Category: Hardware


Hands-on: hacking WiFi Protected Setup with Reaver

Filed Under: Hardware, Security, Security Alerts by William — Leave a comment
January 4, 2012

Time for me to start recommending routers with dd-wrt and NO WPS capabilities.  If turning it off doesn’t turn it off then security is non-existent for wireless network.  Ick.

The attack took about six hours to properly guess the PIN and return the SSID and password for the target network. During that time, the router locked up once under load, as I was putting normal levels of network traffic through it from other devices. Some routers will also lock out WPS requests for five minutes or so when they detect multiple failed PIN submissions—mine stopped responding occasionally, generating a string of warnings, but Reaver picked back up where it left off once the Linksys started responding again.

Having demonstrated the insecurity of WPS, I went into the Linksys’ administrative interface and turned WPS off. Then, I relaunched Reaver, figuring that surely setting the router to manual configuration would block the attacks at the door. But apparently Reaver didn’t get the memo, and the Linksys’ WPS interface still responded to its queries—once again coughing up the password and SSID. 

The tool also managed to repeatedly cause the router to stop responding to other computers on the network, essentially creating a denial of service attack—a great thing to remember for the next time my neighbors have a loud, all-night Call of Duty session.

In a phone conversation, Craig Heffner says that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they’ve tested. “On all of the Linksys routers, you cannot manually disable WPS,” he said. While the Web interface has a radio button that allegedly turns off WPS configuration, “it’s still on and still vulnerable.”

via Hands-on: hacking WiFi Protected Setup with Reaver.

Comment

Turn Off WPS(Wifi Protected Setup)

Filed Under: Cisco, Hardware, Security, Security Alerts by William — Leave a comment
December 28, 2011

I figured it was a matter of time before this was exposed.  The pins are usually 8 digits which it has been known for quite some time that you need at least 12 sufficiently random characters for any kind of protection against brute force attacks.  Of course the lack of a lockout system makes it even more trivial.

 

WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs | threatpost.

Comment

Hard Disk Warranties Getting Chopped

Filed Under: Hardware, Storage by William — Leave a comment
December 18, 2011

Not too long after the market punished the Hard Disk industry for dropping warranties before the industry is now moving to cratering hard disk warranties again.  I bet they are going to be introducing a new technology for manufacturing hard disks and they are dropping the warranties until the industry works the bugs out.  Be forewarned and check the length of the warranty of any hard disk you buy.  If it isn’t at least 3 years i would not buy it.

 

Some desktop and notebook barebones drives will have their warranties slashed from 5 years to 1 year.

Last week, Western Digital revealed that it was cutting the warranty on its Caviar Blue/Green and Scorpio Blue drives from three years to two years. Now, it looks like Seagate just couldn’t stand by and let Western Digital have all fun when it comes to cutting hard drive warranties.

 

The Register is reporting that Seagate is upping the ante by slashing some warranties from five years down to one year. Here are some of the “highlights” of the warranty cuts:

Constellation 2 and ES.2 drives: 5 years reduced to 3 years

Barracuda and Barracuda Green drives: 5 years reduced to 1 year

Barracuda XT: 5 years reduced to 3 years

Momentus 2.5-inch (5400 and 7200rpm): 5 years reduced to 1 year

Momentus XT: 5 years reduced to 3 years

via DailyTech – Seagate Joins Western Digital in HDD Warranty Massacre, Doubles Down with 1-Year Warranties.

Comment

Good Coverage of CarrierIQ rootkit

Filed Under: Cloud Computing, Hardware, Security, Security Alerts, Smartphone by William — Leave a comment
December 1, 2011

 

 

This link aggregates all of techcrunchs coverage with decent linking to outside sites about this too.

 

Carrier IQ | TechCrunch.

Comment

Carrier IQ: Mobile App Crap Must Stop – Security – Mobile Security – Informationweek

Filed Under: Cloud Computing, Hardware, Security, Security Alerts, Smartphone by William — Leave a comment
December 1, 2011

 

 

 

Crapware on a pc or mac is easy to combat….format the machine and use your own, known good image.  Phones however are a new frontier of badness for the enterprise and anyone with need for data security.  Folks wonder why I’ve advocated locking smartphones out of sensitive networks…this is why.  I’ve figured this for a while…now it’s been proven.  There are quite a few links in this story..please read them.  The video that’s blown the lid off this is right here.

