Dragan on Security

There is serious vulnerability with A5/1 encryption scheme used in GSM networks. It can lead to interception of GSM calls.This vulnerability has been presented by Karsten Nohl and Chris Paget at the 26th Chaos Communication Congress (26C3). This event is the annual four-day conference organized by the Chaos Computer Club (CCC). It took place from December 27th to December 30th 2009 at the bcc Berliner Congress Center in Berlin, Germany.

Citation from CCC Web site:

The world’s most popular radio system has over 3 billion handsets in 212 countries and not even strong encryption. Perhaps due to cold-war era laws, GSM’s security hasn’t received the scrutiny it deserves given its popularity. This bothered us enough to take a look; the results were surprising.

From the total lack of network to handset authentication, to the “Of course I’ll give you my IMSI” message, to the iPhone that really wanted to talk to us. It all came as a surprise – stunning to see what $1500 of USRP can do. Add a weak cipher trivially breakable after a few months of distributed table generation and you get the most widely deployed privacy threat on the planet.

Cloning, spoofing, man-in-the-middle, decrypting, sniffing, crashing, DoS’ing, or just plain having fun. If you can work a BitTorrent client and a standard GNU build process then you can do it all, too. Prepare to change the way you look at your cell phone, forever.

Slides are here.

Track repository is here. It implements attack on the A5/1 cipher.

Torrents are here.

Note 1: This in not advocating exploiting weaknesses but rather wanting to inform about the fact that GSM calls are already being intercepted and decrypted using commercial tools.

Note 2: Links above are active in moment of writing this blog post. It is possible that some of them can be recalled or inactive from various reasons.

This year I attended RSA Conference and had chance to see and listen very interesting sessions and keynotes given by important players in security arena.

RSA Security Conference Europe 2009 has been held in period 20-22 October 2009 in Hilton London Metropole Hotel. RSA conferences are one of the most comprehensive forums in information security. It gives opportunity to learn about the latest trends and technologies, get access to new best practices, and gain insight into the practical and pragmatic perspectives on the most critical business issues facing you today.

You can find more details about conference here. I definitely recommend this conference to professionals interested in computer, networks and information systems security, but also to executive management and seniors from broad range of companies. Next RSA Conference 2010 is to be held from March 1-5, 2010 in San Francisco, USA.

Not many people seem to have noticed that Invisiblethings team has reported the 3rd attack against SMM (Attacking SMM Memory via Intel® CPU Cache Poisoning) which they have found in the last 10 months. Joanna Rutkowska, founder and CEO of Invisible Things Lab reported it on her blog and also company’s web site.

Here is citation of one interesting opinion:

But anyway, does the fact we can easily compromise the SMM today, and write SMM-based malware, does that mean the sky is falling for the average computer user?

No! The sky has actually fallen many years ago… Default users with admin privileges, monolithic kernels everywhere, most software unsigned and downloadable over plaintext HTTP — these are the main reasons we cannot trust our systems today. And those pathetic attempts to fix it, e.g. via restricting admin users on Vista, but still requiring full admin rights to install any piece of stupid software. Or selling people illusion of security via A/V programs, that cannot even protect themselves properly…

One of attacks has been shown on recent CanSecWest Applied Security Conference: Vancouver. That is: Getting into the SMRAM: SMM Reloaded – Loíc Duflot.

Looking into these reports and state of current security, it seems that is room and necessity of important changes in this area.

Belgrade, Serbia – In Sava Center 15th TELFOR (Telecommunication Forum) has been opened today. Organizers are Telecommunications Society – Belgrade, ”Telekom Srbija” A.D., Public PTT Enterprise “Srbija”, ETF - School of EE, University in Belgrade, IEEE Serbia & Montenegro Section and ComSoc Chapter. This event will last 3 days: on the 20th, 21st, and 22nd November 2007.

Telecommunications Forum TELFOR 2007 is organized for the 15th time as a domestic and regional annual meeting of those professionals working in the broad fields of Telecommunications and Information Technologies. The participants are mostly telecommunications engineers, but also the economists, jurists, managers, governmental officials, students, researchers, operators, service providers and others. In this way TELFOR is the forum in which all relevant aspects of Telecommunications and IT are discussed: subjects of technical nature, development policy, regulatory and economics matters, education, equipment production, services and operation of systems.

