Researchers from Ruhr University Bochum, Germany, presented a complete break of remote keyless entry systems based on the KeeLoq RFID technology. The shown vulnerability applies to all known car and building access control systems that rely on the KeeLoq cipher. "The security hole allows illegitimate parties to access buildings and cars after remote eavesdropping from a distance of up to 100 meters" says Prof. Christof Paar. "Eavesdropping on as little as two messages enables illegitimate parties to duplicate your key..."
A KeeLoq system consists of an active Radio Frequency Identification (RFID) transponders (e.g., embedded in a car key) and a receiver (e.g., embedded in the car door). Both the receiver and transponder use KeeLoq as encryption method for securing the over-the-air communication.
KeeLoq has been used for access control since the mid-1990s. By some estimates, it is the most popular of such systems in Europe and the US. Besides the frequent use of KeeLoq for garage door openers and other building access applications, it is also known that several automotive manufacturers like Toyota/Lexus (Chrysler, Daewoo, Fiat, GM, Honda, Volvo, VW, Clifford, Shurlok, Jaguar, etc.) base their anti-theft protection on assumed secure devices featuring KeeLoq.
(more)
(Hacker video explaining KeeLoq. Minutes: 36:18 - 41:35)
(How to Steal Cars - A Practical Attack on KeeLoq)
Monday, March 31, 2008
Sunday, March 30, 2008
Mama Hari
...a mother writes...
"It’s a tough call knowing when to spy and when to trust. Though my own children, 4 and 7, are too young for me to be going through pockets looking for drugs, turning up mattresses looking for porno, etc., I plan on doing those things in their teen years.
In my own childhood, my parents were way too hands-off. Both of my brothers were doing serious drugs in high school and my parents didn’t find out until it was way too late. They wanted harmony in the house and took the path of least resistance. That meant my brothers were allowed privacy, didn’t have an enforced curfew, were given car keys before they could handle that responsibility. My parents prayed maturity would come soon.
With my own children, I’ve learned that I have to stay on top of things. On the computer, my son has tried to order things online. He even asked my mom for her credit card so he could buy a Ben 10 shirt. We’ve found that we need to set the rules for which Web sites he can look at. Anything not on the ‘Kids’ section of our Web browser’s bookmarks is off limits. Still, we walk by often while he’s online, and we remind him he needs to ask if it’s a new site." (more)
"It’s a tough call knowing when to spy and when to trust. Though my own children, 4 and 7, are too young for me to be going through pockets looking for drugs, turning up mattresses looking for porno, etc., I plan on doing those things in their teen years.
In my own childhood, my parents were way too hands-off. Both of my brothers were doing serious drugs in high school and my parents didn’t find out until it was way too late. They wanted harmony in the house and took the path of least resistance. That meant my brothers were allowed privacy, didn’t have an enforced curfew, were given car keys before they could handle that responsibility. My parents prayed maturity would come soon.
With my own children, I’ve learned that I have to stay on top of things. On the computer, my son has tried to order things online. He even asked my mom for her credit card so he could buy a Ben 10 shirt. We’ve found that we need to set the rules for which Web sites he can look at. Anything not on the ‘Kids’ section of our Web browser’s bookmarks is off limits. Still, we walk by often while he’s online, and we remind him he needs to ask if it’s a new site." (more)
Money Talks - Cell Phones Squawk
Spying programs for mobile phones are likely to grow in sophistication and stealth as the business around selling the tools grows, according to a mobile analyst at the Black Hat conference on Friday.
Many of the spy programs on the market are powerful, but aren't very sophisticated code, said Jarno Niemela, a senior antivirus researchers for Finnish security vendor F-Secure, which makes security products for PCs and mobile phones...
One of the latest tools on the market is Mobile SpySuite, which Niemela believes is the first spy tool generator for mobiles. It sells for US$12,500 and would let a hacker custom-build a spy tool aimed at several models of Nokia phones, Niemela said. (more)
Many of the spy programs on the market are powerful, but aren't very sophisticated code, said Jarno Niemela, a senior antivirus researchers for Finnish security vendor F-Secure, which makes security products for PCs and mobile phones...
One of the latest tools on the market is Mobile SpySuite, which Niemela believes is the first spy tool generator for mobiles. It sells for US$12,500 and would let a hacker custom-build a spy tool aimed at several models of Nokia phones, Niemela said. (more)
Labels:
cautionary tale,
cell phone,
GPS,
GSM,
spyware,
wireless,
wiretapping
Money Talks - Spies Walk
UK - Thousands of Chinese spies are infiltrating Britain in the run-up to the Beijing Olympics.
They are hellbent on stealing scientific, military and industrial secrets in a bid to make China the world's No1 superpower. The spies are recruited from the 90,000 Chinese who visit Britain each year. Forty per cent of them are on business and a third are students.
