Less Radiation

Interesting article in New Scientist this week. Karsten Nohl has assessed various manufacturers keyfob immobilisers and concluded that most of the older 40 & 48 bit AES systems are now hackable. Last year he took 6 hours to discover the algorithm used to create the encryption key in a Hitag 2 system. Armed with that algorithm he could in theory unlock any car using NXP Semiconductors Hitag 2 system – according to New Scientist.

Security professionals now believe a move to 128 bit immobilisers is the way forward. Both Texas Instruments & NXP now offer 128 bit AES systems – which would take so long to crack that it’s not worth even trying. Apparently, the car manufacturers don’t see the urgency to switch. They point out that any car can still be removed by a thief using a flat-bed truck & a GPS/GSM radio jammer.

We’ve written previously about crimes here in the UK, involving the theft of laptops & phone from cars by thieves using jammers to stop the owners locking their car doors using the immobiliser keyfobs. Now, in theory at least, they can take your car too.

GSM Mobile Phone Security is now practically dead. Anyone with a spare couple of grand can now do what was previously the exclusive preserve of national security agencies. Previously you’d have to spend £100K and prove you were a suitable government-grade customer.

According to the theregister.co.uk’s security pages, several talks at the Black Hat security conference in Las Vegas this week will take GSM hacking down to the script-kiddie level – all you need is enough cash for a modified USRP USB radio peripheral & a 2000GB hard drive to store the rainbow lookup tables.

With that kit you can grab big chunks of the mobile phone spectrum in real time and target individual IMSI numbers. The researchers reckon that 80% of mobile traffic passes over the old A5/1 GSM system. A5/3 & 3G phones should still be considered secure. But remember if your 3G phone isn’t near a strong signal it will be stepping back down to A5/1 anyway.

Think about all those corporate espionage guys out there, they must be salivating like crazy. The rainbow lookup tables are a hefty download at 2TB, but if you’re prepared to travel to Oslo, The Register reports that Frank A. Stevenson (guy who cracked the CSS encryption scheme on DVDs) will swop you a blank drive for one with the rainbow tables on. (Rainbow Tables are lookup tables with the answers to all the possible challenge answers for the GSM A5/1 algorithm – this saves lots of time working each one out indivdually, and crucially makes near real-time decryption possible).

Of course the GSM Alliance makes light of all this, still calling it theoretical – and in some ways they have a point, it’s not like you can do this on an old reprogrammed Nokia 3310 after all!

When Dect (the cordless phone you use at home) was hacked last year we didn’t see UK identity thieves having a field day, gathering up bank pins etc. Only a couple of thousand of the PCMCIA Dect cards were in circulation, and most were probably bought up by security researchers quite quickly. So the hardware to hack Dect became expensive & you had to be able to configure a Linux laptop yourself to use it – the barrier to entry was therefore set high.

With GSM it’s even higher. You needs lots of Linux knowledge & £1000 worth of USRP radio hardware + soldering skills too. Sure organised criminals, corporate spies & bent media companies will use this technology to spy on the rich and famous, but it won’t become a massive problem in the UK. If anything, it will just speed along the adoption of 3G smartphones.

I wonder where Karsten Nohl & friends will be heading next with their USRPs? Dect cracked last year, this year GSM. Airwave/Tetra next year, maybe?

http://en.wikipedia.org/wiki/IMSI-catcher

There was an interesting feature this week on BBC’s Watchdog programme about mobile phone text message spoofing. Two American researchers demonstrated how they are able to send fake MMS/Text messages that look like they’ve come from your bank to a smartphone.

This is a variation on phishing emails, but now on mobiles. All mobile network operators responded by saying that they weren’t aware of any real world use of this exploit that had so far left a single customer out of pocket – and they’re quite probably right. This seems like an awful lot of effort to go to if you want to get your hands on someones bank details & security passphrases.

I detailed on this site about 16 months ago that Dect cordless phones were now completely insecure. Anyone with a laptop, PCMCIA Com-On-Air Dect card & a decent antenna can record all you household phone calls from anywhere within a 200 metre radius of your home. Lots of older people now do home banking by telephone and over a series of calls you’ll be handing over full pins & security details. Even if you don’t give them to the bank you’ll be reusing them when you’re confirming your identity to insurance, utility & credit card providers – maybe you use that same 4 digit pin code for your home alarm & cashcard. Maybe you’re just paying for stuff with your credit card over the phone. If you live in a block of flats where tenants come and go every 6 months you’d be an easy target.

Ten years ago criminals could use an analogue radio scanner to record all the traffic on the old fashioned cordless home phones, perhaps to a computer for later analysis. They could use a DTFM decoder to figure out which number you’d called, and build up a profile that would leave them knowing you better than your best friend. Well now with the supposedly secure Dect phones they can take this further. Because each Dect phone has its own unique identifier – like the MAC address in your PC or the OUI number in a Bluetooth chip – it’s easy to zone out all the people you don’t want to listen to. Okay, only about half the Dect phones in use are insecure, but which half are you in? It’s not very reassuring is it? We’re nearly all using these Dect cordless phones at home these days.

