SBN

BSides Las Vegas, iMessage Exploit, 5G and Stingray Surveillance

This is your Shared Security Weekly Blaze for August 12th 2019 with your host, Tom Eston. In this week’s episode: My summary of last week’s BSides Las Vegas security conference, how a single text message to your iPhone could get you hacked, and how Stingray surveillance devices can still be used on new 5G networks.

Wireless technology such as Wi-Fi, Bluetooth, and RFID are integrated into every part of our daily lives. In fact, because everything these days is wireless we can often take the security risks for granted. So if you’re looking to have the ultimate peace of mind, you should use a faraday bag to protect your devices. A faraday bag blocks all wireless signals which makes any device that uses wireless technology completely undetectable. And using a faraday bag is so much faster than disabling the wireless on a laptop or smartphone. Just stick it in the bag! And if you want the best faraday bags on the market today, you’ll want to use one from Silent Pocket. Visit slientpocket.com and check out their great line of products and receive 15% off your order using discount code, “sharedsecurity”.

Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.

The annual BSides Las Vegas security conference took place last week which also coincides with the Black Hat and infamous DEF CON hacking conference. This is the week that all of us in the cybersecurity industry lovingly call “security summer camp”. BSides would be considered the smaller conference of the three and in my opinion, provides a much more intimate experience to network with other cybersecurity and privacy professionals. As part of this year’s BSides conference, I participated in the “Proving Ground” speaking track where I was a mentor helping out a fantastic new speaker work on the talk that he gave at the conference. It was a very rewarding experience that I highly recommend other speakers volunteer for if they have the time to do so.  I also attended several talks and met several speakers that had some very interesting research to share. While many of the talks at BSides were about all the latest topics on how anything is hackable, there were two talks in particular that were on topics that we don’t hear much about. These talks were “Satellite Vulnerabilities 101” by Elizabeth Wilson and “Human Honey Pots or How I learned to love the NFC implant” by Nick Koch.

Satellites provide means for different forms of communication as well as GPS, military, and other critical systems. Elizabeth presented a really nice overview of the many different types of vulnerabilities that are present in satellites including everything from, timing of banking transactions, nation states using anti-satellite weapons, and even the threat of space junk. Here’s Elizabeth’s take on the threat of space junk and how this is a major problem.

Elizabeth: The debris is growing and growing and the more you put up there the more potential damage you’re putting up as well. It’s like I said during my talk, the difference between a hundred .01 meter satellites and one single satellite that’s 1 meter is 30 times of an increase in risk. And when you consider that, the more you have these small hard to track things that sometimes don’t even have propulsion systems, yeah it’s going to create a lot of issues. This is one of the most pressing areas that we need. We really need some way to manage this debris. We need some sort of clean up system in a way. And there has been some ideas people have had on that like sending capture satellites up there to capture the debris and things but we don’t have anything yet that’s currently really viable.

What I also found fascinating from her talk was that organizations that support satellites, like NASA, are getting hacked all the time. For example, in 2007 Chinese hackers actually gained access to NASA’s satellite control systems and came very close to issuing commands to these satellites. Thankfully, that did not happen.

The other takeaway from this talk was how satellites are a lot like the “Internet of Things” devices where security was never built in because the threat model at the time didn’t conceive the types of attacks that we see today. By the way, the typical satellite has a lifespan of about 50 years! Is it even feasible to think that satellites can be patched and updated? Here’s Elizabeth speaking to me about this problem and what the solutions might be.

Elizabeth: That is one of the big challenges right now because a lot of these systems, unless you’re going to completely replace it, you just can’t update it in some cases. And maybe the solution is we need to completely replace them, take them down and put something else up but that’s extremely expensive, time consuming, and are they going to put the time and money into it? Probably not. They’re probably going to just deal with the vulnerabilities until the lifecycle ends. I feel like the real solution here is going to be making sure to proactively set these systems up to be  more resilient and have the availability for like updating actively in the future.

