SIM card encryption exploit leaves mobile phone users vulnerable to hacking

A SIM CARD EXPLOIT that could leave millions of mobile phones vulnerable to hacking has been uncovered by German security firm Security Research Labs (SRL).

The research, which is due to be presented at the Black Hat security conference next week, has been detailed on a blog post by SRL founder and cryptographer Karsten Nohl, who said that the use of outdated 1970s cryptography could be exploited, granting hackers access to a device's location and SMS functions.

In the blog post, Nohl explained that the 56-bit Data Encryption Standard (DES) algorithm used for many SIM cards' signature verification is weak and outdated and thus "poses a critical hacking risk".

The security researcher found that it was possible to exploit a SIM card's SMS over the air (OTA) update system that is built with Java Card, that is, a subset of Java that allows applets to run on small memory devices.

"OTA commands, such as software updates, are cryptographically secured SMS messages, which are delivered directly to the SIM," said a blog post on SRLabs.de.

"While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the '70s-era DES cipher."

In an experiment, SRL sent an improperly signed binary SMS to a target device using a SIM encoded with DES, which was not executed by the SIM because of a signature verification failure. However, while rejecting the code, the SIM responded with an error code that contained the device's cryptographic signature, a 56-bit private key. It was then possible to decrypt the key using common cracking techniques.

Nohl explained that with this key in hand hackers are able to sign malicious software updates with the key and send those updates to the device. The attacker is also able to download Java Card applets, send SMS messages, change voice-mail numbers, and query location data.

"This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card," Nohl added.

Nohl listed three ways that mobile phone manufacturers can defend users against this SIM vulnerability, including SIM cards that support state-of-art cryptography with sufficiently long keys, do not disclose signed plain-texts to attackers, and implement secure Java virtual machines.

Another additional protection Nohn recommended was a SMS firewall anchored into handsets. "Each user should be allowed to decide which sources of binary SMS to trust and which others to discard. An SMS firewall on the phone would also address other abuse scenarios including 'silent SMS'," Nohl said.

The final defense listed by Nohl was "in-network SMS filtering", which would require filtering at the phone network level.

Hybrid location technologies: indoor/outdoor A-GNSS

Assisted GNSS systems rely on the visibility of GPS satellites (left).
Together, GPS and GLONASS satellites could improve location effectiveness.

As posted by Brock Butler with Electronic Design:
Location-based services (LBS) is one of the fastest growing segments in mobile device applications, so it is easy to understand the urgency to provide accurate-everywhere location (5  to 10-m accuracy) in any environment. Considering some of the data about how and where mobile devices are used, it is apparent why indoor positioning is becoming a much higher-value item (and a much bigger challenge) than outdoor tracking, from both a regulatory and commercial perspective.

Assisted-GPS (A-GPS) uses the GPS satellite constellation, which is controlled by the U.S. military and consists of 30+ satellites in medium earth orbit. The wireless network provides “assistance” data to the handset, which includes information to speed up the process of locking on to the satellites. The final position can be calculated at the user equipment (UE), termed UE-based positioning, or at the network, termed UE-assisted positioning. To speed up the process of obtaining a GPS fix, the network provides satellite constellation information, including:

• Current GPS constellation for the UE’s location
• Current GPS time
• Information on satellite orbits
• Frequency shifts in GPS frequencies because of Doppler effects

The availability of access to the GPS system chiefly governs A-GPS performance. The reference signals are very weak, easily attenuated, or even outright blocked by environmental obstructions. Any remaining satellite signals suffer heavy multipath, and any visible satellites may display poor geometry, which causes a higher positioning error. These issues are most prominent in urban and indoor situations.

Assisted GNSS (A-GNSS) uses satellite constellations other than GPS to improve overall satellite availability.  Increasing the number of visible satellites in the sky would cause fewer of them to be blocked out and provide better geometry, increasing performance in urban situations. Currently, the Russian GLONASS system is available for use. With A-GPS, the network can choose to provide assistance data for the additional satellite systems for enhanced performance. With clear visibility, A-GNSS provides very high accuracy, as high as 5 meters under 16 seconds in cold start.

Combined GPS and GLONASS signals, along with similarly configured repeater system could be used to provide indoor GNSS tracking services, providing indoor-outdoor accurate and ubiquitous location coverage for consumer, and commercial tracking needs.

Government Tracking Movement of Vehicles using License Plate photos

As reported by CBSDC: A rapidly growing network of police cameras is capturing, storing and sharing data on license plates, making it possible to stitch together people’s movements whether they are stuck in a commute, making tracks to the beach or up to no good.

For the first time, the number of license tag captures has reached the millions, according to a study published Wednesday by the American Civil Liberties Union (ACLU) based on information from hundreds of law enforcement agencies. Departments keep the records for weeks or years, sometimes indefinitely, saying they can be crucial in tracking suspicious cars, aiding drug busts, finding abducted children and more.

