A pair of dueling intelligence exploitation revelations have given the ongoing Snowden releases a run for their money. The first is the allegation that Russia provided poisoned gifts to delegates at the G20 summit. The complementary USB sticks and telephone chargers which they distributed to attendees came with trojan software installed (in the case of the USB sticks) while the cell phone chargers had the ability to slurp data from phones connected to them and send it onward to quarters unknown. Apparently the malware accessories were first recognized as hacking devices by Herman Von Rompuy’s staff. There have been official statements that the devices were not used by any heads of states, but there are indications they may have been picked up by various members of their staffs. Russia has made an official denial of any involvement with the hacking attack, instead stating that this revelation is merely an attempt to distract the world from the NSA spying scandal. There has also been a report published (first in Russian media) that Russian customs officials had seized a number of electric coffeepots, imported from China, which when plugged in search for unlocked wireless networks and then start distributing malware and sending spam emails.
Undoubtedly this sort of situation is not what futurists predicting an “Internet of Things” anticipated. However, we must come to the conclusion that with ubiquitous computing will come ubiquitous malware and exploitative software. It may not yet be time to lie awake at night worrying if your toaster is hacking into your email and changing the controls on your fridge and your TiVo, but the hour certainly draws near.
Hristo Bojinov and other researchers at Stanford have discovered a new way of digitally fingerprinting mobile devices. The method works off the fact that the accelerometers used in smart phones all have unique measurement errors after rolling off the assembly line. These errors can be found by setting the phone on a flat surface, tapping it, then flipping it over. The researchers have stood up a proof of concept site where users can find the accelerometer fingerprint of their own device.
The technique could be used by advertisers and by surveillance agencies as a method of tracking and identifying mobile devices. The current favored method for this operation, putting tracking cookies on the piece of hardware, is subject to a number of constraints. Not the least of these being that the users can delete the cookies to give themselves a fresh start in the tracking system.
Dan Gifford – MCySec Media Manager
In an excellent interview posted on MIT’s Technology Review, Anthropologist Genevieve Bell questions if society is ready for the new wearable computing devices such as Google’s Glass and Samsung’s Galaxy Gear. Her arguments focus on the intersection of the functional and the symbolic, and she takes the position that at this still nascent stage in wearables development our society still hasn’t “liberated ourselves to take advantage of all the really interesting technical stuff”.
Dan Gifford – MCySec Media Manager
The Washington Post reports that many US Government employees will have to turn in their government issued Blackberrys during the government shutdown. This is to prevent them from doing work or conducting official business such as sending emails while the non-essential operations of the government remain unfunded.
Hayley Tsukayama has written an article for the Washington Post about new privacy concerns brought on by recent devices such as Google Glass and Samsung’s Galaxy Gear. Glass has already attracted a number of preemptive bans on its use in certain places, but in general the intersection of everyday wearable devices and privacy with everyday life has yet to be socially (or governmentally) addressed.
The Chaos Computer Club (CCC) of Germany, founded in 1981 and one of the most visible global hacking collectives, has published the details of their successful hack of the new iPhone 5s biometric security fingerprint scanner (a system called TouchID). A member of the club’s biometric hacking team, nicknamed “Starbug”, documented the successful hack in a video posted to Youtube. The method used to conduct the hack is not apparently different than the method Starbug has used in the past to defeat fingerprint readers, except that cracking the TouchID system requires making a fake latex fingerprint of a higher resolution that that used with other systems (however, at 1200 dpi it is still well within the capabilities of a desktop printer). The ease of the method described by the CCC should put a pin in the claims of revolutionary technological developments made so breathlessly in the press in recent days in regard to Apple’s new TouchID feature.
Frank Reiger, spokesperson for the group, stated that: “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token. The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.”
In 2008, the CCC acquired and then published 4000 copies of German Interior Minister Wolfgang Schäuble’s fingerprint in an issue of their magazine. The fingerprint was included on a piece of film that would allow users to impersonate the Minister when using biometric devices. This was done in protest of the Minister’s public advocacy which led to the inclusion of fingerprint data on German passports.
Dan Gifford- MCySec Media Manager