘security. The problem with this is that DRM only makes things a little more difficult for hackers.”

“Real security relies on the strength of the key, and the secrecy of the key,” Mr. Zdziarski continued. “And as long as the keys are all stored on the iPhone and don’t rely on a user password, they can easily be compromised.”

The Ars article says that while Apple has continually improved the iDevices information security , they all have the same flaws. Mr. Zdziarski told Ars he believes Apple is pushing to make iOS devices compliant with the FIPS 140-2 (PDF) security standards. However he warns that. “… at the end of the day … Apple will need to abandon their DRM approach if they want true security, as opposed to just some fancy marketing strategies.”

VMware Unleashes Virtual Desktops for Apple iPad

VMware for iPadNetwork World is reporting that VMware (VMW) has released VMware View Client for iPad to the Apple App Store. “We’ve been working on it since the middle of last year,” says Pat Lee, director of end-user computing clients at VMware.

VMware said it had trouble making Windows work as a virtual desktop on the iPad. “Windows really isn’t touch-savvy,” Lee says. VMware tried to adapt the iPad experience to Windows. “We spent a lot of time building custom gestures to make sure it blends into the iOS experience,” Lee says.

VMware created a virtual trackpad that can appear on the screen. “We want it to be as logical as possible,” Lee says. VMware promised “instant-on” access to Windows desktops from the iPad, as well as support for Bluetooth keyboards. VMware is using  PCoIP to deliver the remote desktops and says the client will offer a secure connection to server-hosted desktops.  The View client for iPad will be free for existing users, who are charged either $150 or $250 per seat.

The VMware announcement comes after Citrix (CTXS)  released Receiver for iPad, and Parallels developed Parallel’s Mobile, an iPad desktop application.

Contracts HD for iPad: Give Contracts the Finger

Hat tip to AppScout for finding Contracts HD for iPad. They say that it  is one of those apps that is breathing life into the existence and usefulness of the tablet device. Contracts HD is designed to allow any Apple (AAPL) iPad user to create, collaborate, sign, and email completed contracts using iPad’s dynamic touch-screen interface. The app also provides a database of contract templates for which anyone can add an addendum to all existing contracts, auto-fill appropriate fields within the contract with your exact information, and allows both parties to sign contracts safely and securely by using a fingertip.

Once the contract is signed, and all parties have received their PDF copies via email, you can save contracts to a secure archive for easy access later. Contracts HD also has a little brother app for iPhone that enables you to synchronize contracts between devices.  Contracts HD for iPad is $9.99 in the iTunes App Store ($4.99 for the iPhone version).

Category: Hardware | Tags: , , , , , ,
RB | November 11, 2009
No comments

MS Cop Tool Leaked

securityI recently wrote about Microsoft’s COFEE computer forensics tool here and three weeks later,  Yobie Benjamin at SFGate writes that MS’s COFEE, “One of the most important tools in computer forensics and law enforcement,” was apparently uploaded to bit torrent site What.CD on November 09, 2009 and is now available on the Internet.

What.CD management issued a statement, “Suddenly, we were forced to take a real look at the program, its source, and the potential impact on the site and security of our users and staff… And when we did, we didn’t like what came of it. So, a decision was made. The torrent was removed (and it is not to be uploaded here again).”

DarkReading says that COFEE was so sought after in the computer underground that an enormous bounty ofMicrosoft Logo 1.6 terabytes of capacity was offered to the first one who would upload the software.

Robert Graham on DarkReading explains that the version on COFEE om BitTorrent contains only Microsoft tools, so I don’t know for certain what other tools it might run. Yet similar forensics toolkits all run the same sorts of programs. They run standard tools for grabbing the browser history (from Firefox and IE). They run versions of “pwdump” to grab the password hashes for offline cracking. They copy the browser cache. They look for recently changed files. They might scour the hard drive and take an MD5 hash of all the files. They look for unique device IDs, such as your MAC address or built-in hard drive ID.

ballmerOne of the worries is that now that the tool is public, criminals can now defend against it. This is nonsense according to Graham. Police forensics are already well-known, and criminals already know how to defend against them. Graham, concludes that tools like COFEE don’t do anything extra that is unknown or secret. What makes them dangerous (to criminals) is that law enforcement agents can run them without much training, in an automated fashion.

Category: Security | Tags: , ,
RB | August 28, 2009
No comments

WPA Gone in 60 Seconds

securityJapanese researchers have identified a WPA hack which could give hackers a way to read encrypted Wi-Fi traffic  in less than 1 minute. Toshihiro Ohigashi (Hiroshima University) and Masakatu Morii (Kobe University) presented a way to break the WPA (Wi-Fi Protected Access) encryption system at the Joint Workshop on Information Security.  The researchers outlined their work in paper called “A Practical Message Falsi cation Attack on WPA“  on August 7, 2009.

wifiThe new attack builds on 2008 research from Darmstadt University of Technology graduate sstudents Martin Beck and Erik Tews who proved that WPA Temporal Key Integrity Protocol (TKIP) could be attacked. The Beck-Tews attack only worked on short packets in a WPA implementations that supported 802.11 quality of service (QOS) features and took between 12 and 15 minutes to work.