The other interesting talk I attended was by Nick Koch (here’s his blog) who discussed biohacking and NFC implants. NFC, which stands for Near Field Communication, is a short range wireless technology that is used for transferring or receiving information from an electronic tag or other supported device. For example, all modern phones like your iPhone or Android device all have NFC capabilities. Now many of us wouldn’t think about putting an NFC implant into our bodies, but the fact is, more and more people are starting to do this. Why on earth would someone implant a small wireless device into their body? Well, there are some conveniences like unlocking the door on your house with a wireless implant, or having some other type of information easily available like quickly paying for things such as subway fares. And on the flip side, there are some interesting attacks where an attacker could use an NFC implant to get your device to open up a web browser and send you to a malicious link or conduct other types of attacks by leveraging an NFC implant. According to Nick, attackers with NFC implants could be a future form of attack vector. Especially when combined with social engineering. According to Nick, he feels that his generation, has become more aware of phishing and that most of his generation is pretty well trained to not click on suspicious links. This means that future attacks that direct people to malicious links could take a wireless form where now the attacks happen by being physically close to someone with one of these implants. Now I think the risk for this type of attack right now is very low but as NFC and other wireless technologies evolve, I think Nick is on to something here. It’s quite possible that in the future, malicious NFC or other new wireless implants may be a future threat we have to be aware of.

And now a word from our sponsor, Edgewise Networks.

The biggest problem in security that remains unsolved is unprotected attack paths that allow threats to compromise vulnerable targets in the cloud and data center.

But traditional microsegmentation is too complex and time consuming, and offers limited value that’s hard to measure.

But there’s a better approach… Edgewise “Zero Trust Auto-Segmentation.”

Edgewise is impossibly simple microsegmentation … delivering results immediately, with a security outcome that’s provable, and management that’s zero touch.

At the core of Edgewise Auto-Segmentation is Zero Trust Identity, which automatically builds unique identities for all communicating software and devices by combining cryptographic properties of the workload with risk classifications.

Edgewise protects any application, in any environment, without any architectural changes. Edgewise provides measurable improvement by quantifying attack path risk reduction and demonstrates isolation between critical services—so that your applications can’t be breached.

Visit edgewise.net to find out more about how Edgewise can help stop data breaches.

Last week at the Black Hat security conference in Las Vegas Google Project Zero researcher Natalie Silvanovich announced six “interaction-less” vulnerabilities in iMessage which means that an attacker can exploit and gain control of an iOS device by simply sending a text message with no interaction from the user. You don’t even have to open up the message. Just receiving the message alone is enough to exploit these vulnerabilities. It’s worth noting that these are the types of vulnerabilities could be worth tens of millions of dollars because nation states and other threat actors would find exploits like these extremely attractive. The good news here is that the researcher has been working with Apple to patch these vulnerabilities, however, there are several more that do not have a patch yet. Keeping your devices fully patched and updated is one of the best ways to protect yourself from attacks like these. If you happen to be using an Apple iOS device or running macOS, you should immediately update to iOS version 12.4 and macOS 10.14.6. One thing I noticed with this specific update is that Apple may not notify you automatically that a new update is ready to install. So make sure you go into your settings and manually check for an update to make sure you’re protected.

5G networks are finally starting to be rolled out in several large US cities but it’s probably going to be awhile before we have devices as well as the infrastructure across the world that supports this much faster data network. But while we wait, researchers at the Black Hat security conference last week presented their findings on flaws that they found in the new 5G standard that were meant to stop the use of surveillance devices called stingrays. Now we’ve talked about stingray devices on this show in the past but as a reminder these  devices being used by nation states and governments to intercept phone calls, text messages and track the movements of a specific device. Stingrays create fake cell towers which trick your mobile phone to think it’s a legitimate cell tower. The research that they discussed was quite technical but to break it down to layman’s terms they were able to find that there were weaknesses in the way that mobile devices are identified as well as new ways to downgrade the devices network connection to an older and more vulnerable 4G or 3G network. This particular issue is actually not a flaw in the 5G standard itself but is an issue with how 5G is implemented by the mobile carriers themselves.

Oh and this is not the first time that researchers have found flaws in the 5G standard, there were previous flaws that have since been fixed. The good news is that the researcher has started working with the 5G standards committee to hopefully fix these flaws as well. This will hopefully bring 5G closer to helping stop, or at least make mass surveillance of mobile networks much more difficult to perform.

That’s a wrap for this week’s show. Visit our website, SharedSecurity.net for previous episodes, links to our social media feeds, our YouTube channel, and to sign-up for our email newsletter. First time listener to the podcast? Please subscribe where ever you like to listen to podcasts and if you like this episode please it share with friends and colleagues.  Thanks for listening and see you next week for another episode of the Shared Security Weekly Blaze.

The post BSides Las Vegas, iMessage Exploit, 5G and Stingray Surveillance appeared first on Shared Security Podcast.


*** This is a Security Bloggers Network syndicated blog from Shared Security Podcast authored by Tom Eston. Read the original post at: https://sharedsecurity.net/2019/08/12/bsides-las-vegas-imessage-exploit-5g-and-stingray-surveillance/