Anyway, I saw not one article 16 months ago in the UK press or on TV about the Dect threat (although lots appeared in the German media), but now we need to worry about spoof texts. Go figure. If you really care about your health and security use a wired home phone.

As regards unusual text messages from your bank, apply some common sense – if it looks wrong, it’s because it is wrong. Wait until you get home and log onto your account there. Don’t ring numbers or use web links in these messages. Open a new browser window & check your balance from your 3G phone that way.

Pop into the bank and ask them about the real state of your account. If money diasappears from your account by a fraud that’s not your fault they’ll be giving you that money back anyway.

Smartphones are like mini PCs and they can get infected with malware and other nastiness, just like your home PC (for instance it’s now quite common for untrusting partners to secretly install tracking software on their partners smartphones to keep tabs on your whereabouts with GPS accuracy).

BBC Watchdog Story

A report at TheRegister.co.uk on 25th August suggests that basic GSM handset encryption will shortly be thwarted.

For several years now, interested people have been doing ever more with GNU Radio and the USRP ‘software radio’ hardware from Ettus Research. The USRP is a USB hardware device that can be made to act like any radio, using the GNU Radio software to alter its behaviour. Thus, the $1000 USRP can be made to act like a GSM phone, a WiFi Router, a regular FM radio or indeed a Tetra radio.

The OpenBTS project first showcased what was possible: a DIY GSM mast that allowed you to use a regular mobile phone to make calls without using the regular legitimate GSM carriers – using just a laptop & USRP peripheral. Calls were routed through an Asterisk VOIP gateway. This project was actually tested for real at The Burning Man festival & also the 2009 Hackers At Random conference .

Once the open-source GPL’d OpenBTS was out there regular coders could look and see how everything fitted together. Of course it was only a matter of time before other GSM applications followed.

The report at The Register states that the Chaos Computer Club (CCC) of Germany will be releasing tools in the next couple of months that will allow anyone with a laptop & antenna (and presumably a USRP) to listen in on encrypted GSM calls. They plan to build a huge A5/1 Rainbow Table of pre-computed encryption hashes (which is basically a lookup table of every possible answer for an encryption key) of some 2 terabytes in size. Presumably you’ll be able to post your key online and get a result from the rainbow table, in the same way you can with Windows Login passwords right now. Of course posting such a request to the table via the internet would probably get you a black mark down at Spooks HQ – and i’m quite sure they’ll be listening!

It’s amazing to think that this year will have seen both Dect and GSM hacked to bits. All this is possible because of the USRP hardware & ever faster PCs. 3G phones however will be safe for some time to come, as it will be only the original implementations of GSM that can eventually be eavesdropped upon.

http://www.theregister.co.uk/2009/08/28/mobile_phone_snooping_plan/

Also, an article from the German Financial Times, translated to English.

Ryanair recently announced that they are fitting 14 of their 166 aircraft with mini cellphone masts.

The technology comes from On Air and tells each mobile to transmit at minimum power, to minimise any possible interference with the quite important in-flight electronics! Up to six passengers at a time will be able to use the system – any more presumably cause too much interference?

When the service starts only O2 & 3 networks will be compatible and the cost of calling will be a whopping £2 per minute or 40p for a text!

I’m so glad I don’t fly Ryanair.

Taken from an article by Lisa Adams of the Scottish Daily Record about Electrosensitivity – published 08/09/2008 :

IT’S called an allergy to modern life and half of Scots in the next 10 years could be at risk from this crippling illness, according to scientific research.

Victims of the condition, which is triggered by electromagnetic waves from mobile phones, power lines, microwaves and computers, suffer headaches, crushing chest pains, nose bleeds and a loss of feeling in arms and legs.

Experts report that up to 1.5million people in the UK already have their lives blighted by electro-sensitivity, with symptoms that also include heart palpitations, tiredness, fainting, light sensitivity and skin problems.

Mike Bell, chairman of the Radiation Research Trust, said: “We are seeing a significant increase in enquiries from individuals suffering from these symptoms.

“We’re concerned that many people could be living with health-related electro-sensitivity symptoms without realising the cause.

“Doctors in the UK are not trained to recognise this condition. They could be misdiagnosing patients and treating them with drugs rather than investigating the cause.”

One victim has compared the condition with life as a human aerial – their body overreacting to electrical waves in the environment. Today, as a scientific conference opens in London, public health expert Dr Gerd Oberfeld will predict that if current trends continue, up to 50 per cent of people could suffer from electro sensitivity symptoms in the next 10 years.

