Tag: Mobiles
In 2004 it was discovered that parties unknown had been secretly monitoring a hundred of Greece’s top politicians and bureaucrats. An article from 2011 reveals that,
According to what sources told Kathimerini, the experts found that a mobile phone connection that had been purchased in the name of the US Embassy in Athens was used on one of these phones. Sources said that Dasoulas is now investigating whether any suspects who are not protected by diplomatic immunity could face charges.
Ericsson, which supplied the telephone exchange that was hacked into, and Vodafone, which was the service provider, were both fined by ADAE in 2007 for failing to protect the privacy of those who had their phones hacked, which included the head of the National Intelligence Service (EYP), several ministers and members of the armed forces, but the Council of State later cancelled these penalties.
The followup, of whether the Americans were actually involved, is ongoing as far as I can tell. Regardless of the culprits it’s instructive that even the head of the intelligence service was successfully targeted. We need to be mindful of how surveillance technologies are deployed in our communications networks, not just because we worry about how our own government might use the technologies, but also because of how other third-parties might use the technologies against the citizenry.
I sympathize with people’s concern and anger when they learn more about Apple’s atrocious APIs that let developers run off with consumer data. In the most recent revelation
Accepting an iOS prompt that asks permission to access location data can also allow copying of private photo and video libraries, the Times said yesterday. Because these devices often save coordinate information along with photos, it might also be possible to put together a user’s location history, as well as recording current location.
Apparently in an attempt to make photo apps more efficient, access to private photos has been available since the fourth version was released in 2010.
All of this, however disturbing it might be, make a lot of sense. Apple is a consumer company that aims to engineer products so that users can best enjoy them. This means they don’t want to throw a whole lot of security warnings in front of you, for two reasons: First, you’ll just ignore them anyways; second, they’ll annoy you and thus could reduce your iDevice usage.
Very few mobile companies ‘do’ security. The much-maligned Research In Motion is actually about the only mobile company that sells its products on security grounds, though the need to have secured code reduces the rate that they can bring new, highly innovative, product to market. Consumers, businesses, governments, and the market point to their slower rates of innovation as indicative of RIM’s forthcoming doom, but in so doing miss that the ‘cost’ of RIM’s death would be a near-absolute dearth of secured mobile platforms.
If you’re interested in reading about the economics of ignorance and mobile security, check out a piece that was written last year on this very subject.
I’ve talked about trying to pull together a measurable comparison of Internet service in Canada for a while, but as of yet haven’t had the resources to build a tool which meets my criteria. Industry Canada had a similar idea for basic cell phone services. Specifically, the government department created a calculator to help Canadians easily compare text/voice plans across Canada’s various mobile provides. We’ll never see the calculator, however, because:
Internal departmental records released to Postmediareveal that Clement’s decision came after direct lobbying from the likes of Rogers Communications, Telus and the Canadian Wireless Telecommunications Association. Clement defended the decision to shut down the calculator by stating that it was “unfair” in that it didn’t include bundled services mainly offered by, yes, the big telecommunications providers.
It’s incredibly unfortunate that this tool wasn’t provided – it would have been of real assistance to the large number of Canadians that aren’t using bundled services. What’s worse is that, rather than providing the tool in a ‘basic’ state and then scaling it depending on demand (the approach planned by Industry Canada) the whole project was scrapped. Not even the source code has been made available. Consequently, Canadians paid a fortune to develop a tool which met its basic design specs, and have nothing to show for it save for a large government bill and the continued hassle of trying to decipher the cacophony of mobile phone plans. Carriers: 1 Canadians: 0.
Categories
You might think they’d grow faster with all-you-can eat, but I think it’s a testament to the fact that service providers are educating users more on their impact and IP footprint … People understand they have a 2GB or 3GB cap or whatever, so they are consuming as much as they can to get their money’s worth. Those with unlimited aren’t concerned, but aren’t using as much.
