Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Image Credit

Historical, Hidden Cellular Network Insecurity, The Litany Thereof

July 31, 2019 by Marc Handelman in Telecom Security, SS7, Cellular Telephony, LTE Insecurity, 5G Insecurity

...and why, the history of security instability in cellular telephonic networks will emerge as one of the most important factors limiting wide-scaled implementation and deployment of 5G radiotelephony.

July 31, 2019 /Marc Handelman
Telecom Security, SS7, Cellular Telephony, LTE Insecurity, 5G Insecurity

DerbyCon 2018, Tso-Jen Liu's 'Fuzz Your Smartphone From 4G Base Station Side' →

October 14, 2018 by Marc Handelman in Irongeek, Information Security, Education, Conferences, DerbyCon, Telecom, Cellular Telephony, Radio Telephony

Videography Credit: Irongeek (Adrian Crenshaw).

October 14, 2018 /Marc Handelman
Irongeek, Information Security, Education, Conferences, DerbyCon, Telecom, Cellular Telephony, Radio Telephony

MDM Brute Forced

September 29, 2018 by Marc Handelman in Tor Project, Radio Telephony, MDM, Cellular Telephony, Hardware Security, Device Security, Device Exploitation

via Sean Gallagher, writing at Ars Technica, comes this particularly unfortunate news for Apple Inc. (Nasdaq: AAPL) MDM (Mobile Device Management) bits - especially considering there will be a flood of new devices into many orgs. On the plus side, the flaw has been discovered, and now it's Apple's turn-at-bat to clean up their dusty-bits, as it were. Read all about it at everyones' beloved Ars Technica!.

September 29, 2018 /Marc Handelman
Tor Project, Radio Telephony, MDM, Cellular Telephony, Hardware Security, Device Security, Device Exploitation

ShowMeCon 2018, Paul Coggin's 'SS7 for INFOSEC' →

August 09, 2018 by Marc Handelman in SS7, PSTN, Cellular Telephony, Radio Telephony, Radio, Information Security, ShowMeCon, Conferences, Education
August 09, 2018 /Marc Handelman
SS7, PSTN, Cellular Telephony, Radio Telephony, Radio, Information Security, ShowMeCon, Conferences, Education

Diameter Protocol Found To Be Vulnerable - On Par With SS7 For Flaw Tally

July 05, 2018 by Marc Handelman in Cellular Telephony, Signals, Network Security, Network Protocols, Information Security, Bridging Protocols, BSS

Whilst the flaws in Signaling System 7 (SS7) are the gift that keeps on giving, in this case, that gift has been inherited by the DIAMETER protocol, to the delight of miscreants unknown... With internal system, billing and bridging protocols like these, deeply embedded in cellular network infrastructure (all carriers) - who needs enemies; which brings to mind: 'We have met the enemy, and he is us! - Walt Kelly's Pogo, h/t

July 05, 2018 /Marc Handelman
Cellular Telephony, Signals, Network Security, Network Protocols, Information Security, Bridging Protocols, BSS

City of Tacoma Fined $300,000 For Witholding Stingray Surveillance Data

July 03, 2018 by Marc Handelman in Surveillance, Signals, Cellular Telephony, Radio Telephony, Radio

Both Cyrus Favrivar of Ars Technica and Kate Martin, writing for The Tacoma News Tribune, have reported (Ars, Tribune) that Judge G. Helen Whitener has rebuked the Tacoma Police Department's for their apparent decision to not produce the surveillance output from a series of StingRay operations conducted by the Department in the City of Tacoma. Regardless, Judge Whitener has handed down the decision.

"Superior Court Judge G. Helen Whitener ruled earlier this year that the city improperly withheld 11 documents from the American Civil Liberties Union. On Monday, Whitener issued a ruling tallying the cost: ▪ $182,340 for violations of the Public Records Act. ▪ $115,530 for attorney fees and other costs." via The News Tribune reporter Kate Martin

As an FYI, The TPD is an excellent organization, and highly respected, both here in the State of Washington and throughout the country. - mh

July 03, 2018 /Marc Handelman
Surveillance, Signals, Cellular Telephony, Radio Telephony, Radio

Senatorial Commands: DOJ - Cough It Up →

May 21, 2018 by Marc Handelman in Law Enforcement, Radio Telephony, Cellular Telephony

Behold: The Harris Corporation (NYSE: HRS) StingRay II. It's a great conversation starter - Buy One Today! Perhaps a subpoena would be in order at this point... You guys know how to do that, right?

May 21, 2018 /Marc Handelman
Law Enforcement, Radio Telephony, Cellular Telephony

4G Gone Wild →

March 06, 2018 by Marc Handelman in Communication Security, Cellular Telephony, Information Security, Network Security

via Zack Whittaker, writing at the Zero Day blog at ZDNet, tells the story of recently discovered 4G LTE attacks, and the academicians studying the specifics of these pernicious exploits (the group's recently published paper is currently available). Today's MustRead. H/T

Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. - Zack Whittaker, writing at the Zero Day blog at ZDNet

March 06, 2018 /Marc Handelman
Communication Security, Cellular Telephony, Information Security, Network Security
Rant of Dev.jpg

Developer Errors Exposes 180 Million Phones to Compromise →

November 14, 2017 by Marc Handelman in Cellular Telephony, Mobile Security, Mobile Telephony, Mobile Networks, Lack of Security Regimen, Or Lack Thereof

Oops, They Did It Again! Coupled with the other well-known security issues (e.g., the recently exposed (but decades old) SS7 Flaw) this latest display of security-related development governance (or lack-thereof) by the MNO's is highly dangerous; and spans borders.

November 14, 2017 /Marc Handelman
Cellular Telephony, Mobile Security, Mobile Telephony, Mobile Networks, Lack of Security Regimen, Or Lack Thereof

IMSI Catcher Research Twist, The Ridesharing Gambit →

June 12, 2017 by Marc Handelman in Cellular Telephony, Surveillance, Information Security

via Andy Greenberg, writing for Wired, comes this outstanding piece on International Mobile Subscriber Identity Catchers (aka IMSI Catchers) with a ride-sharing twist in the research datastream. Today's MustRead!

June 12, 2017 /Marc Handelman
Cellular Telephony, Surveillance, Information Security

33c3, Harald Welte and Holger Freyther's 'Dissecting Modern (3G/4G) Cellular Modems' →

January 21, 2017 by Marc Handelman in All is Information, Communications, Conferences, Hardware Security, Information Security, Internetwork Security, Signals, Networks, Network Security, Network Protocols, Radio Telephony, Modems, Cellular Telephony
January 21, 2017 /Marc Handelman
All is Information, Communications, Conferences, Hardware Security, Information Security, Internetwork Security, Signals, Networks, Network Security, Network Protocols, Radio Telephony, Modems, Cellular Telephony

Soghoian, Your Smartphone is a Civil Rights Issue →

November 07, 2016 by Marc Handelman in All is Information, Brilliant, Cellular Telephony, Information Security, Communications, Common Sense

Dr. Soghoian's Take...

Tip O' The Hat to Firewall Consultants!

November 07, 2016 /Marc Handelman
All is Information, Brilliant, Cellular Telephony, Information Security, Communications, Common Sense

SIM'd

October 11, 2016 by Marc Handelman in All is Information, Complexity, Communications, Cellular Telephony

Well done (and mercifully brief) Subscriber Identity Module teardown. via Firewall Consultants.

October 11, 2016 /Marc Handelman /Source
All is Information, Complexity, Communications, Cellular Telephony