Wash Your Hands Before Leaking

A study by Department of Computer and Information Science at the University of Pennsylvania has found that it can be possible to uncover passwords by analyzing the smudges left on touchscreen phones. Touch screens are touched, so oily residues, or smudges, remain on the screen as a side effect. Latent smudges may be usable to infer recently and frequently touched areas of the screen - a form of information leakage.

The researchers said that they believe smudge attacks are a threat for three reasons. First, smudges are surprisingly persistent in time. Second, it is surprisingly difficult to incidentally obscure or delete smudges through wiping or pocketing the device. Third and finally, collecting and analyzing oily residue smudges can be done with readily-available equipment such as a camera and a computer.

The analysis requires a photograph of the screen to be uploaded to a computer. However, the presumption that lighting conditions would affect the quality of the photo, and hence the ability to extract passwords was shown to be false. In one experiment, the pattern was partially identifiable in 92% and fully in 68% of the tested lighting and camera setups. Even in our worst performing experiment, under less than ideal pattern entry conditions, the pattern can be partially extracted in 37% of the setups and fully in 14% of them.

By enhancing the photo of the screen in the computer, the smudge patterns could be seen. Critically, the requirement of the password structure as used in Android phones resulted in distinctive patterns, which lead to the ability to work out which "buttons" were pressed. (more) (presentation paper)

Spy Phone Numbers

"When the joint is jumpin' and spies are thumpin' it ain't the time to share your number pumpkin." (c. 1942. Some jerk who thought they sounded like Bogart.)

• Need to protect your real cell or home phone number?

• Not sure about that new guy who asked you out?

• Worried your informant will be caught with your number?

• Need a safe number your spies can call in on?

You need TossableDigits! Expendable phone numbers that contact your private line and evaporate when your caller needs to be hung out to dry.

• Need to connect two adversaries through the web? 

• Need to connect your spies to each other over the phone without revealing their phone numbers to each other?

You need Click to Call! The anonymous phone connection.

• Did "M" not sound quite right during your morning briefing?

• Not sure your tipsters are calling from where they say they are?

• Need proof the real Home Office is requesting the microdot?

• Is the Lady Spy Caller ID spoofing the White and Black spies?

You need Phone Number Verification! Make them prove they are calling from the number they say they are calling from.

As Fats used to say, 

"One never know, do one?"

The Eavesdropping Palm Pre Cell Phone

A British internet security company has demonstrated how to turn the Palm Pre into a secret bugging device, ideal for corporate espionage, and issued a warning that many other popular smartphones are also vulnerable to hackers.

In-house hackers at Basingstoke-based MWR InfoSecurity have created a bug hidden in an electronic business card, or vcard, which enabled them to use the Pre to record conversations and send the audio file back to them, whenever it is connected to a WiFi or 3G network – all without the user being aware anything at all is happening.

The company's 26-year-old principal security researcher – who gives his name only as Nils, and who was hired by MWR last year after having been a freelance hacker since his teens – demonstrated the security flaw in the Pre to journalists and IT specialists this week, saying the phone was "easy" to break into. (more)

The Farewell Dossier

Movie Synopsis...
Engaging, emotional and riveting, FAREWELL is an intricate and highly intelligent thriller pulled from the pages of history about an ordinary man thrust into the biggest theft of soviet information of the Cold War. A piece of history largely unknown until now, which Ronald Reagan called "one of the most important espionage cases of the 20th century." Directed by Christian Carion. (Trailer)

Review...

The movie does reflect the reality of the “Farewell” material: that it revealed to Western intelligence the extent to which Soviet economic development in the 1960s and ’70s was almost entirely the result of industrial espionage... The obsession in the early 1980s with the problem of “technology transfer” arose as a direct result of the Farewell dossier, and in a 1983 National Security Decision Directive, preventing technology loss became a key element of American foreign policy. (more)

Vcard Pops Privacy on Palm Pre. Android Cookies Eaten.

