Security Director Alert: Satellite Phone Encryption Cracked

Chinese researchers have discovered a way to rapidly decrypt satellite phone communications -- within a fraction of a second in some cases.

The paper, published this week, expands on previous research by German academics in 2012 by rapidly speeding up the attack and showing that the encryption used in popular Inmarsat satellite phones can be cracked in "real time."

Using their proposed inversion attack thousands of time on a 3.3GHz satellite stream, the researchers were able to reduce the search space for the 64-bit encryption key, effectively making the decryption key easier to find.

The end result was that encrypted data could be cracked in a fraction of a second. more

Early Radio Head Gear

According to an August 1930 issue of Modern Mechanix, a Berlin engineer invented the hat, which allowed its wearer to “listen to the Sunday sermon while motoring or playing golf, get the stock market returns at the ball game, or get the benefit of the daily dozen while on the way to work by merely tuning in.”



This was not, however, the first radio hat. The technology appears to date back to the early 1920s; a Library of Congress photo taken “between 1921 and 1924” features a man with a radio hat similar to Pathetone Weekly’s. Ultimately, neither hat seems to have made much of a splash among the public—but a radio hat designed two decades later certainly did.

In 1949, a Brooklyn novelty store introduced what they called “The Man From Mars Radio Hat.” A flurry of articles promoting it followed, and as did a temporary buying frenzy.

In one article, LIFE Magazine called the Man From Mars Radio Hat “the latest and silliest contribution to listeners who feel compelled to hear everything on the air.” more

NSA’s Leaked Bugging Devices - Reverse Engineered

Radio hackers have reverse-engineered some of the wireless spying gadgets used by the US National Security Agency. Using documents leaked by Edward Snowden, researchers have built simple but effective tools that can be attached to parts of a computer to gather private information in a host of intrusive ways.

The NSA’s Advanced Network Technology catalogue was part of the avalanche of classified documents leaked by Snowden, a former agency contractor. The catalogue lists and pictures devices that agents can use to spy on a target’s computer or phone. The technologies include fake base stations for hijacking and monitoring cellphone calls and radio-equipped USB sticks that transmit a computer’s contents.

But the catalogue also lists a number of mysterious computer-implantable devices called “retro reflectors” that boast a number of different surreptitious skills, including listening in on ambient sounds and harvesting keystrokes and on-screen images. more

FutureWatch: Cheap, difficult to detect, short-range, long-term bugs.

Researchers at the University of Washington (UW) have pioneered a technique where everyday objects can be embedded with transmitters that piggyback ambient FM signals to send data to nearby smartphones and radios using almost no power. 

The technique makes used of backscattering, which is the reflection of waves, particles, or signals back in the direction they came from. The system uses a low-power reflector to encode specific audio or data on top of reflected signals from an existing FM broadcast, with the data sent on an adjacent band so as not to interrupt any current radio transmissions.

The key benefit of the technology is that it has an extraordinarily low level of power consumption, meaning that it can easily be incorporated into everyday objects at a low cost...



The antennas are made of thin copper tape and can be simply embedded into objects like advertising posters or articles of clothing. Initial demonstrations of the technique showed the total power consumption of a transmitter embedded into a poster to be as little as 11 microwatts – an output that could run uninterrupted off a small coin-cell battery for two years...

The UW team has produced two working proof-of-concept prototypes demonstrating the technology. The first was dubbed a "singing poster" that transmitted portions of a band's music to a smartphone up to 12 ft (3.6 m) away, or a car up to 60 ft (18 m) away.  more

FutureWatch: Cheap, difficult to detect, short-range, long-term bugs. The traditional police "wire" invisibly woven into undercover investigators' clothing.  ~Kevin

Spy Radio History - The Rhode & Schwarz ESM500A

This receiver was used by the top government surveillance agencies worldwide during the 1990's (CIA, NSA, GCHQ, BND, etc.) Some countries may still be using it today.

Depending upon the installed options, it would have set the purchaser back from $25,000 to $40,000 USD.

ESM series receivers are highly prized by premium receiver collectors, radio museums, and amateur radio / TSCM enthusiasts. It is is considered to be one of the best communications receivers ever made.

More photos and a chance to own it, here.

FutureWatch: Powerless Bugs or Teslabestiola II (update)

Back in 2013, the Security Scrapbook alerted you to Ambient Backscatter as a developing technology with extreme potential, including electronic surveillance / eavesdropping. 

At that time I said, "Ambient Backscatter research is in its infancy. Imagine the possibilities. Technical espionage could see its biggest advancement since the transistor."

Today, Jeeva Wireless, is developing this technology and is about to come out of stealth mode. 