Attached to police cars, bridges or buildings — and sometimes merely as an app on a police officer’s smartphone — scanners capture images of passing or parked vehicles and pinpoint their locations, uploading that information into police databases..

Over time, it’s unlikely many vehicles in a covered area escape notice. And with some of the information going into regional databases encompassing multiple jurisdictions, it’s becoming easier to build a record of where someone has been and when, over a large area.

While the Supreme Court ruled in 2012 that a judge’s approval is needed to use GPS to track a car, networks of plate scanners allow police effectively to track a driver’s location, sometimes several times every day, with few legal restrictions. The ACLU says the scanners are assembling a “single, high-resolution image of our lives.”

“There’s just a fundamental question of whether we’re going to live in a society where these dragnet surveillance systems become routine,” said Catherine Crump, a staff attorney with the organization. The group is proposing that police departments immediately delete any records of cars not linked to any crime.

Although less thorough than GPS tracking, plate readers can produce some of the same information, the group says, revealing whether someone is frequenting a bar, joining a protest, getting medical or mental help, being unfaithful to a spouse and much more.

In Minneapolis, for example, eight mobile and two fixed cameras captured data on 4.9 million license plates from January to August 2012, the Star Tribune reported. Among those whose movements were recorded: Mayor R.T. Rybak, whose city-owned cars were tracked at 41 locations in a year.

A Star Tribune reporter’s vehicle was tracked seven times in a year, placing him at a friend’s house three times late at night, other times going to and from work — forming a picture of the dates, times and coordinates of his daily routine. Until the city temporarily classified such data late last year, anyone could ask police for a list of when and where a car had been spotted.

As the technology becomes cheaper and more widespread, even small police agencies are able to deploy more sophisticated surveillance systems. The federal government has been a willing partner, offering grants to help equip departments, in part as a tool against terrorism.

Law enforcement officials say the scanners are strikingly efficient. The state of Maryland told the ACLU that troopers could “maintain a normal patrol stance” while capturing up to 7,000 license plate images in a single eight-hour shift.

“At a time of fiscal and budget constraints, we need better assistance for law enforcement,” said Harvey Eisenberg, assistant U.S. attorney in Maryland.

Law enforcement officials say the technology automates a practice that’s been around for years. The ACLU found that only five states have laws governing license plate readers. New Hampshire, for example, bans the technology except in narrow circumstances, while Maine and Arkansas limit how long plate information can be stored.

“There’s no expectation of privacy” for a vehicle driving on a public road or parked in a public place, said Lt. Bill Hedgpeth, a spokesman for the Mesquite Police Department in Texas. The department has records stretching back to 2008, although the city plans next month to begin deleting files older than two years.

In Yonkers, N.Y., just north of New York City’s Bronx, police said retaining the information indefinitely helps detectives solve future crimes. In a statement, the department said it uses license plate readers as a “reactive investigative tool” that is only accessed if detectives are looking for a particular vehicle in connection with a crime.

“These plate readers are not intended nor used to follow the movements of members of the public,” the department said.

Even so, the records add up quickly. In Jersey City, N.J., for example, the population is 250,000, but the city collected more than 2 million plate images in a year. Because the city keeps records for five years, the ACLU estimates that it has some 10 million on file, making it possible for police to plot the movements of most residents, depending upon the number and location of the scanners.

The ACLU study, based on 26,000 pages of responses from 293 police departments and state agencies across the country, found that license plate scanners produced a small fraction of “hits,” or alerts to police that a suspicious vehicle had been found.

In Maryland, for example, the state reported reading about 29 million plates between January and May of last year. Of that number, about 60,000 — or roughly 1 in every 500 license plates — were suspicious. The main offenses: a suspended or revoked registration, or a violation of the state’s emissions inspection program, altogether accounting for 97 percent of alerts.

Even so, Eisenberg, the assistant U.S. attorney, said the program has helped authorities track 132 wanted suspects and can make a critical difference in keeping an area safe.

Also, he said, Maryland has rules in place restricting access. Most records are retained for one year, and the state’s privacy policies are reviewed by an independent board, Eisenberg noted.

At least in Maryland, “there are checks, and there are balances,” he said.

In Kenya, Using GPS Tech to put an 'Invisible' Slum on the Map

NPR Reports: "If you were to do a search for the Nairobi city slum of Mathare on Google Maps, you'd find little more than gray spaces between unmarked roads.

Slums by nature are unplanned, primordial cities, the opposite of well-ordered city grids. Squatters rights rule, and woe to the visitor who ventures in without permission. But last year, a group of activist cartographers called the Spatial Collective started walking around Mathare typing landmarks into hand-held GPS devices."