 

You just can’t make this stuff up. If I had told you six months ago to be very careful about entrusting corporate data to mobile carriers who pre-install app crap, because they would build spyware into phones, collect secure web browsing information, and embed this software so deeply that you have to change the ROM to get rid of it, you would have written me off as a paranoid. Yet, that appears to be the situation with CarrierIQ, a carrier utility gone wild.

Like the Master Control Program in the 80s science fiction classic, “Tron,” CarrierIQ collects data for an ostensibly harmless purpose: to help carriers improve the quality of their network and improve the user experience. Then, it goes crazy and tries to kill everyone. It may not be as bad in this case, but the trouble is, though Carrier IQ claims, “we are counting and summarizing performance, not recording keystrokes or providing tracking tools,” third party analysis of Carrier IQ begs to differ.

Specifically, researcher Trevor Eckhart writes on his blog that the Carrier IQ application “is receiving not only HTTP strings directly from browser, but also HTTPs strings. HTTPs data is the only thing protecting much of the ‘secure’ Internet.” Carrier IQ, realizing how damaging this revelation was, tried to squelch Eckhart through a cease-and-desist letter (giving him two whole days to respond, and threatening damages starting at$180K), but the Electronic Frontier Foundation came to the rescue. Carrier IQ relented after the assault from the EFF, and is now “deeply sorry for any concern or trouble” that the letter may have caused Eckhart.

From an enterprise perspective, this is massive. It’s the Jerry Sandusky of mobility. It is an insane breach of trust.

[ Not up to date on Carrier IQ? See Carrier IQ Withdraws Legal Threat Against Security Researcher. ]

Enterprises have long put up with “app crap” on Windows platforms, and, then, on mobile platforms. On the Windows platforms, enterprises would shrug, wipe the machines, re-image them, and move on with work as usual. On mobile, enterprises believed that the app crap was benign enough. Wrong.

We all knew that spyware existed on PCs, but the big difference is that spyware and rootkits got installed by malicious third parties, not our trusted partners who get paid for services that they provide.

All of a sudden, Steve Jobs’ perspective about who should control mobile device firmware doesn’t seem to be such a bad idea.

Carrier IQ has no relationship, at all, with the enterprise. They’ve said that “we do not sell Carrier IQ data to third parties” or “provide real-time data reporting to any customer.” But once you generate the data, it’s there for the taking.

This year’s Data Breach Investigations Report, co-sponsored by the US Secret Service, and, ironically, a mobile provider, emphatically states that organizations need to eliminate unnecessary data collection (since it can and will be stolen.) As enterprise trusted partners, it’s time for carriers to eliminate the middleman. Carrier IQ had no incentive at all to limit the type of data that it collects.

Because Carrier IQ is so carrier focused, it may have even come as something of a surprise to the Carrier IQ folks that they may have violated wiretap laws.

The whole model needs to change, or this incident will be repeated. Carriers currently control the phone, and work with third parties to build management software that they need. The third parties have no skin in the game in terms of the trust relationship with the enterprise. Frankly, in this case, if Carrier IQ’s reputation becomes so tarnished that they can no longer sustain a viable business, they can pull up their tent stakes, change their name, and resume operations.

Well, good for them, but BAD for the enterprise, because the enterprise now needs to start investing the type of time that used to be reserved for Windows PCs, in order to re-image spyware-vulnerable smartphones. It’s not a matter of just removing the software. InformationWeek contributor Mathew Schwartz told me this morning that “some deployments of Carrier IQ by the carriers have an ‘off switch’ that smartphone owners can trigger,” but that he’s also seen reports that it simply doesn’t work.

 

Carrier IQ: Mobile App Crap Must Stop – Security – Mobile Security – Informationweek.

Comment

Virtualization Project Update

Filed Under: Astaro, Cloud Computing, Hardware, Intel, Linux, Microsoft, Open Source, Security, Server 2008, Vendors, Windows by William — Leave a comment
November 23, 2011

I got Hyper-v working finally here at my office.  I now have one box hosting 3 virtual mahcines.  VM 1 is my Astaro firewall.  VM 2 is my main AD file/print/authentication server.  VM 3 is my Astaro Command Center which aggregates status and updates from my astaro and my other client installs to me.  This allows me to monitor all of my Astaro easily in one spot without having to constantly individually touch each machine.  My power usage used to idle at nearly 130 watts.  My idle power now hovers around 60 watts.  I now average less than 90 watts which means nearly half of my power budget is now gone.  The host machine is running server 2008 R2 enterprise with Hyper-v.  It has three physical nics.  It also mirrors all functions of the main server except for file serving.