The technology is so interesting, NASA has posted Federal contract opportunity NND1710133Q, "a sole source contract under the authority FAR 13.106-1(b)(1)(i)."

Here is the update...

"A group of University of Washington engineers has raised capital to develop and commercialize a power-efficient way to generate WiFi transmissions.


Jeeva Wireless just reeled in a $1.2 million round, co-founder Shyamnath Gollakota confirmed with GeekWire. He declined to provide more details about the cash and how Jeeva will use it, as the Seattle startup is still in stealth mode.

The company’s co-founders are the same UW researchers who co-authored a study last year for a Passive Wi-Fi system that can generate WiFi transmissions using 10,000 times less power than conventional methods.

Not even low-power options such as Bluetooth Low Energy and Zigbee can match the system’s energy efficiency, based on the study that earned the UW team a place on MIT Technology Review’s top-ten list of breakthrough technologies in 2016. With the fresh funding, it appears that the company is ready to commercialize its innovation" more

Mobile Security: The InfoWorld Deep Dive

As iPhones, iPads, and Android devices become increasingly standard business equipment, IT organizations struggle on how to manage and secure them, and the data that runs through them.

Click to enlarge.

This guide, available in both PDF and ePub editions, explains the security capabilities inherent to each major mobile platform and where using third-party tools make sense -- and where they don't.

It also walks you through the factors to consider in terms of risk for your corporate data, and outlines a rational way to protect that data without getting tied up in knots.  more

Click to enlarge.

TSCM Team Finds "Plug Bug" Eavesdropping Device

Japan - An eavesdropping device was found in a waiting room for conservative members of the Mito Municipal Assembly, local city government officials and other sources told the Mainichi Shimbun on Dec. 7.

Example of a "Plug Bug"

Ibaraki Prefectural Police seized the device and are investigating the case which they suspect could constitute trespassing into the building and violation of the Radio Act.

According to Mito Government officials, it was tipped off about the bug on Dec. 6.

Specialized workers hired by the local government began searching for the device from the evening of Dec. 7 and found it in a waiting room for three assembly members from "Suiseikai" -- a conservative parliamentary group -- on the first floor of the temporary two-story prefabricated assembly building. The bug plugs into an electric outlet. more

The example shown operates like a cell phone, but looks (and also operates) as a USB charger. It is powered 24/7, and may be called from a cell phone anywhere in the world. BTW, it can  also automatically call the eavesdropper when it detects sound. Available on eBay for $14.79. 

Don't you think its time to have your offices and conference rooms checked? ~Kevin

Business Espionage: GSM Bugs Are Mini Cell Phones in Disguise

(from a seller's website in the UK)
GSM bugs are also known as mobile phone bugs and infinity bugs. Based around mobile technology, these devices provide a discreet listening facility with an unlimited distance.

Click to enlarge.

Up until a few years ago radio frequency transmitters were relied upon to provide an eavesdropping solution, albeit over only relatively short distances, generally up to about 800 metres line of sight. These devices are still available, but have been outlawed by OFCOM legislation and are therefore not legal to sell into the UK or operate in the UK without a radio broadcast licence. GSM Bugs use the existing GSM network as a transmission tool.

When they fist became available, the GSM bugs were literally modified mobile phones that auto-answered silently to open up the microphone and listen into the surrounding environment. These devices are still available today and some dedicated (dead phone) units have had enhanced microphone adjustments to make them more attuned to pick up sounds in a wider area, turning them into dedicated listening devices.

As the technology has moved on, these eavesdropping devices have become smaller and more sophisticated. They are really only restricted in size at present by the battery size, however, some of the latest units are built into mains powered devices such as multi-plug adapters and mains sockets, thereby making them invisible to the naked eye and with no power consumption restrictions.

Some of these eavesdropping devices are obviously for the UK market.
Bugs for other electrical standards are also available. 

Do you have electrical extension strips in your office?
Have they been inspected and sealed by a TSCM specialist? 
~Kevin

Interception of LTE Cell Phone Calls, or LTE = Let's Telephone Eavesdrop

Ruxcon Hacker Wanqiao Zhang of Chinese hacking house Qihoo 360 has blown holes in 4G LTE networks by detailing how to intercept and make calls, send text messages and even force phones offline.

The still-live attacks were demonstrated at the Ruxcon hacking confab in Melbourne this weekend, with the demo offering a recording of the hack perpetrated in part on a live network. It exploits fall-back mechanisms designed to ensure continuity of phone services in the event of overloads.

The tested Frequency Division Duplexing LTE network is more popular than TDD-LTE and operates in Britain, the US, and Australia. The competing Time Division Duplexing (TDD) LTE network is more common in Asian countries and in regions where population densities are higher.