Isaac Mutisya, whom everyone knows as Kaka, points out the spot in Mathare where he was born. The more he maps his slum through the lens of his GPS, the more he feels the outside world is finally looking back.

In a slum with no addresses and no street names, they are creating a map of what it's like to live here.

Their map includes things like informal schools, storefront churches and day care centers, but also dark corners with no streetlights, illegal dumping grounds and broken manholes. They bring the most urgent problems to the attention of the authorities.

Kaka, says they have actually been able to get a few streetlights built. And it's always the map that makes the difference.

"Because it's technology, it can shame some of the people," he says. "Like, 'Why didn't you put up a light there when we told you that this area is dangerous?' "

We think of GPS maps as guides. They are the sometimes annoying, always calm, recorded voice in our car that steers us through unfamiliar places. But maps are also public records that can help slum dwellers negotiate with city authorities.

A Global Movement

The slum-mapping movement started in India about a decade ago and more recently migrated to Africa. The idea is to make slums a reality for people who would never set foot in one.

A map can be entered as evidence in court to stop evictions. It can be reprinted by international advocacy groups to raise awareness. It can be presented to city planners, as a puzzle to be solved.

Emily Wangari is a member of Slum Dwellers International. She invites me into her one-room house. Pigeons dance on her roof — an entrepreneurial side project of her neighbor's son — and send tremors through Wangari's only light bulb.

The residents of Nairobi's informal settlements live in unsafe, overcrowded and often unsanitary housing and lack access to basic services such as sanitation, water and electricity.

To picture the astonishing map she unfolds on her lap, imagine a satellite photo of your hometown and trace lines around all the houses and buildings: What you'd get on the tracing paper would be squares and rectangles surrounded by space — the space being the lawns and parks and roads.

But Wangari's map looks more like a mad game of Tetris. Blocks of every shape are jammed in together with no space between, except narrow pathways following the trails of open sewers. And every year these narrow streets get narrower still, as people expand their houses farther into the walkway.

"People take that as an advantage of just widening their house," she says. If there's any extra public space, people take it for their own.

If Kaka's map, the Spatial Collective map, is a map of city neglect, Wangari's map describes life in a slum where the idea of public space has no enforceable authority. You'll find no parks, no playgrounds, no breathing room.

Helping Slum Dwellers Negotiate

Slum mapper Emily Wangari stands outside a communal toilet in the Kiamutisya settlement of Mathare. This settlement has only four toilets for 4,000 residents. By mapping the problems, she hopes to pressure authorities to bring in more necessary services.

This year Wangari did use her map to briefly claim some communal space. The story is this: After years of grass-roots activism, the city of Nairobi finally agreed to pipe in municipal water and sell it at public collection points for a half a penny on the gallon. But when the city workers went to lay the pipes, the place was so crowded they couldn't actually find enough space for their shovels.

So Wangari had to go around telling people to move parts of their houses. But then she pulled out her map, showed people where their houses were and assured them they could get their space back.

"We had to tell people, 'Move your structure a bit so the [water] line can pass. But you are assured, of building back. Yeah, when the line passes you'll build back,' " she says.

It's the kind of guarantee that never gets granted in this slum. Amazingly, people accepted. The water line was laid. It was as if in a place where no one has a legal right to anything and everything is claimed by force, the map provided some assurance — if not of actual ownership, then at least of a shared record of the past that allowed people to plan together for the future.

Knowing Your 'Spot'

In the storage room of an Internet cafe that the Spatial Collective uses for its office, I watch Kaka and the other slum mappers play idly with their GPS devices. In nine clicks, they zoom out the view broader and broader to encompass Nairobi city, then Kenya, then Africa, then the globe. Kaka laughs when I point out his habit.

"It's good to know where your spot — where your spot is in the world," he says, shrugging.

And the more time he spends looking at his home through the lens of the GPS, the more he can't shake the sense that the outside world is finally looking back.

"With the GPS if you mark a point, you know that there's someone out there who will get the information that there's a something happening here — or that there's me here," he says, with a sheepish chuckle.

While basic inadequacies and deep uncertainty still define the life here, he says, the days when some unscrupulous developer could send arsonists in at night and erase all traces of a community seem to be fading into the past. Among residents, there's a growing sense that in seeing their slum from the satellite level, from 10,000 miles up, they are starting to take their city out of the shadows.

Don't want to be tracked in the Department store - turn off your Smartphone

Reported by Yahoo! Shine:  When you visit websites or when you click over to an online store, most of them will monitor where you are located, what you're clicking on throughout the site, how much time you're spending there, and what you ultimately purchase. Based on that information, the site may automatically generate ads for similar items you'd be interested in purchasing, or email you product information based on your interests. This is done partly for your convenience, but also, of course, so stores can make more money.

