Wednesday, May 13, 2015

New Protection Against Commjacking (Wi-Fi & Cellular)

An Israel-based cyber security software company, CoroNet, announced on Tuesday the launch of a breakthrough product addressing the fastest growing cyber threat worldwide -- cellular and Wi-Fi hacking or “commjacking.” Commjacking involves an attacker hijacking a communication channel between any device and the WiFi network or cellular tower to which it is connected. CoroNet is launching a new software service that that detects and evades commjacking on networks, in real-time, making any device resilient to the attack...

“Equipment used for commjacking used to be only in government domains because it cost some $2.5 million and was very large,” said Liwer. “Now, equipment which used to require a whole van to transport fits into a 13-inch laptop bag and costs between $29 and $1500 dollars for cellular or Wi-Fi.”

Cellular hacking stations or IMSI Catchers are now the size of a 13-inch lap top, making it cheap and convenient to access. (Reuters)

It happens like this. Cell phones are designed to look for the closest and best cellular connection on their particular network and then automatically connect to it. The cell phone doesn’t ask your permission to connect to that tower because its job, fundamentally, is to ensure you have the best possible service you can get wherever you are.

By setting up a “fake” tower (that 13-inch laptop sized hardware we mentioned before) the attacker can force any nearby smartphones or cellular devices to join his network. The hacker then has the ability to see and collect all the data flowing to and from your device as it travels to the real cellular tower. The tools are so efficient there’s no lag in transmission at all, and victims won’t even notice they’ve been attacked.

“This is a completely unprotected backdoor,” Liwer said, “And it’s unprotected because any research on protection against this has been suppressed by governments around the world who enjoyed having that backdoor. They never imagined this technology would leak into the hands of the wrong people. But now it leaves the majority of the population completely defenseless.”

According to Liwer, there are two main types of attackers who use these cell phone spying tools: Members of organized crime and tactical targeted attackers.

The first kinds of attackers have the goal of gathering as much data as they possibly can...

The other kinds of attackers are known as tactical targeted attackers. These are attackers who are employed to conduct corporate or government espionage. These attackers are hoping to gather very specific kinds of data. Often times the data has been encrypted, for example via a VPN, and so the attacker will seek to disable that encryption method, forcing the target to use less secure means of transmitting information. If the target can’t be forced to use a less secure methods, however, the attacker can still gather that encrypted data and with a little time and effort decrypt it.

“Encryption works on keys,” said Liwer “and in order to get encryption keys all you need is computing power and time … in the last two years the cost of computing went down dramatically. An attacker can have a super computer working for him on Amazon servers for pennies per minute. If the information is important enough to him, he will be able to get it.”

In light of these attacks, Liwer and the team at CoroNet have been working on a groundbreaking new solution they hope will help close the gaping backdoor in our cellular communications. The software service CoroNet is launching has the ability to detect commjackers in the network and route data and voice around the attacker to safe network nodes, so that the device will not be able to connect to the malicious network.

“Think of CoroNet as a sonar,” Liwer said, “and the networks, both cellular and Wi-Fi, around your device as the ocean. Using about 300 different parameters we are able to construct an image of the network outside of your device, identify anomalies in the network behavior and mark those anomalies as hostile or non-hostile,” said Liwer.


CoroNet's new software service detects and evades cellular commjack attacks, helping users stay safe. CoroNet

Using a complex algorithmic system, CoroNet’s software examines network behavior over time and identifies patterns attackers execute to lure devices into their network or disturb the network around in general.

“We can’t see the cellular and Wi-Fi networks surrounding us, but they are a physical thing,” said Liwer, in which attackers leave their “footprints.”

CoroNet real time threat map. more