Zhang conducted further tests after The Register inquired whether the attacks would work against TDD-LTE and found all LTE networks and devices are affected.

"I asked my colleagues to test TDD-LTE yesterday and it works well, so it really can work against all LTE devices," Zhang says.

"This attack exists [and] it's still reasonable."

...Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity.

“You can create a denial of service attack against cellphones by forcing phones into fake networks with no services,” Zhang told the conference.

“You can make malicious calls and SMS and … eavesdrop on all voice and data traffic.” more

How The Great Seal Bug Became Your Electronic Toll Tag

The story of the electronic tollbooth begins at the turn of the century, in St. Petersburg, Russia. That's where Leon Theremin was born.

Yes, that Theremin — the creator of the musical instrument you play without even touching.

"Just as World War I was starting, and then the Russian Revolution, he found himself in the middle of that and was pulled into the new Soviet inner circle and told he was now a Soviet scientist," says Albert Glinksy, who wrote the biography Theremin: Ether Music and Espionage.

Playing with electromagnetic fields while working on a gas detection meter, Theremin discovered a trick: Using the radio frequency between two antennas, he'd wave one hand for volume and the other for pitch...

Theremin was sent to New York City, where he performed and continued to invent. But he also had another mission.

"He was carrying out espionage, so he had this sort of double life in New York," Glinsky says.

In 1938, Theremin returns to Russia.

But the political winds had changed, and he was sent to a Siberian labor camp, then transferred to a prison for scientists.

It was there that Theremin took spying to a new level when he was ordered to build a bugging device to spy on the U.S. ambassador in Moscow.

"The brilliance of this device was it had no batteries, it needed no electrical external source," Glinsky says. "And it was perfectly inert until it was activated, when they wanted to externally, by microwave beams from a companion device that was a few buildings down."

The bug was the size of a quarter and placed in the office of the U.S. ambassador in Moscow. It was hidden in a seal of the United States, where it stayed for seven years before being accidentally discovered.  (Not true. It was found during a TSCM search.)

Theremin may have created the first RFID-like device. But it took a Brooklyn inventor to connect another technology — friend or foe radar — with modern computing that gets us to electronic toll collection. more

Spycam News: Video Voyeur Builds Spy Camera into Toy Jukeboxes—Gives them to Kids

FL - Deputies with the Lake County Sheriff's Office seized various equipment after Robert Anthony O'Hare's arrest last year. Through the seizure, they learned O'Hare had placed hidden cameras in two miniature jukeboxes that were later delivered to children.

"They didn't go through the post office, it looks as they he hand-delivered them," said John Herrell, with the Lake County Sheriff's Office.

The hidden cameras were used to film the children unbeknownst to them, according to deputies.

"As long as they (the jukeboxes) were plugged into the wall, those cameras were activated," Herrell said. "He could use a remote control and remotely control what the camera was viewing."

O'Hare is accused of producing hundreds of videos using a telescopic lens and camera found in his closet during a search of his home in October 2015, deputies said.

Hundreds of downloaded pornographic videos involving adults were also found on his devices, according to authorities. O’Hare is also accused of downloading child porn at a coffee shop. more

Hey Kids - Learn How to Operate a Stingray IMSI-Catcher!

Using mass surveillance software without a warrant is almost as easy as installing Skype, according to leaked footage and instruction manuals for Harris Corp. stingray devices.

The footage, obtained by the Intercept, shows Harris Corp.'s Gemini software being used on a personal computer demonstrating how accessible the program is with a noticeable lack of any registration keys, proof of ownership, or safety measures to ensure the software was only used for authorized purposes.

The manuals include instructions for several Harris surveillance boxes, including the Hailstorm, ArrowHead, AmberJack, KingFish and other products in the RayFish Product Family.

Some features mentioned in the manuals are the ability to impersonate four cellular communication towers at once, monitor up to four cellular provider networks at once, and the ability to knock a targets devices down to an inferior network, such as from LTE to 2G.

The manual also details how to set up a target or “subscriber” and how to set up bulk surveillance, according to a Gemini device “Quick Start Guide” that was leaked on DocumentCloud. more

Car Key Fobs — Wireless = Useless

...a team of researchers from the University of Birmingham and the German engineering firm Kasper & Oswald plan to reveal two distinct vulnerabilities they say affect the keyless entry systems of an estimated nearly 100 million cars. 

One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Škoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.

Both attacks use a cheap, easily available piece of radio hardware to intercept signals from a victim’s key fob, then employ those signals to clone the key. The attacks, the researchers say, can be performed with a software defined radio connected to a laptop, or in a cheaper and stealthier package, an Arduino board with an attached radio receiver that can be purchased for $40. “The cost of the hardware is small, and the design is trivial,” says Garcia. “You can really build something that functions exactly like the original remote.”