A Whitehall source said: "They are told to hoover up everything they can get their hands on. "It can be anything from the results of university lab experiments to secret industrial technology." China's targets include banks, power and water companies, telecom firms and even Parliament.
But Foreign Secretary David Miliband fears any crackdown would upset China and jeopardise trade deals worth £20billion. (more)
They are hellbent on stealing scientific, military and industrial secrets in a bid to make China the world's No1 superpower. The spies are recruited from the 90,000 Chinese who visit Britain each year. Forty per cent of them are on business and a third are students.
A Whitehall source said: "They are told to hoover up everything they can get their hands on. "It can be anything from the results of university lab experiments to secret industrial technology." China's targets include banks, power and water companies, telecom firms and even Parliament.
But Foreign Secretary David Miliband fears any crackdown would upset China and jeopardise trade deals worth £20billion. (more)
Saturday, March 29, 2008
"Make a periscope" science class experiment gone horribly wrong?
Wales - A peeping Tom attached a mirror to the end of a piece of wood to spy on his next-door neighbour as she undressed, a court heard...
During the hearing, prosecutor Ian Kolvin produced the home-made spying device which consisted of a strip of wood with a broken piece of glass fastened to one end... "The defendant denied any sexual motivation," said Mr. Kolvin. (more)
During the hearing, prosecutor Ian Kolvin produced the home-made spying device which consisted of a strip of wood with a broken piece of glass fastened to one end... "The defendant denied any sexual motivation," said Mr. Kolvin. (more)
"Whatever satisfies the soul is truth." W.W.
NJ/PA - The man who led police on a chase that eventually forced the closure of the Walt Whitman Bridge last Thursday was convinced that someone was bugging his phone and that his family was in danger, according to authorities. (more)
Thursday, March 27, 2008
Jury finds against Providence in wiretapping lawsuit
RI - A federal jury has returned a verdict against city of Providence authorities for illegally recording the phone calls of their employees at a public safety complex. City officials say the jury on Wednesday awarded compensatory and punitive damages of about $525,000... (more)
Wednesday, March 26, 2008
Details emerge about futuristic spy tech
The intelligence agencies have renamed their MASINT program and will now refer to the recondite spy discipline as the Advanced Technical Exploitation Program (ATEP). The name change surfaced in documents that describe a pending acquisition for contractor assistance in merging information from various types of sensors and systems to create cross-disciplinary intelligence...
The acquisition notice asked companies to describe their capabilities in working with the following types of sensors:
• Overhead non-imaging radar.
• Synthetic aperture radar.
• Spectral detectors.
• Thermal infrared.
• Ground-moving target indicator forensics.
• Line-of-sight radar.
• Over-the-horizon radar.
• Airborne electro-optical sensors, known as Cobra Ball.
• Laser intelligence.
• Radio frequency MASINT.
(more)
The acquisition notice asked companies to describe their capabilities in working with the following types of sensors:
• Overhead non-imaging radar.
• Synthetic aperture radar.
• Spectral detectors.
• Thermal infrared.
• Ground-moving target indicator forensics.
• Line-of-sight radar.
• Over-the-horizon radar.
• Airborne electro-optical sensors, known as Cobra Ball.
• Laser intelligence.
• Radio frequency MASINT.
(more)
Spybusters Selects Tektronix to Aid in Fight Against Corporate Espionage
Tektronix Inc., a provider of test, measurement and monitoring instrumentation, announced that Murray Associates, registered as Spybusters LLC, has selected a Tektronix Real-Time Spectrum Analyzer (RTSA) with DPX™ live RF display technology to help the security consultancy identify wireless eavesdropping devices that may be located in clients’ facilities including boardrooms and security trading floors. The RTSA instrument enables the firm to quickly and efficiently spot sophisticated listening devices, even in challenging environments where there are many competing signals.
Corporate espionage is on the rise due to such factors as globalization, decreased employee loyalty and the increasing value of information. In some parts of the world espionage is a common business practice in competitive industries. At the same time, new technologies are making it easier and more affordable than ever to steal information by tapping into private conversations. Given the potential reward, spies are employing increasingly sophisticated technology that can be difficult to detect.
To fight back against this espionage, companies as well as government agencies are turning to firms that specialize in detecting and removing eavesdropping and other surveillance devices. One of the leaders in the segment is Murray Associates. Based in Oldwick, New Jersey, the 30-year-old company, which is registered as Spybusters LLC, is seeing heightened demand for its services. The majority of the firm’s clients schedule regular inspections or sweeps for any form of electronic surveillance technology in sensitive areas such as executive suites, boardrooms, trading floors, vehicles and aircraft as well as executive homes and off-site meeting locations.
Corporate espionage is on the rise due to such factors as globalization, decreased employee loyalty and the increasing value of information. In some parts of the world espionage is a common business practice in competitive industries. At the same time, new technologies are making it easier and more affordable than ever to steal information by tapping into private conversations. Given the potential reward, spies are employing increasingly sophisticated technology that can be difficult to detect.
