Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Krebs On Security: Brilliant Exposé Of US Wireless Carriers

August 14, 2019 by Marc Handelman in Radio Telephony, Feet of Clay, Security Bloggers Network, Mobile Telephony, Mobile Security, Mobile Networks

Fellow member of the Security Bloggers Network - Brian Krebs and his superlative blog Krebs On Security provides a tour de force exposé of the unfortunate current security posture of the wireless carriers in the United States. Read it my friends, and weep for your mobile telephony, and the decidely non-righteous path the Carriers are on.

"If you are somehow under the impression that you — the customer — are in control over the security, privacy and integrity of your mobile phone service, think again. And you’d be forgiven if you assumed the major wireless carriers or federal regulators had their hands firmly on the wheel. No, a series of recent court cases and unfortunate developments highlight the sad reality that the wireless industry today has all but ceded control over this vital national resource to cybercriminals, scammers, corrupt employees and plain old corporate greed." - via the inimitable Brian Krebs at Krebs On Security

August 14, 2019 /Marc Handelman
Radio Telephony, Feet of Clay, Security Bloggers Network, Mobile Telephony, Mobile Security, Mobile Networks

Great Seal of the State of Texas House of Representatives

Cough Up The Bandwidth

February 15, 2019 by Marc Handelman in Telecom, Radio Telephony, Accountability, Legislation

via Kieren McCarthy, writing at El Reg, reports of a contemplated bill (H.B. 1426) before the State of Texas' House of Representatives ostensibly making data throttling on mobile networks during a declared emergency illegal.

My two-bits is to include incarceration as a penalty, and you'll see some fast action and/or nationalization of the offending company's circuits for (at least) the duration of the emergency plus 45 days... (this would parallel the federalization of our nation's railroads during wartime - last used in the 20th century, during World War II) What'll it be there, Pard? At any rate, this is all speculation...)

February 15, 2019 /Marc Handelman
Telecom, Radio Telephony, Accountability, Legislation

Just A Crystal Based AM Radio, Not Really A Mobile Phone, I Just Happen To Appreciate The Photo.

Newly Discovered Security SNAFU 3G, 4G, 5G Networks Impacted: Here We Go!

February 05, 2019 by Marc Handelman in Security Incompetence, Radio Telephony

Catalin Cimpanu reporting at Zero Day, provides us with the Litany of Telephony Flaws: 2019 Edition (also known as just another day in Security Dreamland)... In which, the claim is proffered: 'fixes should be deployed by the end of 2019'; whilst I pontificate - definitavely - 'Dream On' Me Bucko! In an effort to be clear, this is not a condemnation of either the messenger or researchers, et al., but rather, when examining security prohylaxis or full remediation at the carrier level of this tripartite game, the carriers are rather recalcitrant conglomeration, don't you know...

H/T

February 05, 2019 /Marc Handelman
Security Incompetence, Radio Telephony

Image Credit: Vermont.org

The Story: Vermont State Official Proves Carrier Claims Of Coverage Are Hogwash

January 17, 2019 by Marc Handelman in Mobile Telephony, Mobile Networks, Radio, Radio Telephony

John Dillon writing at Vermont Public Radio, brings forth the true story of Cory Chase, a State of Vermont Telecommunications Infrastructure Specialist and his quest to accurately detail mobile telephony signal coverage in his stunningly beautiful State (easily one of the most beautiful States in this Union of ours). This superbly written screed also includes a link to Mr. Chase's interactive arcGIS map and his excruciatingly detailed Mobile Wireless 2018 Report. Enjoy. H/T

"The state challenged the carriers' maps following a rigorous procedure for data collection outlined by the FCC. That’s what had Chase driving around with the six cell phones, each capable of sophisticated download speed tests every 20 seconds. The result was 187,506 download speed test results at locations about 360 meters apart along all of the major roads in the state." - via John Dillon writing at Vermont Public Radio

January 17, 2019 /Marc Handelman
Mobile Telephony, Mobile Networks, Radio, Radio Telephony

DerbyCon 2018, Tso-Jen Liu's 'Fuzz Your Smartphone From 4G Base Station Side' →

October 14, 2018 by Marc Handelman in Irongeek, Information Security, Education, Conferences, DerbyCon, Telecom, Cellular Telephony, Radio Telephony

Videography Credit: Irongeek (Adrian Crenshaw).