The work of Telecommunications forum TELFOR is organized through: 

• Plenary sessions with invited papers or lectures, 
• Authors’ sessions from the defined program fields, 
• Undergraduate students’ sessions, 
• Special technical and development presentations of the leading international and domestic telecommunications companies and societies, 
• New books presentations, 
• Seminars and tutorials for young engineers and students, 
• Exhibition of the communications hardware, software, equipment, systems and services, 
• Commercial presentations of the companies and their products, 
• Thematic debates, panel discussions and round ta¬bles on current issues, 
• Social meetings, etc.

You can see more information on conference Web site: 15th Telecommunications Forum TELFOR 2007.

We-Go | Enhancing Western Balkan e-Government Expertise summit has been held at Belgrade University on October 4th, 2007. It was attended by University deans and professors, government officials and industry representatives from West Balkan countries and also Austria, Germany and Estonia. Rector of Belgrade University gave welcome speech. Serbian key speaker was Prof. Dr. Aleksandra Smiljanic, Minister of Telecommunications and Information Society. I also delivered my short presentation at this summit. Here is agenda at Belgrade University web site.

8th IEEE International Conference – TELSIKS 2007 will take place from September 26 – 28, 2007 in Nis, Serbia. Visit conference site here. Paper titled “Reduction of False Positive Intrusions by Using Neural Nets” which I worked on with couple of associates will be presented on this conference. It is scheduled for Wednesday, September 26th, 2007 in session Wireless Communications I as invited paper. Integral conference program document is here.

Bruce Schneier’s DefCon 15 Speaker Badge can be bought on eBay auction.  The badge contains a programmable LED with up to 14 characters.  It uses two Li batteries (included), and was designed by Joe Grand. If you wish it, hurry up. Auction ends Aug-22-07 13:41:36 PDT. Upon completion of this auction, Schneier will donate an amount equal to the purchase price to the Electronic Privacy Information Center.

You can also see post and interesting comments about this auction on Bruce’s blog (here).

At the kickoff reception for the IT Security Summit in Johannesburg, there was a bit of industrial theater about identity theft. Someone tried to pretend he was Bruce Schneier; it was pretty funny, really. Also, someone captured discussion after on video.

Last night was the gala reception where we were treated to a short identity theft skit (industrial theater they called it) starring Bruce Schneier. An impostor burst in on the scene and claimed to be Bruce. He produced a passport that identified him self as Mr. Bruce Schneier. He then had his interlocutor check images on Google, FBI.gov and CIA.gov, all of which identified this bloke as Bruce. It was only after Bruce solved a simple block cypher of the words “I am Bruce” that the impostor fled the scene. Watch the video of Bruce describing the point of the exercise.

See more here.

One among most important security conferences this year, RSA Conference is in progress in Moscone Center, San Francisco (February 5-9). Keynote speakers list includes Bill Gates (Microsoft),  Larry Ellison (Oracle), and many other famous and very important speakers.

Keynote Webcasts are avaiable online. You do not need to be a registered attendee of RSA® Conference 2007 to view the keynotes; however you will need to answer a few brief registration questions before you can start downloading the webcast replays.

Register for Webcasts here.

10th International Symposium on Recent Advances in Intrusion Detection 2007 (RAID 2007) will be held on September 5-7, 2007 in Crowne Plaza Hotel, Gold Coast, Queensland, Australia. Symposium is hosted by Information Security Institute, Queensland University of Technology, Brisbane, Australia.

This symposium, the 10th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series is intended to further advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. As in previous years, all topics related to intrusion detection, prevention and defense systems and technologies are within scope, including but not limited to the following:

• Intrusion detection and prevention techniques
• High-performance intrusion detection
• Intrusion detection in special environments (e.g., mobile networks)
• IDS cooperation and event correlation
• Formal models and analysis
• Attack response, countermeasures, and intrusion tolerance
• Survivability and self-protection
• Attacks against IDS and evasion
• Insider threat detection and mitigation
• Deception systems and honeypots
• Malicious code detection and containment
• Visualization techniques
• Intrusion detection assessment and benchmarking
• IDS interoperability standards and standardization
• Vulnerability analysis and risk assessment
• Legal and social issues

Visit RAID 2007 website here.