WASP: The Linux-powered flying spy drone that cracks Wi-Fi & GSM networks

The Black Hat Security Conference and DEFCON bring together the world’s professional hackers, security researchers, goverment representatives, journalists, and just about anyone who thinks of themselves as a hacker. They listen to talks about security, show off the latest novel hacks, and generally share information about the state of computer security.

Every year there’s a highlight to the conferences, and this year it looks like that highlight may be a flying drone, or unmanned aerial vehicle (UAV). This drone is called the Wireless Aerial Surveillance Platform, or WASP. It’s an ex-U.S. Army spy drone measuirng over 6-feet in length and wingspan that has been modified to make it more useful for hackers in our built-up, communication-heavy urban environments.

If you happen to see this yellow drone flying above your neighborhood you’d be right to be concerned. WASP is equipped with the tools to crack Wi-Fi network passwords made possible by an on-board VIA EPIA Pico-ITX PC running BackTrack Linux equipped with 32GB of storage to record information. BackTrack offers a full suite of digital forensics and penetration testing tools making it a good fit for this setup.

WASP can also act as a GSM network antenna meaning it will be able to eavesdrop on calls/text messages made over that network by any phone deciding to connect through it.

While such a drone may violate a few flying laws, it doesn’t break any FCC regulations as it uses the HAM radio frequency band or a 3G connection for communication. As to the reason for building it, creators Mike Tassey and Richard Perkins just wanted to prove there is a vulnerability that can easily be taken advantage of with a UAV such as this.

WASP is an open source platform using Arduino that Tassey willdiscuss how to build at DEFCON-19 next week. It was originally unveiled last August with the following video giving you a close up view and interview with the creators:

The main developments since last year seem to be the open-sourcing of the design rather than just relying on the ex-Army drone, and the GSM compatibility being added, which they were really eager to get working last August.

Apart from a manual take off and landing, WASP can be preloaded with GPS co-ordinates and then fly a course using its on-board electric motor. You could put this drone in the air and have it return some time later with 32GB of fresh data to look through, or monitor it from a base station and switch to loiter mode if you find an interesting area. The on-board HD camera also means it’s easy to capture video footage of an area, or a test flight like this:

The main take-away from the WASP project is that this is just two guys building a UAV in their spare time that can easily collect data from Wi-Fi and GSM networks with little input from the operator. There’s even instructions available to create your own. That makes it more than worthy of a talk at DEFCON, but also worth the time of network operators to see how they could counteract such a system from ever being used successfully.

Originally published by http://www.geek.com/geek-pick/wasp-the-linux-powered-flying-spy-drone-that-cracks-wi-fi-gsm-netwokrs-1407741/

Apple blames developer centre outage on 'intruder'

Since 18 July, registered Apple developers trying to download OS X 10.9, iOS 7, or any other Apple software from the company's developer portal have been greeted with a notice that the site was down for "maintenance." On 22 July, the company issued a brief statement blaming the extended outage on an "intruder," and that Apple "[has] not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed."

The notice says that "sensitive" information could not be accessed by the intruder because it was encrypted, and the company told  MacWorld that the system in question is not used to store "customer information," application code, or data stored by applications.  Anecdotal reports (including one from our own Jacqui Cheng) point to a sudden spike in password reset requests for some Apple IDs, suggesting that email addresses have in fact been accessed and distributed but that passwords were not. In any case, we generally recommend that users change their passwords when any breach (or suspected breach) like this occurs.

"In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database," the statement said. Apple has also given week-long extensions to any developers whose program subscriptions were scheduled to lapse during the outage, which will keep those developers' applications from being delisted in Apple's various App Stores.

This story originally appeared on ars technica

You SIM card might be vulnerable to hacking

SIM cards are the common chips which we use to connect to our service providers. The card contains a lot of infromation which is protected i.e  the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets.

With over seven billion cards in active use, SIMs may well be the most widely used security token in the world. 

Most people find their SIM card menus have been updated, this is done through a technology called over-the-air(OTA) updates. The updates are deployed via SMS and the cards are even extensible through custom Java software. While this extensibility is rarely used so far, its existence already poses a critical hacking risk.

