05/09/08 05:44 PM
Posted in hardware by Peter Hesse
This is really bad and scary news. The F.B.I. Says the Military Had Bogus Computer Gear.
[T]he… sinister specter of an electronic Trojan horse, lurking in the circuitry of a computer or a network router and allowing attackers clandestine access or control, was raised again recently by the F.B.I. and the Pentagon.
The new law enforcement and national security concerns were prompted by Operation Cisco Raider, which has led to 15 criminal cases involving counterfeit products bought in part by military agencies, military contractors and electric power companies in the United States. Over the two-year operation, 36 search warrants have been executed, resulting in the discovery of 3,500 counterfeit Cisco network components.
Cisco routers are everywhere. According to Cisco’s web site, “Cisco is the leading supplier of networking equipment and network management for the Internet.” The likelihood that you received this web page over one or more Cisco routers is extremely high.
Also, what if this wasn’t just counterfeiting?
The F.B.I. is still not certain whether the ring’s actions were for profit or part of a state-sponsored intelligence effort.
It’s one thing if largely used networking components get compromised through a flaw to allow “back door”, privilege escalation, or other nefarious access to data which flows across them. It’s an entirely different thing if these devices were (re-)engineered with villainous intentions. Such additions could be nearly impossible to detect. One more quote from the NY Times story:
The threat was demonstrated in April when a team of computer scientists from the University of Illinois presented a paper at a technical conference in San Francisco detailing how they had modified a Sun Microsystems SPARC microprocessor by altering the data file on a chip with nearly 1.8 million circuits used in automated manufacturing equipment…
“It’s very difficult to detect and discover these issues,” said Ted Vucurevich, the chief technology officer of Cadence Design Systems, a company that provides design tools for chip makers. Modern integrated circuits have billions of components, he said: “Adding a small number that do particular functions in particular cases is incredibly hard to detect.”
If this doesn’t give you nightmares, it should.
03/11/08 11:35 PM
Posted in hacking by Peter Hesse
The New York Times is running a story entitled A Heart Device Is Found Vulnerable to Hacker Attacks.
A team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker.
They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal — if the device had been in a person.
Wireless access to implanted medical devices is something of great value to doctors and patients alike; monitoring and adjusting the device can be performed remotely rather than requiring surgery to get access to the device itself. This attack raises a number of questions:
- What happens to the folks that already have these Medtronic devices implanted which have been proven to be hacked?
- Are they going to get new implants?
- Who will pay for the surgery required to replace them?
- What happens if someone dies during the surgery to replace a vulnerable implant? Or, the device is not replaced and is maliciously hacked?
If I were a medical device manufacturer, I wouldn’t want to have to answer any of these questions. Fixing a vulnerable medical implant isn’t the same as patching your application or operating system—instead of “Patch Tuesday” we are talking about scalpels, anesthesia, and risk of death or disability.
This example makes it extremely clear that companies responsible for medical devices and implants must consider security throughout their product design process. The potential risk of a “hacked” medical implant is the most serious one we know of: death. Wireless implants must use strong authentication and strong encryption to prevent a catastrophe.
(via /.)
03/11/08 08:30 AM
Posted in hardware by Tim Donaworth
A group of researchers from two universities have proposed a way to prevent chip piracy. The technique uses public key cryptography to lock down circuitry.
In a whitepaper published this month, Jarrod A. Roy and Igor L. Markov (of the University of Michigan) and Farinaz Koushanfar (of Rice University) outline the problem and details of how their proposed technology will help solve the increasing piracy of chip designs.
Markov will present the group’s proposal at the Design Automation and Test in Europe conference, to be held in Germany on March 13, 2008.
It’s a very technical read, but still interesting to see the diversity that public key cryptography can be used for.
02/19/08 02:58 PM
Posted in data-protection by Peter Hesse
Heise Security has a good story called Enclosed, but not encrypted which is essentially about false advertising. They were testing a hard drive which advertises that it provides AES encryption of the drive, decrypting when your RFID tag gets close enough to be read. Unfortunately, things were not as they seemed.
the almost identical columns of numbers suggest that the 512-byte sectors of your drive are not in fact encrypted with AES, but merely with a constant 512-byte cipher block applied as an XOR (exclusive OR) ... an XOR with an unchanging cipher block does represent a major cryptographic flaw – in fact, the open kind of flaw that, used in this way, is susceptible to what are known as “known plain-text attacks”.
Rather than performing 128 bit AES encryption of the whole drive, they instead just AES encrypted the RFID tag in memory, and did 512-byte XOR of the whole drive.
This underscores the need to have a policy which either requires FIPS 140 certification of all cryptographic devices, or enlisting the help of a security expert to dig deeper.
07/04/07 02:16 AM
Posted in hardware by Peter Hesse
DVD Jon has been able to activate an iPhone without activating its phone features so that you can use the iPhone as a wifi-enabled PDA/iPod.
Combined with the fact that users have already found the name and password for two accounts, including root and you have to wonder how long until either:
- a Skype or other VOIP program will be able to run on the iPhone using only its wifi capability
- The iPhone can be truly unlocked and run on any GSM phone network (not just AT&T/Cingular)
04/06/07 06:10 AM
Posted in hardware by Anil Polat
Nifty, but the iPod needs to be running Linux to be infected by Linux.Noslo.
Kaspersky Lab has discovered the first virus designed to infect iPod portable media players. The virus, which has been named Podloso, is a proof of concept program which does not pose a real threat.
The virus is a file which can be launched and run on an iPod. It should be stressed that in order for the virus to function, Linux has to be installed on the iPod. If the virus is installed to the iPod by the user, the virus then installs itself to the folder which contains program demo versions. Podloso cannot be launched automatically without user involvement.
Also, the virus has to actually be installed by the user, but just think about all of those other portable devices, cell phones included, where that isn’t the case.
03/06/07 06:10 PM
Posted in hardware by Anil Polat
Here [via SANS ].
For example:
Paradise Systems sells a product called Car-Safe, which is designed to protect your valuables while they are being stored/transported in the trunk of your vehicle.
Better yet, carry your laptop with you at all times possible.
Previous