I recently had a miserable experience with credit card fraud and am not looking forward to having more high tech credit cards in my pocket as a result. I was pumping gas at a Chevron station in East Palo Alto. All seemed rather benign and safe. I swiped my credit card in the embedded machine in the pump. It asked me for the usual zip code info, approved and on I went with pumping the gas. I finished, took my receipt and drove off. About an hour later I get an email from Barclays Bank who handles the Virgin America VISA card (really cool looking card) stating that I had possible fraud activity on my card. I checked it online and noticed that there were two charges at that same Chevron station: my first legitimate one and another larger, fraudulent one for $120. I promptly cancelled it and the Barclays Bank folks were really good on the phone.
I asked around with several friends as to how this might possibly have happened. It’s not definitive but it’s theorized that there was someone at the gas station with a wireless device that somehow had activated the embedded chip in my credit card and somehow got access to information that obviously made them capable of a making a fraudulent charge on the card. Another possibility is that the gas pump somehow could have gotten hacked or intruded upon allowing access to be gained to the cards that get swiped through it.
So there are many credit cards with the embedded chips in them for contactless payments with the terminals at several merchants. Are we headed full speed ahead into a brick wall of a security hole with this embedded technology? What else is at risk?
- Our healthcare with smart tags or cards that carry our health information?
- Our passports with the new smart chips in them?
Will the move to using our smartphones or cellphones be safer for doing payments and commerce?
This week on Dark Reading there was more talk of the cracking of the GSM A5/1 over the air encryption. There is certainly a lot of attention swarming to this topic, rightly so given the pervasiveness of mobile. In addition the hacker community is making statements of the A5/3 encryption who is built into some of the 3G standards.
I think that the biggest concern does lay solely with the cracking of A5/1, but that there is a HUGE community of software programmers interested in “seeing” how vulnerable these encryption protocols actually are and if they can break them. In general this is a good thing to overcome the Kool-Aid Syndrome (where carriers and mobile technologists because too enamored with legacy and the status quo) and get telecom vendors, standards bodies, and carriers to think innovatively and out of the box. However it’s only a good thing if malicious behavior does not reign supreme.
Imagine if the confidential mobile communications of a government official or corporate CEO were intercepted and held for ransom. Imagine if terrorists were somehow to exploit this vulverability to their advantage. As with any socially and globally impactful technology, there are two sides to the coin: the good side and the dark side!
How do we solve this both near term and long term? Do we ban cellphones in certain instances or environments? Is this even feasible given the human appendages that cellphones and smartphones have become?
Amid all the recent buzz on iPhone 3.0 SMS vulnerability and other security concerns around the iPhone, one of the scarier stories revolves around the iPod Touch and how to turn it into a mobile penetration test tool.
The article dated August 5th in Dark Reading, describes the notion of “weaponizing” the iPod Touch. The weaponization according to Thomas Wilhelm from Colorado Technical University, “The iPhone Touch can also perform ARP spoofing and force nodes to use it as a gateway. “The coolest thing with the iPod Touch is that it can tell every computer in the network that it’s the gateway, and that when you talk to Google, you have to go through it,” Wilhelm says. “Then it captures all of the packets that go across the network.”” Why the iPod Touch? Because it’s small and can be carried into ANY facility without anyone knowing it.
Furthermore, it can be installed in stealth with some Home Depot parts that Wilhelm instrumented to give it infinite power, “It’s basically an electric box with an empty faceplate affixed to a wall to hide the iPod, which is plugged into the wall outlet.”
How do you solve this problem? Because the iPod Touch must connect wirelessly to the network, it will be transmitting so can be detected and located by a WIDLS (Wireless Intrusion Detection and Location System) like AirPatrol.
What if this were the iPhone instead of the iPod? Then any vulnerability scans can be immediately offloaded over the 3G network, undetected by ANY of the WIDS systems available in the market today unless it could also detect and locate cellular signals as well. Again, see AirPatrol.
The US governments travel site (GovTrip) was hacked with a URL redirect method and there is fear malicious code was introduced into user’s computing devices, according to ComputerWorld and Network World articles. This site is used by several government workers in the following agencies and departments, among others: Environmental Protection Agency, the Department of Energy, the Department of Health and Human Services, the Department of the Interior, the Department of Transportation and the Treasury Department. The site is used by workers for travel planning and travel expense reimbursements.
The simultaneously novel and threatening approach taken here is that it is not the typical frontal assault at the most secure agencies of national and information security (DoD, NSA, etc.) but rather towards a seemingly benign website but one that is used by enough government workers throughout enough of the key departments, such as Energy and Treasury, to have a potentially huge impact. Don’t confuse this as admiration for the perpetrators, but rather acknowledgment of how many “holes” exist in the fabric of the US government and economy’s information infrastructure.
There are both intranet and public Internet access to this site. If any of the computing devices accessing this site from the public Internet side also have access to classified or secure networks in their respective agencies, there is where the greatest threat to the information and network security lay in the event malicious code is propagated. Imagine a botnet running without the Department of Energy network where nuclear site protection and operating procedures are stored…no, I don’t want to imagine.
Lay’s potato chips has nothing on this Pringle’s can used for directionally aiming a wireless receiver towards a wireless network, thereby extending the range of the receiver. I’ve tried this in the past and it actually works. No, I didn’t hack a network, just wanted to see if it would actually work. Which is what I believe to be most of the attempts, but you just never know these days with desperation kicking in to high gear with corporate espionage, insider trading, or other less-than-noble attempts at making a fast buck or skirting regulations. Check out the video on YouTube.
Pringle’s tube wireless hacking
Here’s also another interesting YouTube video on a somewhat detailed procedure of how to “read” the 128-bit AES encryption key for a wireless network over-the-air. I should provide the usual disclaimer that neither myself nor my company condone the use of such techniques for any purpose.
Wireless WEP Key Hacking