According to an article written by Karsten Nohl of Security Research Labs in Berlin:

Cracking SIM update keys. OTA commands, such as software updates, are cryptographically-secured SMS messages, which are delivered directly to the SIM. While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the 70s-era DES cipher. DES keys were shown to be crackable within days using FPGA clusters, but they can also be recovered much faster by leveraging rainbow tables similar to those that made GSM’s A5/1 cipher breakable by anyone.

To derive a DES OTA key, an attacker starts by sending a binary SMS to a target device. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer.

Deploying SIM malware. The cracked DES key enables an attacker to send properly signed binary SMS, which download Java applets onto the SIM. Applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions. These capabilities alone provide plenty of potential for abuse.

In principle, the Java virtual machine should assure that each Java applet only accesses the predefined interfaces. The Java sandbox implementations of at least two major SIM card vendors, however, are not secure: A Java applet can break out of its realm and access the rest of the card. This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card.

Defenses. The risk of remote SIM exploitation can be mitigated on three layers:

1. Better SIM cards. Cards need to use state-of-art cryptography with sufficiently long keys, should not disclose signed plaintexts to attackers, and must implement secure Java virtual machines. While some cards already come close to this objective, the years needed to replace vulnerable legacy cards warrant supplementary defenses.
2. Handset SMS firewall. One additional protection layer could be anchored in handsets: Each user should be allowed to decide which sources of binary SMS to trust and which others to discard. An SMS firewall on the phone would also address other abuse scenarios including “silent SMS.”
3. In-network SMS filtering. Remote attackers rely on mobile networks to deliver binary SMS to and from victim phones. Such SMS should only be allowed from a few known sources, but most networks have not implemented such filtering yet. “Home routing” is furthermore needed to increase the protection coverage to customers when roaming. This would also provide long-requested protection from remote tracking.

Being anonymous in the NET(Internet)

Recently i read a report which was released by . The report was showing Kenya is one of the country in the spotlight. The US Government has been monitoring most of the internet traffic from Kenya. This freaked me out. Am that guy who owns my privacy, my secrets are mine.

I got several sleepless nights trying to figure out how i could go around this thing. I wanted all my communication to be private. After a week of burning the midnight oil i realised that "anonimity" is still a dream, though we can make that 'guy's' work harder by trying to do several things. This are some of the best ways to stay anonymous over the internet.

1. Get anonymous when browsing

• Use a proxy server.If you want all of your online activity to be anonymized, the best way to do it is to pretend to be someone else. This is basically what a proxy server does: it routes your connection through a different server so your IP address isn’t so easy to track down. There are hundreds of free proxies out there, and finding a good one is just a matter of searching. Most major browsers offer proxy server extensions that can be activated in just one click

• Use a Virtual Private Network (VPN). For most intents and purposes, a VPN obscures your IP address just as well as a proxy does – and in some cases even better. They work differently, but achieve the same result. Essentially, a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. So, if I were to log into Digital Trends’ VPN, anyone looking at my IP address would think I’m in New York when I’m actually on the West Coast. Here’s a list of good VPN services to get you started.

• Use TOR. Short for The Onion Router, TOR is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Browsing with TOR is a lot like simultaneously using hundreds of different proxies that are randomized periodically. But it’s a lot more than just a secure browser. We won’t get into the details here, but you should definitely check out its site if you’re concerned about anonymity.  

2. Anonymize emails and your communication

Using proxies, VPNs, and TOR will obscure your IP address from prying eyes, but sending emails presents a different anonymity challenge. Let’s say you want to send somebody an email, but you don’t want them to know your email address. Generally speaking, there are two ways to go about this:

1. Use an alias. An alias is essentially a forwarding address. When you send mail through an alias, the recipient will only see your forwarding address, and not your real email. Since all mail is forwarded to your regular inbox, this method will keep your real email address secret, but it will not, however, keep you from being spammed like crazy.
2. Use a disposable email account. This can be done in two ways: either you can just create a new email account with a fake name and use it for the duration of your needs, or you can use a disposable email service. These services work by creating a temporary forwarding address that is deleted after a certain amount of time, so they’re great for signing up for stuff on sites you don’t trust and keeping your inbox from being flooded with spam.