As for resource allocation here is the breakdown:

VM1: 4 vcpus, 2 gigs of ram(static), 3 virtual nics, 80 gigs of dynamic storage on RAID 1, 25% total system cpu ghz reserved with the ability to burst to 50% usage with medium priority.

VM2: 2 vcpus, 2 gigs ram(static), 1 virtual nic, 500 gigs of dynamic storage assigned on it’s own raid 1 array,  0% cpu reservation with burst to 25% cpu with medium priority.

VM3:  4 vcpus, 1 gig ram(static), 1 virtual nic, 120 gigs of dynamic RAID 1 storage, 0% cpu reservation with burst to 25%.

 

Right now the host machine spends most of it’s time at idle.  Considering how little power this draws it will pay for itself in under 1 year.

 

Comment

Iphone 4S drains battery like a vampire – Turns users into Zombies | TechEye

Filed Under: Apple, Cloud Computing, Hardware, Internet, Smartphone by William — Leave a comment
October 31, 2011

The design geniuses at Apple, who are yet to come up with an iPhone 4 which did not have some serious design flaws, are scratching their heads about the latest problem which has hit the cargo cults latest toy.Apple recently released the iPhone 4S which was an iPhone 4 with some software that only Americans could use and the stupid antenna design abandoned. While it was a clever idea to make users pay for something that many manufacturers would be morally bound to recall, it turns out that the iPhone 4S has a design problem all of its own.For some reason the iPhone 4S loses battery faster than its users can charge it. Normally this is not a problem. The iPhone only has to be charged long enough for its users to attempt to convert other people to the Apple cult. It is not as if they use it to call their friends. But it seems that the iPhone 4S cant even manage this task.With normal use, it dropped 19 percent in 50 minutes and sometimes the battery dropped away at an even faster rate than that. Battery life has been dropping ten per cent an hour even when the optional location settings have been switched off.Since the only thing different about the iPhone 4S and the iPhone 4 is the chip, the fault has been narrowed down to the operating system that was also installed on the phone. It turns out that the iOS 5 cant really handle the new hardware.After shedloads of complaints on Apple bulletin boards and lots of suggested fixes an Apple store staff member was able finally to fix the problem.He claimed it was because the OSs location services was constantly checking location especially for the Time Zone.He was able to solve the problem by switching everything off in the Location Services > System Services menu except for Cell Network Search. His phone now lasts “pretty much the whole day”.While the fault has been causing frustration for users, Apple has done its usual “refusing to comment” thing. To admit there is a fault, means that the iPhone 4S is not as perfect as Apple says it is, and that would create a religious paradox.However, behind the scenes, the outfits engineers have been contacting some iPhone 4S owners who have complained of battery life issues individually and asked them to install a monitoring program on their phones to try to diagnose the problem.But the Sydney Morning Herald has found another serious software fault affecting battery life on the iPhone 4SMathew Peterson, who runs the Australian app development company TheLittleAppFactory, said he found that another problem affecting the iPhone 4S battery life was the iCloud contacts syncing code, which crashes repeatedly when it hit corrupt contacts in a loop.This harms those who have upgraded from previous iPhone models and causes the phones processor to work extra hard. The result is that the phone runs “noticeably warm” and it causes “the battery to drop 20-30 percent in 10-15 minutes”.It can be fixed by disabling contacts in iCloud or restarting the device. Peterson said that you really have to install the entire OS and then copy the contacts back on.

via Iphone 4S drains battery like a vampire – Turns users into Zombies | TechEye.

Comment

If You Have a Siri Enabled Phone It is NOT Able to be Locked….Yet

Filed Under: Apple, Hardware, Security, Security Alerts by William — Leave a comment
October 19, 2011

Whoopsie.

Apple’s new “Siri” feature, the voice-activated personal assistant built into the iPhone 4S, leaves owners’ spanking new smartphones partially unguarded.

Those of us who work in the security arena have often banged on about the importance of securing your smartphone with a password or passcode to prevent unauthorised access.

Most mobile phone manufacturers have recognised that as so many people use their smartphones to manage their their diaries, their private communications, and their social lives, it’s good to have some form of security.

Which leaves Apple with some egg on its face regarding Siri.

Even if an iPhone 4S is locked with a passcode, a complete stranger can come up to your smartphone, press the button and give Siri a spoken command.

via Has Siri left your iPhone 4S unlocked? | Naked Security.