October 14, 2018 /Marc Handelman
Irongeek, Information Security, Education, Conferences, DerbyCon, Telecom, Cellular Telephony, Radio Telephony

MDM Brute Forced

September 29, 2018 by Marc Handelman in Tor Project, Radio Telephony, MDM, Cellular Telephony, Hardware Security, Device Security, Device Exploitation

via Sean Gallagher, writing at Ars Technica, comes this particularly unfortunate news for Apple Inc. (Nasdaq: AAPL) MDM (Mobile Device Management) bits - especially considering there will be a flood of new devices into many orgs. On the plus side, the flaw has been discovered, and now it's Apple's turn-at-bat to clean up their dusty-bits, as it were. Read all about it at everyones' beloved Ars Technica!.

September 29, 2018 /Marc Handelman
Tor Project, Radio Telephony, MDM, Cellular Telephony, Hardware Security, Device Security, Device Exploitation

ShowMeCon 2018, Paul Coggin's 'SS7 for INFOSEC' →

August 09, 2018 by Marc Handelman in SS7, PSTN, Cellular Telephony, Radio Telephony, Radio, Information Security, ShowMeCon, Conferences, Education
August 09, 2018 /Marc Handelman
SS7, PSTN, Cellular Telephony, Radio Telephony, Radio, Information Security, ShowMeCon, Conferences, Education

City of Tacoma Fined $300,000 For Witholding Stingray Surveillance Data

July 03, 2018 by Marc Handelman in Surveillance, Signals, Cellular Telephony, Radio Telephony, Radio

Both Cyrus Favrivar of Ars Technica and Kate Martin, writing for The Tacoma News Tribune, have reported (Ars, Tribune) that Judge G. Helen Whitener has rebuked the Tacoma Police Department's for their apparent decision to not produce the surveillance output from a series of StingRay operations conducted by the Department in the City of Tacoma. Regardless, Judge Whitener has handed down the decision.

"Superior Court Judge G. Helen Whitener ruled earlier this year that the city improperly withheld 11 documents from the American Civil Liberties Union. On Monday, Whitener issued a ruling tallying the cost: ▪ $182,340 for violations of the Public Records Act. ▪ $115,530 for attorney fees and other costs." via The News Tribune reporter Kate Martin

As an FYI, The TPD is an excellent organization, and highly respected, both here in the State of Washington and throughout the country. - mh

July 03, 2018 /Marc Handelman
Surveillance, Signals, Cellular Telephony, Radio Telephony, Radio

Senatorial Commands: DOJ - Cough It Up →

May 21, 2018 by Marc Handelman in Law Enforcement, Radio Telephony, Cellular Telephony

Behold: The Harris Corporation (NYSE: HRS) StingRay II. It's a great conversation starter - Buy One Today! Perhaps a subpoena would be in order at this point... You guys know how to do that, right?

May 21, 2018 /Marc Handelman
Law Enforcement, Radio Telephony, Cellular Telephony

LTE Flaw-O-Rama →

March 09, 2018 by Marc Handelman in Radio, Radio Telephony, Network Security, LTE Security, LTE Insecurity, Information Security

Following up on our Tuesday post entitled '4G Gone Wild (and the trigger for that post - Zero Day author Zack Whittaker's) superlative piece), another author - Sean Gallagher of Ars Technica - has posted a highly detailed article presenting his take on the same LTE security flaws and the ramifications of those pernicious issues. Certainly Today's Must Read!

March 09, 2018 /Marc Handelman
Radio, Radio Telephony, Network Security, LTE Security, LTE Insecurity, Information Security

33c3, Harald Welte and Holger Freyther's 'Dissecting Modern (3G/4G) Cellular Modems' →

January 21, 2017 by Marc Handelman in All is Information, Communications, Conferences, Hardware Security, Information Security, Internetwork Security, Signals, Networks, Network Security, Network Protocols, Radio Telephony, Modems, Cellular Telephony
January 21, 2017 /Marc Handelman
All is Information, Communications, Conferences, Hardware Security, Information Security, Internetwork Security, Signals, Networks, Network Security, Network Protocols, Radio Telephony, Modems, Cellular Telephony