Major vulnerabilities in the Palm Pre and Android smartphones have been detected that could allow data to be stolen.

Research by MWR Labs has revealed a major flaw in the Palm Pre that would allow conversations to be intercepted, while a flaw in the Android operating system from 2.0 onwards exists in the browser and allows login credentials and cookies to be harvested.

A spokesperson demonstrated that sending a Vcard to the Palm Pre allows an attacker to compromise the phone and intercept all audio close to the phone. They said that this is a completely focussed attack that targets a specific user. Alex Fidgen, director at MWR Labs told SC Magazine that this represents industrial espionage and if this was done over a carrier network it would be breaking the law. (more)

Tire Pressure Sensor Surveillance - A Re-Tread

Researchers from Rutgers University and University of South Carolina have found that wireless communications between new cars and their tires can be intercepted or even forged...

The researchers will present their findings at the Usenix Security Symposium, being held this week in Washington D.C.

 The tire pressure monitoring systems (TPMS) consist of battery-powered radio frequency identification (RFID) tags on each tire, which can respond with the air pressure readings of the tire when wirelessly queried by an electronic control unit (ECU).

The researchers had found that each sensor has a unique 32-bit ID and that communication between the tag and the control unit was unencrypted, meaning it could be intercepted by third parties from as far away as forty meters. (more)

Readers of Kevin's Security Scrapbook were advised of this back in 2008. See Track My Treads - TPMS Privacy Blowout.

Sexting, Speeding Teens Beware the Ra-Parents

Parents Are Listening Services Inc., (has) developed a program to better allow parents to monitor the contents coming into their children's cellphones. (Launching in September.)

It's one of many companies developing software designed to alert parents when children and teenagers exchange lewd text messages, communicate with predatory adults or taunt each other via social-networking websites. Another feature aims to curb texting and driving by disabling the messaging feature in a moving vehicle...

WebSafety Inc., based in Irving, Texas, offers a similar monitoring program that's been available for five months. The company's software draws from a unique library of 6,000 phrases deemed inappropriate, including slang and online abbreviations.

The program can monitor text messages, emails, instant messages and updates to social-networking sites such as Facebook. By using the phone's Global Positioning System, or GPS, features, parents can also set up no-text zones, such as on school grounds, to prevent students from using their phones to cheat on tests or taunt classmates.

Both Kid Phone Advocate and WebSafety's application send alerts as emails or text messages to the parent's computer and phones. The programs typically run in the background, so children don't know the alerts are being sent out.

GoGoStat, from Schakra Inc. of Redmond, Wash., was created by a team of former Microsoft Corp. employees. Like the other mobile parental apps, GoGoStat monitors the messages children send and receive to each other on Facebook, as well as photos that are exchanged. The program, however, doesn't have to be installed on the computer or cellphone; the app runs within Facebook. (more)

Industrial espionage in the 500's shapes the world.

Industrial espionage can alter the wealth of a nation and thus its capacity to compete commercially and wage war. A great example of this took place around 550 CE, when Justinian I, leader of the Byzantine empire wanted to undo China’s historic domination of the silk trade and, at the same time, end the Persian control of this valuable commodity as the middlemen.

Justinian I was undeterred in wresting this information from China, which they protected under penalty of death. So he sent two Nestorian monks into China with the specific intent of conducting industrial espionage. While in China they observed how silk was produced and what the key ingredients were used in silk production. The monks took two hollowed out walking sticks with them (“concealment devices” in intelligence talk) and hid silk worms and mulberry bush seeds inside them — both essential for silk production.

The monks were stopped and searched repeatedly on their journey home. Nevertheless, they were successful in their quest: they single-handedly transferred the technology for silk production to the West and within a short period of time, the silk trade had been completely upended. Byzantium, and thus the Roman Empire, became the world leader in silk production, which is probably why my ties are made in Milan and not in Beijing.

