Tag Archives: 5G

Security News for the Week Ending November 1, 2019

Johannesburg, South Africa Attacker Threatens Data Breach

In what I think is going to be the way of the future, hackers compromised Joburg IT systems and threatened to publish data that they stole if the ransom is not paid.  As I write this, the deadline has just passed, they have not paid the ransom, the data is not yet exposed and they think they will have most of the systems back online soon.  While this project seems to be the work of inexperienced hackers (they did not encrypt all of the systems), this does not mean that more experienced hackers won’t try this technique and do a better job of it.  Source: The Register.

China Steals IP to Build C919 Airliner

I keep saying that the biggest threat to U.S. businesses is not credit card fraud but IP theft, such as by the Chinese.  In this case the Chinese wanted to build a passenger jet to compete with Boeing and Airbus.  The plane, in development for almost 10 years, was delayed because the Chinese didn’t actually know how to build it.  SOOOOOO, here comes TURBINE PANDA.  Stupidly, the developer of Turbine Panda came to the US for a security conference, where he was quickly arrested by the FBI.  Now China’s MSS (ministry of State Security) has banned Chinese researchers from attending conferences in the US.  In the meantime, Turbine Panda was  used to compromise US and European airplane parts suppliers so that China could get the tech that they needed to build the C919.  Source: CSO.

 

FCC Plans to Ban Huawei and ZTE Equipment, Force Replacement

The FCC is set to vote on rules banning using Federal Government subsidies to buy Huawei and ZTE equipment  because of their close ties to the Chinese government and another rule that would force telecoms to rip  out existing Chinese equipment.  The cost of replacing existing equipment has been estimated at several billion dollars and the FCC doesn’t have any way to pay for that.  In addition, if telecoms have to use more expensive 5G equipment from other providers, they will have to slow down the deployment of 5G services due to cost.  The options that telecoms have, if that proposal gets approved, is to significantly delay the rollout of the much overhyped 5G cell networks or raise prices.  This disproportionately will affect less densely populated parts of the county (like me, who lives 20 miles from downtown Denver – I cannot currently get any form of broadband Internet or any form of cell service where I live) because carriers will choose to install limited 5G service in highly dense areas where they will get more subscribers to pony up the additional fees for 5G cell plans and those 5G cell phones that often run $1,100 or more.  The U.S. is already pretty much a third world country when it comes to fast , affordable Internet and cell service and this will only reinforce it.  I have no problem banning Chinese firms, Congress just needs to figure out how to pay for this desire.  Source: ARS

 

Domain Registrars Web.com, Network Solutions and Register.Com Hacked

These three registrars – all owned by the same folks – were hacked in AUGUST but the company didn’t figure it out until mid OCTOBER.  The information taken is mild by today’s standards – names, addresses, phone numbers, etc. but no credit cards – they don’t don’t believe (that’s comforting).  Also not compromised were passwords.  If this is accurate, it seems like they segmented the data, which is a good security practice.  Still, if you use one of these services, I would change  my password and make sure that two factor authentication is enabled.  Source:  The Hacker News.

 

Rudy Guiliani Bricked His iPhone;  Asked Apple to Fix It

Reports just surfaced – and so far are not being disputed  – that the Prez’s cybersecurity advisor, personal lawyer and who knows what else, apparently forgot his iPhone password and after 10 tries, locked it up, so he took it to an Apple store in San Francisco and GAVE it to some random Apple tech to reset, and reload from iCloud.  Definitely a super secure situation.  Rudy said that everyone needs help from time to time and compared himself to the dead San Bernadino mass shooter whom the FBI needed help unlocking his iPhone.   I don’t think that would be someone that I would compare myself to.  Source: The Register.

Does Amazon Have a Security Prob?

One report says that an Amazon customer was seeing mysterious fraudulent charges on his account and even after working with Amazon multiple times and resetting everything, the charges kept coming.  After months, he found out that Amazon doesn’t have visibility to non-Amazon branded smart devices that are connected to your account (like a smart TV) and even if you reset your account, those devices can continue to connect and order stuff.  There is a department inside the company that has a special tool that they can use to detect these rogue devices.  If you are seeing mysterious charges that they can’t explain, this could be it.  Source: The Register.

Facebooktwitterredditlinkedinmailby feather

5G – Mostly Hype – For Now

There has been a lot of hype surrounding the next generation of cellular technology and while 5G is definitely cool, we need to make sure that we don’t get the cart before the horse.

#1 – Everyone has to buy a new phone.  Apple watchers think that Apple should release it’s first 5G phone before the end of 2020.  Other phones are being touted as 5G or possibly 5G evolution – which is different.  This means that even if 5G is available in your neighborhood, which it likely is not, it won’t do  you any good until you replace your phone.