Also, using a VPN and communicating through an anonymized email address will keep your identity hidden, but it still leaves open the possibility of your emails being intercepted through a man-in-the-middle scheme. To avoid this, you can encrypt your emails before you send them. Here’s how:

• Use HTTPS in your Web-based email client. This will add SSL/TLS encryption to all of your Web-based communications. It’s not bulletproof, but it definitely helps. Just make sure the URL of your webmail has an S (for Secure) after the HTTP. Gmail users, for example could use https://mail.google.com. We also recommend using the HTTPS Everywhere extension. 
• Use PGP (Pretty Good Privacy) software. 
  I won’t go into great detail on how to install/use PGP, but you might want to consider looking into it. While using HTTPS will encrypt your data on a network level , PGP software will encrypt the actual files themselves. It’s a bit more complicated than that, but that’s the gist of it. 

In addition to email, you might want to encrypt any instant messaging you do for the same reasons. We recommend the following two chat clients:

• TOR chat: a lightweight and easy-to-use chat client that uses TOR’s location hiding services. It uses SSL/TLS encryption.
• Cryptocat: a Web-based chat client that uses the AES-256 encryption standard, which is extremely hard to break. It also supports group chats, so its perfect for all those top-secret world domination meetings you have with your buddies.

3. Take care of you file transfers and sharing

Getting files from the Internet is easy, but the sender has access to your IP address when you download files. In the case of BitTorrent, there are thousands of different peers that can see your IP address at any given moment, which means downloading is one of the least anonymous things you can do on the Web. However, if done correctly, it is possible to download and share files while keeping your IP address and identity concealed.

• If you’re downloading directly form a file hosting site like MediaFire or Mega, you can just use a proxy or VPN to obscure your IP. 
• If you’re using BitTorrent to download stuff, using a proxy or VPN will keep your identity hidden, but rather than just using any old service, we recommend using BT Guard. At its core, BT Guard is exactly the same as any other VPN or proxy service with the one difference being that the site is designed specifically for heavy BitTorrent users. Don’t worry about DMCA violation notices you might elicit – BT Guard just ignores them for you.

All About Programming

I have been in this class for two hours...now am starting to wonder what have I been doing all this time. I always understood things the upside way. Since I was a freshman I have been battling with so many terms. One being definition of some big but small words...PROGRAMMING.

When I first heard this word all that came into my mind is creating games using some complex programming language. Yess! A programming language..that made things even worse.

I realised the real meaning of programming when I was a sophomore. I hustled all those years trying to learn how to program. Though not in vain I gained some skill. But it was all useless if I couldn't understand what programming deals with.

Most people take programming as some very complex task, but after my short experience working on a medical system, it hit me that programming was not all about writing CODES but a much...much bigger field with so many complexities.

As A programmer I can define programming as the ability to know what a PROBLEM is and the right Tools to use to solve the problem. I bet all my programming skills on this definition.

If you u don't understand the problem you are tackling, its like you are competing with a donkey in the race of horses. Before I go cracking lemme explain this in point form:

• Understand the problem you are facing before you think of anything. Just try to imagine outside the programming world. Think as if there were no programming at all, then figure out the best solution you could give to that problem.
• Now you know the problem, don't rush...TULIA!!! code ain't running.
• So I bet by now you will be eager to go start finding out the solution to the problem, but first do a research. See how such problems were tackled in the past by professionals...am not saying that you copy other people's ideas but get an idea of how things are done.
• If you are comfortable with your research. Go ahead and identify tools which are necessary for your project. Don't look for tools (Silver Bullet Syndrome) which are so complex thinking that it will help you solve the problem with ease. Lets keep this topic for another day. e.g IDE, CASE tools.

You must be feeling intelligent now..but I promise you. You will look like a fool if you take my advice as the golden guide for programming.

Next step :

• After you have all the tools ready. Prepare the environment for setting up you tools, this is because what we have now are the raw materials and they are useless.
• After your environment is set, coding ain't a priority here. Leave everything and lets get down to paper work. This is the most intimidating part DOCUMENTATION! I wont even talk about it...i hate it. Lets keep this for another day.

Feel like a programmer?? We just 1/116 DONE!!