Information Security & Occasional Forays Into Adjacent Realms
...and why, the history of security instability in cellular telephonic networks will emerge as one of the most important factors limiting wide-scaled implementation and deployment of 5G radiotelephony.
via Sean Gallagher, writing at Ars Technica, comes this particularly unfortunate news for Apple Inc. (Nasdaq: AAPL) MDM (Mobile Device Management) bits - especially considering there will be a flood of new devices into many orgs. On the plus side, the flaw has been discovered, and now it's Apple's turn-at-bat to clean up their dusty-bits, as it were. Read all about it at everyones' beloved Ars Technica!.
Whilst the flaws in Signaling System 7 (SS7) are the gift that keeps on giving, in this case, that gift has been inherited by the DIAMETER protocol, to the delight of miscreants unknown... With internal system, billing and bridging protocols like these, deeply embedded in cellular network infrastructure (all carriers) - who needs enemies; which brings to mind: 'We have met the enemy, and he is us! - Walt Kelly's Pogo, h/t
Both Cyrus Favrivar of Ars Technica and Kate Martin, writing for The Tacoma News Tribune, have reported (Ars, Tribune) that Judge G. Helen Whitener has rebuked the Tacoma Police Department's for their apparent decision to not produce the surveillance output from a series of StingRay operations conducted by the Department in the City of Tacoma. Regardless, Judge Whitener has handed down the decision.
"Superior Court Judge G. Helen Whitener ruled earlier this year that the city improperly withheld 11 documents from the American Civil Liberties Union. On Monday, Whitener issued a ruling tallying the cost: ▪ $182,340 for violations of the Public Records Act. ▪ $115,530 for attorney fees and other costs." via The News Tribune reporter Kate Martin
As an FYI, The TPD is an excellent organization, and highly respected, both here in the State of Washington and throughout the country. - mh
via Zack Whittaker, writing at the Zero Day blog at ZDNet, tells the story of recently discovered 4G LTE attacks, and the academicians studying the specifics of these pernicious exploits (the group's recently published paper is currently available). Today's MustRead. H/T
Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. - Zack Whittaker, writing at the Zero Day blog at ZDNet
via Andy Greenberg, writing for Wired, comes this outstanding piece on International Mobile Subscriber Identity Catchers (aka IMSI Catchers) with a ride-sharing twist in the research datastream. Today's MustRead!
Well done (and mercifully brief) Subscriber Identity Module teardown. via Firewall Consultants.