This act of espionage changed trade throughout the world. (more)

Do not make the mistake of thinking industrial espionage is of little consequence. Call me, or the counterespionage specialist who sponsors Kevin's Security Scrapbook.

History also presents second version of this great espionage story. It is called "The Legend of the Silk Princess." You can listen to it here.

Industrial espionage in the 1700 & 1800's shapes the world.

Sarah Rose is the author of For All the Tea in China, which tells the true story of how tea and industrial espionage fueled the great expansion of the British Empire and the East India Company in the 1800s. The book focuses on one central character, Robert Fortune, who was a scientist sent by the British government to literally steal the secret of tea production from China, plant the Chinese tea in Darjeeling, and thus make the British Empire less reliant on trade with the Chinese and more self-sufficient by harvesting its own tea in colonial India. (more)

Industrial Espionage and Technology Transfer: Britain and France in the Eighteenth Century by J.R. Harris

Britain and Europe were the leading industrial nations in 18th-century Europe. This text examines the rivalry which existed between the two nations and the methods used by France to obtain the skilled manpower and technology which had given Britain the edge, particularly in the new coal-based technologies. Despite the British Act of 1719 which outlawed industrial espionage and technology transfer, France continued to bring key industrial workers from Britain and to acquire British machinery and production methods. Drawing on archival material, John Harris investigates the nature and application of British laws and the attitudes of some major British industrialists to these issues. He also discusses the extent to which French espionage had any real success.

Lieven Bauwens (June 14, 1769, Ghent – March 17, 1822, Paris) was a Belgian entrepreneur industrial spy and who was sent to Great Britain at a young age and brought a spinning mule and skilled workers to the European continent. (more)

Smuggling or abduction were not the style of the pious Thomas Whitty of Axminster, although he was not averse to a spot of industrial espionage. Enthused by an entrepreneur's desire to produce faster, wider and cheaper, he visited London in 1755 and took lodgings at the Golden Lion in Fulham. There, he made the acquaintance of a weaver from the factory of Parisot and inveigled a tour of the premises. The knowledge he gleaned enabled him to start making similar carpet in Devon. Increasing competition wiped out Parisot. (more)

Francis Cabot Lowell saw an opportunity in cotton. On the advice of his doctor, in 1810 he took a trip to England to recuperate from his stress. Over the next two years, Lowell visited textile mills in booming Lancashire County and in Scotland, where he saw machines for weaving cloth that were technologically superior to those in America. The British knew this too; they'd made it illegal to let proprietary loom technology out of the country. Undeterred, Lowell memorized the design of the textile machines, and when he returned to New England in 1812, he began work on recreating them in Waltham, Mass. (more) Thanks to a combination of immigrant British technicians, patent infringements, industrial espionage, and local innovations, American power looms were on a par with the English machines by the end of the 1810s. (more)

Derby Industrial Museum, also known as The Silk Mill brothers, beside the, is a museum of industry and history in Derby, England. Between 1717 and 1721 George Sorocold built Britain’s first mill for the LombeRiver Derwent. This mill was built to house machines for "doubling" or twisting silk into thread. John Lombe copied the design for the machines used for spinning large quantities of silk, during a period spent in Italy, working within the Italian Silk Industry. This was possibly the first example of industrial espionage. (more)

Samuel Slater left England after serving as an apprentice at a “state-of-the-art” cotton mill. In the United States, Slater found eager buyers for the technology he had regarding the most modern techniques in use in England for wool and cotton production. With the information Slater brought, America became the world’s leading manufacturer of cotton which shifted wool and cotton production from Europe to the Americas, thus kick starting America’s Industrial Revolution. This single act of industrial espionage elevated this new country to international economic eminence in less than 50 years. (more)