To fight back against this espionage, companies as well as government agencies are turning to firms that specialize in detecting and removing eavesdropping and other surveillance devices. One of the leaders in the segment is Murray Associates. Based in Oldwick, New Jersey, the 30-year-old company, which is registered as Spybusters LLC, is seeing heightened demand for its services. The majority of the firm’s clients schedule regular inspections or sweeps for any form of electronic surveillance technology in sensitive areas such as executive suites, boardrooms, trading floors, vehicles and aircraft as well as executive homes and off-site meeting locations.
Labels:
advice,
business,
counterespionage,
eavesdropping,
espionage,
KDM,
product,
spycam,
TSCM,
wireless
Tuesday, March 25, 2008
Make Caller ID Lie For You
Keep your phone number private whenever you make or receive calls. A new service called Vumber does it for you.
In addition to privacy you can get anonymity, too. Vumber is like Kleenex, disposable. Change numbers whenever you want. Be in any Area Code you like.
"It’s your anyphone, anytime, anywhere phone number that keeps your identity private – until you decide it not to be.
A Vumber is a number from any area code you want, linked to your home, cell, or work phone. When someone calls your Vumber, Vumber lets you control how you handle the call: you can a) answer it; b) send them to VumberMail; c) give them a busy signal; d) tell them the number is out of service; or e) play them a custom message you create.
It provides unequaled privacy protection when anyone calls your Vumber, and when you call anyone. And it’s not limited to a pre-defined one-to-one calling relationship like you sometimes see out there – it is as simple as having another phone number. Even simpler.
You can call “from” your Vumber, too..." (more)
The flip side... Your Caller ID display is no longer trustworthy. But hey, it never was anyway.
In addition to privacy you can get anonymity, too. Vumber is like Kleenex, disposable. Change numbers whenever you want. Be in any Area Code you like.
"It’s your anyphone, anytime, anywhere phone number that keeps your identity private – until you decide it not to be.
A Vumber is a number from any area code you want, linked to your home, cell, or work phone. When someone calls your Vumber, Vumber lets you control how you handle the call: you can a) answer it; b) send them to VumberMail; c) give them a busy signal; d) tell them the number is out of service; or e) play them a custom message you create.
It provides unequaled privacy protection when anyone calls your Vumber, and when you call anyone. And it’s not limited to a pre-defined one-to-one calling relationship like you sometimes see out there – it is as simple as having another phone number. Even simpler.
You can call “from” your Vumber, too..." (more)
The flip side... Your Caller ID display is no longer trustworthy. But hey, it never was anyway.
How to hack RFID-enabled credit cards for $8
...via tv.boingboing.net
A number of credit card companies now issue credit cards with embedded RFIDs (radio frequency ID tags), with promises of enhanced security and speedy transactions.
But on today's episode of Boing Boing tv, hacker and inventor Pablos Holman shows Xeni how you can use about $8 worth of gear bought on eBay to read personal data from those credit cards -- cardholder name, credit card number, and whatever else your bank embeds in this manner.
Fears over data leaks from RFID-enabled cards aren't new, and some argue they're overblown -- but this demo shows just how cheap and easy the "sniffing" can be.
Forget the tin foil hat.
Wrap it around your wallet and watch where you sit.
There may be an antenna under that chair.
A number of credit card companies now issue credit cards with embedded RFIDs (radio frequency ID tags), with promises of enhanced security and speedy transactions.
But on today's episode of Boing Boing tv, hacker and inventor Pablos Holman shows Xeni how you can use about $8 worth of gear bought on eBay to read personal data from those credit cards -- cardholder name, credit card number, and whatever else your bank embeds in this manner.
Fears over data leaks from RFID-enabled cards aren't new, and some argue they're overblown -- but this demo shows just how cheap and easy the "sniffing" can be.
Forget the tin foil hat.
Wrap it around your wallet and watch where you sit.
There may be an antenna under that chair.
"Bugging Device Found"
Ireland - "A sophisticated bugging and tracking device has been unearthed in the vehicle of a member of the Dublin 32 County Sovereignty Movement. The device was secreted internally into the dashboard of the vehicle and was equipped with its own self contained power supply. The manner by which the device was installed strongly suggests that those who planted it took considerable time to effect this and was obviously professionally done." (more)
A little research reveals that the top component is an old Ericsson radio-modem (M2050 Mobidem c.1996-97) made for the UK market (425-460 MHz). "a small low power radio modem that can be built into PC or other equipment. It has no power source of its own. It does not have its own antenna, which must be designed specifically for the host equipment. It has rated data transfer rates of 1200 to 9600 bps. It supports Mobitex MACS, AT and X.28 protocols."