The World Health Organisation is also backing research, stating that: “Electrical hypersensitivity is a real and sometimes disabling condition.”

Sufferers are particularly vulnerable to the £2.5billion police communication system Tetra – Terrestrial Trunked Radio – which has been introduced throughout the UK. In the past three years, more than 1000 masts have been erected in Scotland. They pulse at 17.6hertz – above the 16Hz frequency the Government’s Independent Expert Group on Mobile Phones warns might affect brain activity.

Experts say radio waves at this frequency can cause calcium to leak from the brain, causing damage to the nervous and immune systems. If the masts are less than 15 metres high, they don’t need planning permission.

Former Norwegian Prime Minister Harlem Brundtland suffers from electro-sensitivity.

She said: “I felt a local warmth around my ear. But the agony got worse. It turned to discomfort and headaches every time I used a mobile phone.

“Some people develop sensitivity to electricity and radiation from equipment such as mobile phones or PCs.

“If this can lead to adverse health effects such as cancer or other diseases, we do not know yet. But I think we should follow the precautionary principle.”

An interesting episode of Larry King live featuring: Dr Paul Song, Dr Keith Black & Devra Davis.

They debate the damage cell phone radiation may cause over 20 or 30 years. Remember we’ve only had pulsing GSM phones for 10 years.

Personally, I’m not totally convinced they will give you cancer.

However, I am still totally convinced that, for maybe 1 in 100 people (that must be 400,000+ UK voters, Gordon), being to close to the main beam of a mast, or having DECT cordless phone & WiFi router in your home can cause you to feel fuzzy-minded, not quite yourself & maybe end up at your doctors office asking for anti-depressants ( Paxil / Seroxat / Valium…)

If that one in 100 people happens to be one of your kids, then you better expect them to be getting prescribed Ritalin or other similar concoctions… Remember Ritalin has a similar effect on the brain to slow-release Cocaine. Before you start pumping your kids full of needless medications: try two weeks of no WiFi & no Dect phone in your home – during the night. Just turn the WiFi Router & Dect phone base-staion off at the mains. Get them out in the fresh air, riding bicycles & having fun. Keep them away from all that electronic crap that now passes for a childhood. Buy them a trampoline and make them bounce for 30 minutes a day, even in the rain! That way they’ll sleep soundly without drugs.

If one thing makes me feel sad about our childrens’ potential future it’s that Orwell’s & Huxley’s novels are being treated like a blueprint for the One-World-Order future. If you put arseholes in charge of decision making you can expect nothing better! Encourage your kids to read books, maybe 1984 & Brave New World 😉

Just because computers do become capable of surveying everybody – always – it doesn’t mean they should!

Today’s Mail on Sunday magazine ‘You’ poses the question: ‘Are you sleeping with the enemy?’

Yes, another mainstream magazine dares to link Mobiles, Wifi routers and other electronic devices with poor sleep. In the article Dr Chris Idzikowski, director of the Edinburgh Sleep Centre, says that, ‘ There’s more than sufficient evidence that mobile phone exposure an hour before bedtime adversely affects deep sleep ‘.

Others in the article report the classic fuzzy-mindedness that over-use of RF emitting gadgets can bring on. The article suggests that you turn off your mobile at bedtime.

While this is good advice, not a single mention is made of the danger from DECT cordless phones. The article states that a Mobile left on the bedside table will talk to the cell tower every ten minutes or so – well in our experience it’s more like every half an hour, for a five second burst. That isn’t going to disrupt your sleep. However, having a DECT cordless phone near your bed almost certainly will.

If you didn’t already know: the DECT cordless phone’s base station – the main docking point, if you have several handsets – gives out a constant pulse of RF, all the time. Even when you’re not talking on the handset. Keeping it a few feet from your head, while trying to sleep, is not such a good idea. Nor should you have a DECT base unit next to the home PC you use for hours at a time. All those hours you spend feet from a DECT cordless docking station really could leave you feeling completely ‘Spaced Out’.

So, while the article in the Sunday Mail is undoubtedly well intentioned, it could have payed more attention to DECT.

Originally published in The Independent newspaper back in January 2008.

Using up all those free minutes before bedtime can seriously disrupt your sleep pattern. This is the conclusion of researchers in Sweden & the USA, in a properly controlled trial.

Critics from the mobile industry were quick to dismiss the effect as ‘no worse than having a coffee at bedtime’. But, up until very recently they insisted that no non-thermal effects existed with mobiles – now it seems that they’ve changed their tune…

Full original article from The Independent.

Micro Mart magazine reports this week that OFCOM have given British airlines the go-ahead to install phone masts (picocells) on planes. The picocells will be switched off for take-off & landing, and will only be activated above 10,000 feet. The report states that BMI & Ryanair plan to install the technology soon. Great. Recycled air & electrosmog.