Cisco’s Thomas Barnett, explaining why tiered mobile plans saw a 169% increase versus an 83% increase for unlimited mobile data plans
Free is a really interesting new mobile carrier in France, which offers a cheap entry rate of service. It seems as though the incumbent they’re partnered with wasn’t expecting Free’s success and so they want to raise rates on the basis of congestion. Specifically,
France Telecom said its network was being stressed by a rapid growth in traffic brought on by its hosting of new mobile entrant Iliad and vowed to protect its clients from service interruptions, its CEO told magazine Le Point…Iliad’s Free Mobile service upended the French telecom market in January when it launched its main offer at 19.99 euros per month for unlimited calls to France and most of Europe and the United States, unlimited texts, and 3 gigabytes of mobile data.
It’s entirely possible that the network is stressed … but it’s equally possible that other issues are leading to stresses that are real or imagined. If incumbents get to call congestion whenever the market turns against them, then they should be subjected to real, honest to god, tests for congestion by engineers who are (at best) neutral. Ideally the engineers should be downright hostile in order to force the incumbent to demonstrate beyond a shadow of a doubt that the network is indeed strained, and that such strains aren’t the result of poor management, investment, or technical configuration.
If it turns out that the incumbent is responsible then they should pay for the audit and be required to meet contractual service demands that were offered to partners and be prohibited from engaging in predatory pricing in the future. Congestion is now a particularly tired big-bad-wolf, and it’s time that ISPs that call wolf are actually forced to demonstrate, in peer-reviewable empirical terms, that the wolf is actually at the doorsteps or ravaging the sheep.
Categories
Tracking by GSM
From Ars Technica:
The attack works by exploiting features in GSM, or Global System for Mobile Communications, cellular networks that transmit data sent between base stations and phones in clear text. By simply calling the target’s mobile number and monitoring the network’s radio signals as it locates the phone, the attacker can quickly confirm if the person is located in what’s known as the LAC, or Location Area Code. Attackers can use the same technique to determine if the target is within close proximity to a given base station within the LAC.
This is helpful for figuring out where, in a specific geographic area, a person is or (in case you’re interested) where they aren’t. This latter use – clarifying that a person isn’t in a specific LAC – is particularly useful if you are launching some action that is made easier by a person’s non-presence. (Hint: Think burglary).
This new GSM attack builds on other research around monitoring a person’s location by exploiting mobile phones. For a good overview of the information used in similar kinds of surveillance, see Claudio A. Ardagna et als. chapter in Digital Privacy: Theory, Technologies, and Practices.
Symantec is warning that the next generation of smartphone viruses has come:
Researchers from security vendor Symantec Corp. have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection.
This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it.
A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. This is different from local polymorphism where the malware modifies its own code every time it gets executed.
This is a clever means to avoid the rudimentary analysis systems that the major vendors use to ID malware. It’s also (another) indication of how important antivirus is going to become for the mobile marketplaces. I suspect that, by the end of the year, a lot of users (on iOS, Android, and the rest) are going to wish that the post-Steve Jobs smartphones on the market today met Jobs’ initial thoughts regarding smartphones when Apple released the iPhone. Specifically, he held that:
He didn’t want outsiders to create applications for the iPhone that could mess it up, infect it with viruses, or pollute its integrity
While our pocket computers are better now that apps are available, I can’t help but think that Jobs’ earliest worries are now looming at today’s potential nightmares.
Categories
Phone hacking, for the most part, depends on remote access. Hackers obtain unprotected phone numbers from a variety of sources – Facebook must be a favorite – or by social engineering. PINs, for the most part, are easy to guess. Hacking typically takes place in the legitimate user’s absence.
Unless Apple or Google plans to bar remote access to devices, facial recognition security surely only solves a small part of the problem. Back to the drawing board.
~Kim Davis, from Internet Evolution
Symantec has identified 13 apps on the Android Market that are all hiding Android. Counterclank, a Trojan horse that steals information, and could also download more files and display ads on the device.
These apps are still available on the Android market, and up to five million handsets could be infected. The popularity in Android will continue to make it a lucrative target. Unless Google does more to prevent such apps appearing, it could mean the start of defection of users to other systems.
Click on above link for more.
For emphasis: up to five million handsets could be infected. That’s it, I’m calling it: Android is the new Windows for security and virus defence. Reminds me of the late 1990s and early 2000s for the number of reported actionable vulnerabilities being reported on an almost daily basis.
Excited Pixels 