...they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles. By then using their radio hardware to intercept another value that’s unique to the target vehicle and included in the signal sent every time a driver presses the key fob’s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car. “You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.” more
original paper

Brand-Name Wireless Keyboards Open to Silent Eavesdropping

Wireless keyboards from popular hardware vendors are wide open to silent interception at long distances, researchers have found, without users being aware that attackers can see everything they type.

Bastille Research said the keyboards transmit keystrokes across unencrypted radio signals in the 2.4 GHz band, unlike high-end and Bluetooth protocol keyboards, which transmit data in an encrypted format, making it more difficult for attackers to intercept the scrambled keystrokes.

It means attackers armed with cheap eavesdropping devices can silently intercept what users type at distances of 50 to 100 metres away.

Such interception could reveal users' passwords, credit card numbers, security question replies and other personally sensitive information, Bastille said. Users would have no indication that the traffic between the keyboard and the host computer was intercepted.

Furthermore, attackers could inject keystrokes of their own into the signals, and type directly onto users' computers. Again, the attack would be unnoticeable to users in most cases.

Bastille tested eight keyboards from well-known vendors... more

Longtime Security Scrapbook readers may remember my warnings about this beginning in 2007...
https://spybusters.blogspot.com/2007/12/wireless-keyboard-interception.html  
https://spybusters.blogspot.com/2007/12/program-discovers-at-risk-wireless.html
https://spybusters.blogspot.com/2009/01/old-news-still-scary-bugged-keyboards.html

North Korea Revives Coded Spy Numbers Broadcasts

In an era of sophisticated spycraft, North Korea appears to be returning to the days of shortwave radio.

Click to enlarge.

The North broadcast a series of seemingly random numbers on Pyongyang Radio twice recently, an eerie reminder of the days when the North encrypted messages to its spies in South Korea.

In the latest episode last Friday, an announcer read what she described as “a mathematics review assignment for investigative agent No. 27,” engaged in a “distance learning” program.

“Turn to Page 459, No. 35; Page 913, No. 55; Page 135, No. 86,” she said, continuing to cite numbers for 14 minutes.Decades ago, it was not unusual for late-night radio listeners in the South to hear mysterious numbers arriving on static-filled signals from the North. more

The Open Microphone Strikes Again

The only thing more embarrassing than having to resign after a political gambit (the Brexit) blew up in your face? Getting caught on a hot mic singing a goofy tune immediately after you resign. Godspeed, David Cameron. more



Moral: Treat microphones like a poisonous snakes. Always know where they are and what they are doing. Always.

P.S. It has happened to him before, and before.

DIY Tip: How to Check Your Wi-Fi for Spies

If you would like to see who (or what) is tapped into your wireless network, you can take a peek with router utilities and mobile apps...

Depending on your interest in technical fiddling, you can see what other devices are connected to your network in several ways. For one, you could log into your wireless router’s administrative page and check its DCHP Client Table (sometimes called the DHCP Client List or Attached Devices, as some router companies use different terms) to see the roster of computers, smartphones, tablets and other gear currently connected to the wireless router...

If that sort of thing seems like way too much work, you can also get a program or app that scans your network for connected devices. Your router maker may have its own app, like Netgear’s Genie, Linkys Connect or Apple’s AirPort Utility for iOS.

You can also find software from other developers that is designed to reveal the devices connected to your wireless network. NirSoft Wireless Network Watcher. Who’s on my WiFi for Windows and the Fing network scanner for Android and iOS are among the options. more

New Old News - Official Warning - Wall Wart Eavesdropping Device

(My clients received their warning on January 14, 2015. ~Kevin)

FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.

FURTHER READING

MEET KEYSWEEPER, THE $10 USB CHARGER THAT STEALS MS KEYBOARD STROKES

Always-on sniffer remotely uploads all input typed into Microsoft Wireless keyboards.

The FBI's Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks.

To lower the chances the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers that are nearly ubiquitous in homes and offices.

"If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information," FBI officials wrote in last month's advisory. "Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen." more

Security Director Alert: Upgrade Your Alarm System Cellular Backup Units

via Talkaphone...
That’s it, the end of 2G. It has been a fun ride but as of December 31, 2016 Verizon and GSM 2G cellular data will be switched off, making all product usage of the cellular signal obsolete.

For those who have yet to upgrade their emergency and security equipment, it’s time to make the switch.

The upgraded data options consist of 3G and 4G cellular data usage, as well as a Wi-Fi option is available for the impending cross over. Keep in mind that the higher the speed of your network can directly affect the reliability of your previously installed security products.