Can you access protected networks without breaking a sweat? Does just thinking about security exploits get you hot and bothered? Are "spoofing" and "packet sniffing" part of your regular vocabulary? If you answered "Yes" to those questions, and you can prove your hacking prowess at the upcoming DEFCON convention, you may just wind up getting a job offer (and a pension plan) from government agencies like the NSA.
Current headlines would have you believe that the hacking community is a seedy world full of anonymous, government-hating hooligans and lulz-seeking havoc-wreaking chuckleheads. That is a part of it, but for every jerk who steals credit card numbers, there's a hard-working hacker helping to identify weaknesses in networks and shore up corporate defenses.
Chris Paget made a name for himself back in 2009 when he exposed security vulnerabilities in RFID that allowed him to wirelessly download the contents of US passports from a parked car, and he’s making headlines again by exposing serious problems in the GSM cellphone network. Using nothing more than an off the shelf laptop, and a pair of RF antennas he was able to successfully imitate an AT&T cellphone tower which allowed him to intercept and record phone calls. “As far as your cell phones are concerned, I'm now indistinguishable from AT&T,” he told a crowd at this year’s DefCon security conference.
The demonstration was supposed to highlight a major flaw in the 2G GSM system which automatically directs phones to the tower with the strongest signal, apparently without proper authentication. So far the system only works on outgoing calls, but is a pretty critical flaw in the most commonly used wireless technology in the world. "GSM is broken," Paget said, "The primary solution is to turn it off altogether." I’m willing to bet carriers will take his recommendation “under advisement”, but hopefully a more reasonable fix is possible with the existing hardware.
It is unknown at this point if similar vulnerabilities exist in CDMA, but for the time being anyway, it will be the last refuge for tin foil hat wearing propeller heads who need to keep their calls private at any cost.
The Black Hat security conference attracts the creme de la creme of the security industry. This year the organizers even offered a paid live stream for those unable to make the trip to Vegas. Called Black Hat Uplink, the service carried a $395 price tag. But as security expert Michael Coates found out, the price could be waived entirely, thanks to “a combination of logic flaws and misconfigured systems which provided access to a testing login page that could be used with user credentials that were not fully "registered" (e.g. no payment received). “
Coates, who oversees web security at Mozilla, wrote on his blog that he was unable to attend this year's event and so decided to closely monitor it online. “In this process I noticed the new "Black Hat Uplink" service that would allow remote individuals access to streaming Black Hat talks from two select tracks,” he wrote.
“I identified a series of flaws that would enable the creation of an account with only providing an email address (e.g. no name, address, phone etc) and I was never asked to enter any credit card data. Odd I thought, perhaps you enter the credit card info upon your first login.” Upon completing the registration, he was faced with a slight problem: he didn't have a registration email do direct him to the login page.
“A few select Google searches and I ended up on a relatively vanilla looking login page. I have a username and a key, let's give it a shot. To my surprise the login was accepted and I was now sitting in front of the live Black Hat video stream.”
He wasted little time in contacting the event's organizers, holding off the public disclosure until they had fixed the flaw. He also revealed that Black Hat used a third-party solution for the video feed. Can't see them using the same vendor for the next event, though.
Two researchers, Alex Pilosov and Anton Kapela, have concocted a technique to exploit the Border Gateway Protocol (BGP) – internet’s core routing protocol. They demonstrated their technique at the DefCon hacker conference in Las Vegas. The threat emanates from the innate credulity of the routing protocol: the BGP apparently is designed to trust all nodes and can be exploited to redirect insane volumes of internet traffic to malevolent networks.
It can be used for spying at a truly unprecedented scale. No, we are not talking about stalking someone on Facebook but nation-state espionage. Millions of users can be exposed within moments of such an attack. A few solutions have already been propounded, but ISPs seem to be watching quietly from the sidelines.