When you visit retail stores. Security camera footage is overlaid with analytics tracking the number of customers entering the store each day, as well the number of purchases made. The same cameras used to deter theft are now being used to track where you are spending time in the store. GPS and WiFi signals are used in a similar way to inform retailers about your location in the stores, but the accuracy levels are somewhat limited based on the signals to your device. Though not everyone has a smartphone.

What you can do to get off stores' radar, in person and online:

Turn off your GPS and WiFi. If you don't want stores to track your activities, you should also disable all social media apps like Instagram and FourSquare from sharing your location.

Whenever possible, pay with cash. If you make a purchase with a credit card, you link your name and location to an itemized list of everything you've purchased. Paying with bills means your itemized purchases can't be tied to your name.

Don't register on websites, and use guest checkout. If you're not logged in, retailers can't necessarily match your activity on their site with your name. The less information a website keeps on file (credit card numbers, billing addresses, and so on), the better it is for your privacy. If you must use this data to make a purchase, you can always unsubscribe or delete it after the fact, but some companies do store some of this information.

Clear your cookies. Cookies leave a little footprint on every website you visit, providing personalized data that's easy to access. Try clearing your cookies from your computer frequently. It may mean having to re-enter forms, but it's better than storing this data online indefinitely.

Don't answer surveys or warranty cards. These are other ways stores can keep tabs on your purchasing habits.

Be cautious of your activities on platforms like Facebook and Google. "Google saves every bit of information it collects about you — your usage of it, your email sent through it, where you visit — and it's just sitting on their servers, waiting to be hacked or subpoenaed by the government," says Amadeo. "[Google] can sell information about you to advertisers and collects even more information if you use Chrome, Gmail, Google calendar..." Amadeo warns that Facebook also uses all the information you put on its site (your favorite movies or your new engagement ring photo, for example) to sell to advertisers. Even if your account is private, this data is public property and will potentially exist somewhere on the web forever.

Russia to Launch 2 Glonass Satellites After Proton Disaster

Ria Novosti reports that Russia will launch two GLONASS navigation satellites later this year to make up for the loss of three satellites in the recent Proton rocket explosion after launch from the Baikonur space center in Kazakhstan, according to a senior space industry official.

“We are planning to launch two satellites from the Plesetsk space center [in northern Russia] to replenish the GLONASS orbital grouping following the recent Proton-M accident,” said Nikolai Testoyedov, the head of the Information Satellite Systems (ISS) company, which manufactures satellites for the GLONASS project.

The first GLONASS is scheduled for launch in the beginning of September, and the second at the end of October, according to Testoyedov. The official added that both satellites will be launched on board the Soyuz carrier rockets, which has proven to be more reliable than ill-fated Protons.

Proton rocket explosion after launch from the Baikonur space center

A group of 29 GLONASS satellites is currently in orbit, with 24 spacecraft in operation, three spares, one in maintenance, and one in test flight phase, according to Russia’s space agency, Roscosmos.

Helicopter GPS system includes real-time map addresses

News 9 reports: "A new technology is making it easier for Tulsa Police to find criminals from the air. The new system lets the helicopter pilot see street names or other landmarks on a computer in the cockpit."

TPD has been using this new system since January 2013. They say, in these seven months, it's nearly paid for itself by making response times quicker and keeping patrol officers safe.

Sunday morning, police arrested a 26-year old Tulsa man with a history of drug possession. He was taken into custody after, police say, he refused to pull over for a traffic stop.  "The use of that new system on the helicopter really guided us to catch a suspect tonight we may not have otherwise," said Sgt. Matt McCoord.

McCoord was chasing the suspect on the ground with guidance from the air support team.

"In a pursuit, things are happening so fast that time is real critical," said Sgt. Nick Cory.  Cory is in charge of the Tulsa Police Air Support Unit. He also credits the new GPS enabled computer system for Sunday's quick arrest.

It's called ARS or Augmented Reality System. It overlays street names or addresses or landmarks on top of the image from the FLIR camera--that's the thermal camera mounted under the cockpit.  The typical picture from the FLIR looks like just a simple aerial view, with the ARS, it's much easier for the pilot to know exactly where a suspect is located, which means no more educated guesses.

"Before we would have to go, 'Well, they're behind a house, third house from the corner on the east side of the road,'" Cory said.

At $150,000USD a unit TPD could only afford to buy one system for just one helicopter, and in the short time it's been in use it's become very popular, not just with the air support team but with the officers on the ground, as well.  "Lots of times when we're out flying the patrol officers ask us which helicopter we're in because they're hoping we're in one with this ARS system in it," Cory said.

Police say the new system gives them, literally, a heads-up on the bad guys and where they can be found. TPD says the other helicopter is scheduled to be replaced and they're hoping to add an ARS to the budget for the new helicopter.