The new threat utilizes a “man in the middle” (MITM) attacks on WPA TKIP systems. The MITM attack  uses the the “chopchop” attack on a short packet (like ARP broadcasts), deciphers its 64-bit Message Integrity Code (MIC), and can then craft whatever packet it wants. The new packet is coded with the proper checksums and passed along to the access point, which should accept it as genuine. Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated told IDGNews, “They took this stuff which was fairly theoretical and they’ve made it much more practical.”

Both attacks work only on WPA systems that use the  TKIP  algorithm.   The new attack does not work on newer WPA2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm. Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, said that people should now use WPA2. She told IDGNews,  WPA with TKIP “was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago.”

Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, Robert Graham, CEO of Errata Security t0ld ars technica. He continues, the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. “It’s not as bad as WEP, but it’s also certainly bad.”

rb-

This is only an issue of the WLAN is secured at all.  Motorola published a report in April 2009  that says 64% of companies are neglecting WLAN security. The report claims that only 47% of companies are using Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA) encryption on their wireless networks.

These attacks highlight the weaknesses of TKIP-based WLAN encryption. WPA TKIP was developed to fix the worst of the security holes in the first Wi-Fi encryption protocol, WEP. Wi-Fi-certified products have had to support WPA2 since March 2006 . Users should move to AES-CCMP which requires WPA2 Personal for home and small office networks or WPA2 Enterprise for larger networks. Using AES-CCMP may requires that some network equipment installed before 2003 be reviewed as AES supports key lengths up to 256 bits, which may not be compatible with older hardware. Any remaining equipment of this vintage may need to be  be upgraded to newer Wi-Fi adapters, switched to Ethernet only, or retired. WPA2 has not shown any vulnerabilities to date. There is no real good reason to try to secure your WLAN with WPA-TKIP anymore.

Category: Security, wi-fi | Tags: , , ,
RB | July 18, 2009
No comments

PBX Hacks Cost $55 Million

security

The U.S. Justice Department unsealed indictments against three Filipino residents on 06-12-2009 for an international PBX hacking scheme. According to Security Fix , the three are accused of hacking into thousands of private telephone networks in the US and abroad, and then selling access to those networks at call centers in Italy that advertised cheap international calls and used the profits to help finance terrorist groups in Southeast Asia.

The U.S. government alleges that the individuals arrested in the Philippines were responsible for hacking private branch exchange (PBX) systems and voice mail systems owned by more than 2,500 companies world-wide. The indictments alleges that between October 2005 and December 2008, Manila residents Mahmoud Nusier, Paul Michael Kwan and Nancy Gomez broke into PBX and voice mail systems, mainly by exploiting factory-set or default passwords on the systems. According to Erez Liebermann,  assistant U.S. attorney for New Jersey, “The default passwords were left open in most of these PBX systems”.

The government charges that Italian call center operators paid the hackers $100 for each hacked PBX system they found. The defendants are charged with computer hacking, conspiracy to commit wire fraud, and access device fraud. The case was filed in the U.S. District Court of New Jersey, the home of long distance provider AT&T. The  documents allege the thieves used the hacked PBX systems to relay more than 12 million minutes in unauthorized international phone calls, or $55 million worth of telephone charges.

According to Reuters the defendants  allegedly sold access to the compromised systems to 40-year-old Pakistani Mohammed Zamir, the manager of a call center in Brescia, Italy. Italian authorities arrested Zamir and at least four other Pakistani men operating call centers throughout Northern Italy. According to the AP and Carlo De Stefano, head of Italy’s anti-terrorism police unit, much of the proceeds were sent to the Philippines and may have been forwarded to Islamic extremist groups in the region, including Al-Qaeda-linked Abu Sayyaf. “There are strong suspicions and some clues, but nothing concrete,” De Stefano said.

Rb-

No matter the system (TCM, VoIP, SIP, T’s) sloppy installation practices can make any type of system vulnerable. That’s why I always include a requirement that all manufacturer and VAR account passwords be changed before the equipment is brought on-site and that they be changed by the Owner at time of acceptance of the system. I have started to back this up by tying this requirement to their PLM bond requirements.

We also recommend to our clients that they disable international calling by default on their system and only allow it as required, based on the concept of least privilege.

Category: Networking, Security | Tags: , ,
 

Switch to our mobile site