Comment

External Editorial: 5 Reasons Why I Think The iPhone 4S Is The Least Competitive iPhone Yet

Filed Under: Apple, Hardware, Internet, Linux, Open Source, Smartphone by William — Leave a comment
October 5, 2011

There’s one thing he is leaving out.  Andriod is not a closed, one vendor only operating system.  IOS is apple and pp-le only.

 

I’d like to start by stating I am not a rabid Android “fanboy.” In fact, I heavily considered the iPhone 3GS back in the day (er, last year), before deciding to pick up my Nexus One instead. Admittedly, I was a bit bedazzled by the concept of a “Google phone” and, as a confessed mega-geek, I found the bleeding-edge experience Android offered to be more exciting for some reason.

So I chose an Android device. When the iPhone 4 was released, I’ll be the first to admit that I was jealous. Like it or not, Apple’s Retina display and buttery-smooth iOS UI remain rivaled only by Samsung’s Galaxy S II, and I still staunchly believe Apple builds superior products to anyone in the smartphone industry in terms of build quality and hardware design. iOS 4 still lagged behind Android in several key respects, but to say the iPhone 4 wasn’t a juggernaut in the marketplace (antenna-gate aside) would be willful ignorance.

When it started becoming consensus that Apple would be jumping straight to the iPhone 5, my imagination ran wild with the possible changes the company could be making to the iconic device. So, when the rumors then began piling up that Apple would not be releasing an iPhone 5 today, but an iPhone 4S, my hopes for it immediately and arbitrarily decreased. When it was officially announced, my confidence in Apple’s ability to continue to innovate and break new ground not only with the iPhone itself, but the iOS platform, waned substantially. Apple broke its release schedule and waited until Fall for this very incremental upgrade? I can scarcely understand what took Apple so long.

If this phone had been released in June, my reception may have been a bit warmer. But given the pace at which smartphones are evolving,  Apple will already be feeling the pressure from new Android handsets not a few months from now, but a few weeks. This isn’t good. It isn’t good for Apple, and it isn’t good for their carrier partners. We knew there was a strong possibility that Apple would release an incremental upgrade to the iPhone 4, but we expected a much larger increment, if you will.

The release of the iPhone 4S will pit it squarely against the various carrier-branded versions of Samsung’s Galaxy S II, Google’s upcoming Nexus Prime handset on Verizon, and a litany of devices in the pipes from the likes of Motorola and HTC. Phones with high definition 720p displays. Phones with even more powerful dual core processors. Phones with Google’s much-awaited Ice Cream Sandwich release of the Android OS – the single biggest visual revamp of the Android OS for phones to date. Some of these phones will be, in terms of a number of on-paper specifications, bigger and better than the iPhone 4S.

While Apple’s device remains the king of the hill in terms of battery life, camera, display pixel density, and internal storage offerings for now, there’s no doubt that this is the least competitive iPhone to be released to date. Here’s why.

via Editorial: 5 Reasons Why I Think The iPhone 4S Is The Least Competitive iPhone Yet.

Comment

Massive Security Breach for HTC Smarthpones – This is Caused by HTC’s Customized Sense UI NOT a Problem With Android Itself

Filed Under: Hardware, Internet, Linux, Open Source, Security, Security Alerts, Smartphone by William — Leave a comment
October 3, 2011

HTC screwed up big time here.  If you are using the stock HTC Sense UI(and most folks are) they have enabled a backdoor into the phones base operating system that essentially allows any app with simple permissions to sniff everything on or about the phone and send it back.  Android itself is not at fault HTC made modifications w of Android that caused this.

In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users’ devices, easier remote analysis, corporate evilness – it doesn’t matter. If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in.

That is not the case. What Trevor found is only the tip of the iceberg – we are all still digging deeper – but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:

the list of user accounts, including email addresses and sync status for each

last known network and GPS locations and a limited previous history of locations

phone numbers from the phone log

SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely)

system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info

Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don’t expect it to read your phone log or list of emails.

But that’s not all. After looking at the huge amount of data (the log file was 3.5MB on my EVO 3D) that is vulnerable to apps exploiting this vulnerability all day, I found the following is also exposed (granted, some of which may be already available to any app via the Android APIs):

active notifications in the notification bar, including notification text

build number, bootloader version, radio version, kernel version

network info, including IP addresses

full memory info

CPU info

file system info and free space on each partition

running processes

current snapshot/stacktrace of not only every running process but every running thread

list of installed apps, including permissions used, user ids, versions, and more

system properties/variables

currently active broadcast listeners and history of past broadcasts received

currently active content providers

battery info and status, including charging/wake lock history

and more

via Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More.

Comment