Friday, September 5, 2014

Trivia, Part 1

When I have not blogged for nearly a year, and then I resume blogging by beginning with an article that reviews very old news, that should be something of concern.

Three summers ago, there was a big scandal, wherein news outlets of Rupert Murdoch's media empire had used illegal means to obtain information about the highest-ranking members of the British government, as well as information about celebrities and other persons of interest. We begin with excerpts from Murdoch Tabloids' Targets Included Downing Street and the Crown, July 11, 2011:

LONDON — The scandal that has enveloped Rupert Murdoch's media empire in Britain widened substantially on Monday with reports that two of his newspapers may have bribed police officers or used other potentially illegal methods to obtain information about Queen Elizabeth II and former Prime Minister Gordon Brown.

Others on the police payroll have been bribed to use restricted cellphone-tracking technology to pinpoint the location of people sought by the papers in their restless pursuit of scoops, according to two former journalists for the tabloid shut on Sunday, The News of the World.


The revelations about the intrusive activities directed at the queen and Mr. Brown have seized the headlines, driving home the realization that nobody, not even the most powerful and protected people in the land, has been beyond the reach of news organizations caught up in a relentless battle for lurid headlines and mass circulations.

A wide segment of British society, from celebrities to ordinary families wrestling with personal tragedies, has been shown to be potentially vulnerable to the newspapers' use of cellphone-hacking, identity theft, tracking technology and police bribery — perhaps even clandestine property break-ins, if some reports circulating in recent days are true.

Recently there has exploded to the surface a scandal in the United States whereby private photos of celebrities were supposedly hacked and published online. At the moment, the issue is still up in the air, with some celebrities denying the authenticity of the photos of them, while other celebrities confirm that the photos of them are authentic; some of these latter are vowing to pursue legal redress.

Many allegations suggest that it was Apple's cloud storage that may have been hacked, but an alternative hypothesis seems like an opportunity to introduce this post.

First, an excerpt from Don't blame iCloud yet for hacked celebrity nudes by Tony Bradley, September 2, 2014:

Boris Gorin, head of security engineering at FireLayers, thinks we shouldn't be throwing stones at iCloud. "The images leaked have been gradually appearing on several boards on the net prior to the post at 4chan—making it reasonable to believe they were not part of a single hack, but of several compromises that occurred over time."

Gorin shared a theory the celebrities may have been hacked while connected to an open public Wi-Fi network at the Emmy Awards. If they accessed their personal iCloud accounts, attackers connected to that network would have been able to intercept and capture the username and password credentials. That's not a security flaw with iCloud and having a strong or complex password wouldn't offer protection against transmitting that password in clear text on a public Wi-Fi network.

Of course, any use of any kind of cell phone could be a security risk, and this is the topic addressed here.

Cell phones communicate via radio frequency (RF) emissions to cell phone towers which, in turn, process the signals and send them into the telephone network. Of course, for years, cell phones have been more than mobile telephones, and so, for years, cell phone towers have also allowed handheld devices to communicate via the Internet.

Consequently, cell phone towers are a key node in modern communications; someone who controls a cell phone tower has access to a significant amount of information.

In an effort to make cell phone towers less conspicuous and more in-tune with the surroundings, efforts have been made to camouflage them. For over two decades, cell phone towers have been disguised as trees, and some of the disguises are not very convincing.

There is also a need for more easily-transportable cell phone towers that can be taken to replace a damaged tower while repairs are being made, or to provide surge capability, for example during a convention or sporting event. These towers can be of a generic nature, useful for not just communications equipment, but emergency lighting and other applications.

A report by Popular Science entitled Mysterious Phony Cell Towers Could Be Intercepting Your Calls from August 27 is beginning to get some attention in the media. The article begins explaining how certain telephones have security-related enhancements that make them far less vulnerable to spoofing, and how these phones have identified the phony cell phone towers (known as "interceptors) that tried to spoof them, providing information that allowed the company which markets the phones to map where the "interceptors" are.

An excerpt from the middle of the article introduces the problem we are examining:

"Interceptor use in the U.S. is much higher than people had anticipated," [Les] Goldsmith [CEO of ESD America, a maker of "hardened" cell phones] says. "One of our customers took a road trip from Florida to North Carolina and he found 8 different interceptors on that trip. We even found one at South Point Casino in Las Vegas."

Who is running these interceptors and what are they doing with the calls? Goldsmith says we can't be sure, but he has his suspicions.

"What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. So we begin to wonder – are some of them U.S. government interceptors? Or are some of them Chinese interceptors?" says Goldsmith. "Whose interceptor is it? Who are they, that's listening to calls around military bases? Is it just the U.S. military, or are they foreign governments doing it? The point is: we don't really know whose they are."

As this series continues, we will examine the nature of "interceptors", consider the extent of their use, and discuss the question of to whom they may belong.

No comments:

Post a Comment