Whilst the flaws in Signaling System 7 (SS7) are the gift that keeps on giving, in this case, that gift has been inherited by the DIAMETER protocol, to the delight of miscreants unknown... With internal system, billing and bridging protocols like these, deeply embedded in cellular network infrastructure (all carriers) - who needs enemies; which brings to mind: 'We have met the enemy, and he is us! - Walt Kelly's Pogo, h/t
Both Cyrus Favrivar of Ars Technica and Kate Martin, writing for The Tacoma News Tribune, have reported (Ars, Tribune) that Judge G. Helen Whitener has rebuked the Tacoma Police Department's for their apparent decision to not produce the surveillance output from a series of StingRay operations conducted by the Department in the City of Tacoma. Regardless, Judge Whitener has handed down the decision.
"Superior Court Judge G. Helen Whitener ruled earlier this year that the city improperly withheld 11 documents from the American Civil Liberties Union. On Monday, Whitener issued a ruling tallying the cost: ▪ $182,340 for violations of the Public Records Act. ▪ $115,530 for attorney fees and other costs." via The News Tribune reporter Kate Martin
As an FYI, The TPD is an excellent organization, and highly respected, both here in the State of Washington and throughout the country. - mh
Nicole Kobie, writing at New Scientist, tells the tale of newly researched voice assistant attack vectors leveraging signalling flaws (via an ultrasound attack) within both Apple Inc.'s (NasdaqGS: AAPL) and Amazon.com Inc.'s (NasdaqGS: AMZN) voice assitant offerings Siri and Alexa, respectively. The 'Dominoe Effect' of the ultrasound flaws in these products/services traverses down the device foodchain to Alexa and soo-to-be Siri enabled third party devices... Perhaps new protective sound generating devices are in order?
All Amazon and Apple Links in this Post are Non-affiliate
News of an interesting privacy related lawsuit, via Fortune writer Jeff John Roberts, is now swirling around personal electronics manufacturer Bose Corporation. Apparently, collecting data (and a viloation of the so-called Wire Tap Act (Codified in 18 U.S.C. §§ 2510-2522)) - through a companion app to the company's best-in-class noise canceling headphones, and the misuse thereof, is the gist... Stay Tuned. Hat Tip
"The complaint accuses Boston-based Bose of violating the WireTap Act and a variety of state privacy laws, adding that a person's audio history can include a window into a person's life and views. "Indeed, one’s personal audio selections – including music, radio broadcast, Podcast, and lecture choices – provide an incredible amount of insight into his or her personality, behavior, political views, and personal identity," says the complaint, noting a person's audio history may contain files like LGBT podcasts or Muslim call-to-prayer recordings." - via Fortune writer Jeff John Roberts
This reported exploit lands solidly embedded in the hard-to-locate-but-you'll-know-it-when-you-see-it genre of the Surreal Attack Vectors, while Dan Goodins' writing of the exploit is this week's inimitable MustRead... The key aspect of this exploit is to note that notwithstanding all is information, in this case, that information utilizes carrier waves to deliver it's payload, so-called air gaps no longer exist as a safety buffer.
Well wrought thought piece on the use, and misuse, of prepaid cellular telephony hardware, the so-call Burner, and the effort to enforce regulations thereto. Entitled Burner Phones: Will Tightening Restrictions on Prepaid Cell Phones Solve Anything? Certainly today's Must Read post...
Another nearly perfect example of why signals (radio frequency electromagnetic communications) are a vital component of multilevel security in the environment you either work in, or are exploited by...
In this fascinating project by Columbia University's Intrusion Detection Lab doctoral student Ang Cui, comes a reminder that embedded componentry can be leveraged to leak the blather contained in silicon; and, astoundingly, all it took was seven lines of code. Absolutely Phenomenal.
The InterPlanetary Networking Special Interest Group (IPNSIG) of the Internet Society (ISOC) has announced the organizations' Second Annual IPN Conference in Washington, DC; slated for Monday, May 18, 2015. This time focusing on Delay & Disruption Tolerant Networking (DTN): the Emerging Standard for Space Data Communications.
- Vint Cerf (Google VP, co-author of TCP-IP, one of the “fathers of the Internet—and IPN-ISOC board member) will provide an overview of InterPlanetary Networking.
- The NASA/Boeing team (Brett Willman & Suzanne Davidson) working on DTN aboard the International Space Station
- The NASA team (David Israel & Donald Cornwell) who concluded the very successful Lunar Laser Communication Demonstration in late 2013 and who are planning the 2017 Laser Relay Communication Demonstration.
- Scott Burleigh (JPL’s chief DTN architect) will be explaining recent significant enhancements to the ION DTN distribution (the distribution currently in use on ISS).
- Keith Scott leads the Consultative Consortium for Space Data Systems (CCSDS) DTN working group that is standardizing DTN protocols for use in civilian space missions. He will talk about the Bundle Protocol becoming one of the networking protocols being standardized for space communication as part of the Solar System Internet (the other is IP).
- Scott Pace is the Director of the Space Policy Institute at George Washington University. He will be speaking about the increasing importance of space policies as more nation states engage and collaborate in space exploration.
While admission is free for all to attend, and breakfast, lunch and an afternoon snack will be provided it is crucial that you register to attend. Physical attendance is limited to 150 people. The event will reportedly be webcast on the Internet Society’s LiveStream Channel and presentations will also be published on YouTube for VOD streaming poste-event. You can register for the event at the IPN's Eventbrite site.
Astoundingly, myths still arise in this epoch of science, strangely so, when dealing with new technologies [Read: new means new in the final two years of the last century as IPv4 was originally codified by the IETF in 1981, with the acceptance of RFC 791] - in this case the vaunted move to IPv6. Now, arising from the ashes of IPv4 exhaustion hysteria, comes a current popular myth surrounds the utilization NATs in IPv4 and the lack of a counterpart construct in IPv6.