According to presumptions the Chinese manufactured porcelain, which was filmy, yet outstandingly hard, as early as in the 7th century. Porcelain reached Europe only by the end of the 13th century and rapidly spread in the centuries to come without anyone knowing the secret of its production. It decorated the tables of sovereigns and noblemen, since they were the only ones who could afford it. The Chinese tried to mystify the secret even more by legends and myths. Since they enjoyed a monopoly in manufacturing porcelain, the price of china was very high for a very long time. The mystery of porcelain manufacturing was uncovered in Europe only in the 18th century. The secret reached Paris with the assistance of a Catholic priest, d'Entrecolles, who had served as a Jesuit missionary in China. The priest paid a visit to the centre of the royal porcelain manufacture (Kin Te-chen) where he carefully observed everything, then passed on his information to Europe in the form of letters. He gave minute accounts of his visit to the "secret city". He described the location of the city, the life of the potter families living there, and the security measures introduced, in detail. He carefully observed the process of porcelain production. In spite of the distrust of the Chinese authorities and the stringent security measures the priest managed to send a sample of china clay, (also called porcelain clay, or kaolin) one of the main basic raw materials of porcelain to Europe. (more)

Do not make the mistake of thinking industrial espionage is of little consequence. Call me, or the counterespionage specialist who sponsors Kevin's Security Scrapbook.

"We all prisoners, chickee-baby. We all locked in."

...the position of the Chinese leaders was that China can do no wrong. If Chinese espionage agents abroad were caught in the act, Beijing’s retort would claim false accusations to denigrate China. They would leave it to public memory to fade and forget about it. (more)

The public's memory does fade. Remember silk, gunpowder, porcelain, cloisonne enamel, the compass, Xuan paper, movable type, ink and tea? All became products of the world with the help of a little industrial espionage. All taken from China. What went around, is now going around. You know, "For the loser now will be later to win..." Espionage is just another of life's mandalas.

If you think you know who your competition is (or isn't), you'll be surprised. The winners keep proactively protective. The smug get their pockets picked.

GPS = Global Phone Snitch

via The Wall Street Journal...

Phone companies know where their customers' cellphones are, often within a radius of less than 100 feet. That tracking technology has rescued lost drivers, helped authorities find kidnap victims and let parents keep tabs on their kids.

But the technology isn't always used the way the phone company intends.

Technology is enhancing the reach of stalkers, allowing them to take advantage of location-based social networking applications. WSJ's Andy Jordan reports.

The allegations are a stark reminder of a largely hidden cost from the proliferation of sophisticated tracking technology in everyday life—a loss of privacy.

Global-positioning systems, called GPS, and other technologies used by phone companies have unexpectedly made it easier for abusers to track their victims. A U.S. Justice Department report last year estimated that more than 25,000 adults in the U.S. are victims of GPS stalking annually, including by cellphone.  

A spokesman for AT&T Inc. says it notifies all phone users when tracking functions are activated. (They send a text message upon initial activation. Useless if the stalker has the phone at that moment.) But users don't have the right to refuse to be tracked by the account holder. Turning off the phone stops the tracking. 

Courtesy Executrac Mobile GPS Tracker

Earlier this year, researchers with iSec Partners, a cyber-security firm, described in a report how anyone could track a phone within a tight radius. All that is required is the target person's cellphone number, a computer and some knowledge of how cellular networks work, said the report, which aimed to spotlight a security vulnerability.

...an unintended consequence of federal regulations that require cellphone makers to install GPS chips or other location technology in nearly all phones. The Federal Communications Commission required U.S. cellular providers to make at least 95% of the phones in their networks traceable by satellite or other technologies by the end of 2005. The agency's intention was to make it easier for people in emergencies to get help. GPS chips send signals to satellites that enable police and rescue workers to locate a person.

Craig Thompson, Retina-X's operations director, says the software (cell phone spyware) is meant to allow parents to track their kids and companies to keep tabs on phones their employees use. He says the company has sold 60,000 copies of MobileSpy. The company sometimes gets calls from people who complain they are being improperly tracked, he says, but it hasn't been able to verify any of the complaints. (Think they tried very hard?)