According to a press release, "Ericsson has signed an order with Thorn Security Ltd., a leading provider of security services in the U.K. market, for 5,000 Mobidem M2050 radio modems to be used for the company's new Siteguard Smart Signaling alarm services. The new services will be available to Thorn's thousands of customers throughout the U.K. in mid-September.
With the announcement of its new Siteguard Smart Signaling alarm portfolio, Thorn Security has scored a first in the industry. The system uses a self-checking alarm signaling technique that provides intelligent mutual monitoring between wireless data links and landline communications at the customer site. This virtually eliminates line errors and guarantees that the alarm system is functional at all times."
The batteries are 4 "D" cells, rechargeable lead-acid type.
Given the age of the main component, identifying information was left on it (unusual for professional bugging devices) and that similar-looking auto alarm systems exist, its real purpose can be questioned. Is it a bug, or did someone buy a used car not knowing it was outfitted with an alarm system at one time?
A little research reveals that the top component is an old Ericsson radio-modem (M2050 Mobidem c.1996-97) made for the UK market (425-460 MHz). "a small low power radio modem that can be built into PC or other equipment. It has no power source of its own. It does not have its own antenna, which must be designed specifically for the host equipment. It has rated data transfer rates of 1200 to 9600 bps. It supports Mobitex MACS, AT and X.28 protocols."
According to a press release, "Ericsson has signed an order with Thorn Security Ltd., a leading provider of security services in the U.K. market, for 5,000 Mobidem M2050 radio modems to be used for the company's new Siteguard Smart Signaling alarm services. The new services will be available to Thorn's thousands of customers throughout the U.K. in mid-September.
With the announcement of its new Siteguard Smart Signaling alarm portfolio, Thorn Security has scored a first in the industry. The system uses a self-checking alarm signaling technique that provides intelligent mutual monitoring between wireless data links and landline communications at the customer site. This virtually eliminates line errors and guarantees that the alarm system is functional at all times."
The batteries are 4 "D" cells, rechargeable lead-acid type.
Given the age of the main component, identifying information was left on it (unusual for professional bugging devices) and that similar-looking auto alarm systems exist, its real purpose can be questioned. Is it a bug, or did someone buy a used car not knowing it was outfitted with an alarm system at one time?
Saturday, March 22, 2008
US State Department Warns of Chinese Bugging and Wiretapping
"Security personnel may at times place foreign visitors under surveillance. Hotel rooms, telephones, and fax machines may be monitored, and personal possessions in hotel rooms, including computers, may be searched without the consent or knowledge of the traveler. ... Foreign government officials, journalists, and business people with access to advanced proprietary technology are particularly likely to be under surveillance." (more)
Friday, March 21, 2008
Yet Another Corporate Info-Loss Confession
The Hannaford Bros. supermarket chain said Monday that a breach of its computer systems may have given criminals access to more than four million credit and debit cards issued by nearly 70 banks nationwide.
While the banks appear all but ready to blame Hannaford for failing to follow payment card industry standards on security, there are signs that this may be the first of many cases to surface this year wherein the affected retailer was hacked even though it appeared to be following all of the security rules laid out by the credit card associations. (more) (The List of the Zapped)
While the banks appear all but ready to blame Hannaford for failing to follow payment card industry standards on security, there are signs that this may be the first of many cases to surface this year wherein the affected retailer was hacked even though it appeared to be following all of the security rules laid out by the credit card associations. (more) (The List of the Zapped)
Bugging claims are difficult to prosecute... ob-la-di
Did Wife bug Husband?
"First, it is said on 25 June 2006 the wife illegally bugged the husband's telephone, in particular a call between him and his daughter Stella in which Stella made very unflattering comments about the wife. It is further said the wife subsequently leaked the intercepted material to the press so as to discredit him."
On the bugging claim:
"Both the wife and the husband accuse each other of conducting a campaign of harassment and vilification. The reality is that if I let the husband deploy a case about bugging telephones together with subsequent release of them to the press, this will open up a can of worms and the litigation may inevitably snowball with claim and counter-claim."
A summary of Mr. Justice Bennett's judgment in the Paul McCartney - Heather Mills divorce case. (more)
"First, it is said on 25 June 2006 the wife illegally bugged the husband's telephone, in particular a call between him and his daughter Stella in which Stella made very unflattering comments about the wife. It is further said the wife subsequently leaked the intercepted material to the press so as to discredit him."
On the bugging claim:
"Both the wife and the husband accuse each other of conducting a campaign of harassment and vilification. The reality is that if I let the husband deploy a case about bugging telephones together with subsequent release of them to the press, this will open up a can of worms and the litigation may inevitably snowball with claim and counter-claim."
A summary of Mr. Justice Bennett's judgment in the Paul McCartney - Heather Mills divorce case. (more)
Subscribe to:
Posts (Atom)