GPS-tracking systems provided by cellular carriers such as AT&T and Verizon Communications Inc. are activated remotely, by the carriers. (more)

iAppalling

Several versions of Apple's iPhone, iPad, and iPod Touch have potentially serious security problems, a German government agency said in an official warning Wednesday.

Apple's iOS operating system has "two critical weak points for which no patch exists," the Federal Office for Information Security said.

Opening a manipulated website or a PDF file could allow criminals to spy on passwords, planners, photos, text messages, e-mails and even listen in to phone conversations, the agency said in a statement. "This allows potential attackers access to the complete system, including administrator rights," it added, urging users not to open PDF files on their mobile devices and only use trustworthy websites until Apple Inc. publishes a software update.

"It has to be expected that hackers will soon use the weak spots for attacks," it said, noting that the devices' popularity could lead to attacks within the corporate world — possibly facilitating industrial espionage. (more)

BlackBerry Squeezing Season

Indonesia considers joining a growing list of countries, including India, Saudi Arabia and the UAE in banning BlackBerry devices; Research in Motion is receiving increasing pressure to allow government access to data generated by the hand-held devices. (more)

Treat it Like a Social Disease - Don't Trust

Social engineering hackers -- people who trick employees into doing and saying things that they shouldn't -- took their best shot at the Fortune 500 during a contest at Defcon Friday and showed how easy it is to get people to talk, if only you tell the right lie. 

Contestants got IT staffers at major corporations, including Microsoft, Cisco Systems, Apple and Shell, to give up all sorts of information that could be used in a computer attack... The first two contestants made it look easy.

Wayne, a security consultant from Australia who wouldn't give his last name, was first up Friday morning. His mission: Get data from a major U.S. company.

Sitting behind a sound-proof booth before an audience, he connected with an IT call center and got an employee named Ledoi talking. Pretending to be a KPMG consultant doing an audit under deadline pressure, Wayne got Ledoi to spill details, big time... (more)

Security DIrector's Tip: This topic should be part of every employee's security briefing. (instant education)

The $1,500.00 Cell Phone Call Interceptor Demo'ed

Researcher Chris Paget pulled off a stunt at the Defcon security conference Saturday that required as much legal maneuvering as technical wizardry: eavesdropping on the cell phone calls of AT&T subscribers in front of thousands of admiring hackers.

With about $1,500 worth of hardware and open source software, Paget turned two on-stage antennas into a setup capable of spoofing the base stations that connect the GSM cell phone signals used by AT&T and T-Mobile. Paget set his hardware to impersonate an AT&T signal, and dozens of phones in the room connected to his fake base station. "As far as your cell phones are concerned, I'm now indistinguishable from AT&T," he told the crowd.

Paget invited anyone with an AT&T phone to make a call, and using his GSM hijacking trick, routed their calls through a voice-over-Internet system that connected their calls even while recording the audio to a USB stick--which he promptly destroyed with a pair of scissors to make sure he hadn't violated any privacy laws. The hack, after all, was intended to show the fundamental insecurity of GSM cell signals--not spy on callers. (more)

P.S. This works on G2 protocol systems, not G3.

The GSM Association responded in a statement that lists the limitations to Paget's method: the eavesdropper would have difficulties identifying or targeting any specific user, the interception only works within a certain range, in some cases, the call's encryption could prevent eavesdropping, and GSM phones are designed to alert users when encryption is removed by a base station. (Paget said in his talk that no device he's tested--including iPhone and Android phones--has had this option enabled.)

In summary, the GSM Association spokeswoman writes, "The overall advice for GSM calls and fixed line calls is the same. Neither has ever offered a guarantee of secure communications.  The great majority of users will make calls with no reason to fear that anyone might be listening.  However users with especially high security requirements should consider adding extra, end to end security features over the top of both their fixed line calls and their mobile calls."