#2 – Carriers need to upgrade each and every cell tower.  This means new electronics.  Given that there are hundreds of thousands of cell towers – or more – in the United States, that is a lot of money.  Likely, carriers might upgrade the network first in rich neighborhoods (because those people might buy new phones sooner) or neighborhoods with high traffic density.  Most of us won’t see upgrades for years.  I still connect to towers that only support 3G and 2G on a regular basis.

#3 – Network capacity needs to be upgraded.  It is wonderful if you can talk to the cell tower at 1 gigabit per second but that does no good if the connection from that cell tower to the rest of the network is only, say 50 megabits – there is no magic to get you faster speed.  And that needs to go all the way back to the Internet backbone.  In many cases, that is 5 to 10 network connections that all have to be upgraded.  If you have two cell towers that each want to talk at 1 gigabit per second and they connect to one consolidation  point, that needs to have a 2 gigabit connection and if two of those connect to a higher consolidation point, that needs to have a 4 gigabit connection.  Everybody shares the same pipe and it will only run as fast as the slowest connection.

#4 – MORE cell towers.  The nature of 5G is that the signal can only travel a short distance at that high speed.  This means more towers. And more “back haul” connections.  Should we put a tower in your back yard?  This is going to be a big problem.  Carriers want to reduce costs which means that land owners are going to be even less likely to want to put a tower in their back yard.  I have heard some stories that carriers are lobbying for laws to force land owners to put cell sites on their land for next to nothing.  That is not going to go over very well.

#5 – Oh, yeah, 5G doesn’t work inside.  Not in your house.  Not in your car.  Not in your office.  Unless you have a 5G mini cell site inside the building.  With enough bandwidth to back haul the traffic.  There are some carriers that are working on  using a different frequency that works better inside, but frequency (also called spectrum) is exceptionally scare.

#6 – Now you create all these really cool 5G applications that use all that bandwidth.  What about security.  After all, today, phone app security is horrible.  If you start building all of these bandwidth gobbling applications will security magically improve?  Not likely.

Other than that, there are no problems with 5G.

What we are likely to see is limited deployment of 5G over the next couple of years.  Select sites in select cities.  What we are also know is that the back haul bandwidth is going to be a problem.

Next we are going to have to get everyone to buy new phones.

And likely the 5G cell plans are going to cost more just like smartphone plans had/have a “surcharge”.

We need to develop all those cool new apps.

And finally, we need to solve the security problems.

As I said, other than that, there are no problems with 5G.

 

Facebooktwitterredditlinkedinmailby feather

Security News Bites for the Week Ending March 1, 2019

We Don’t Need Back Doors in Crypto – We Have Enough Bugs Already!

Researchers have found three new bugs in the protocol design (as opposed to the implementation) in both 4G and 4G cellular networks.  The design flaws can be carried out by any person with a little knowledge of cellular paging protocols.

The hardware to carry out the attack can be purchased for less than $200 and all four major carriers are vulnerable since these are protocol design problems and not implementation bugs.

The good news is that since these are protocol design flaws, the networks of all of our adversaries (and our friends) are also vulnerable, which probably makes the spy-guys happy too.

There is no fix approved or planned for the security holes.  Source: Techcrunch.

Google Slipped a Microphone into your Nest Security System – Forgot to Tell Buyers.

When Google announced that the Nest security system would now support “Hey Google” with no hardware upgrade, a few geniuses figured out that there must have always been a microphone in the Nest that Google just accidentally forgot to tell people about.

Google is trying to spin down the tornado saying that yes, they just forgot to tell people that there is a microphone in there, but not to worry because it isn’t enabled by default.  They put it in there to detect breaking glass and other features, they say.

Alarm systems often have microphones, usually to detect glass breaking, but the control panel, where Google put it, might not be close enough to all of the windows in the house to detect that.  Some alarms support two way voice communications to the alarm monitoring center, but if a system has that, it is not a secret, but rather a feature, loudly announced.  More likely, Google kept it a secret so that competitors wouldn’t figure out their future plans.  Source: The Intercept.

 

Hacking Tools Going Mainstream

Celebrite, the Israeli company that makes tools for law enforcement (and, I think, for anyone else who’s check clears) to hack iPhones and Android phones has grown a conscience.

Used Celebrite devices are showing up on eBay for as little as $100 – and, of course, will the ex-owner’s data still intact.

Celebrite is “warning” their customers not to do that but rather to return their devices to them for destruction.  If you think they are really concerned about your security, then that makes sense.  On the other, if you believe that they would rather sell you a new one for $6,000 rather than you buying it on eBay for $100 …..

In any case, they are available and many of them still have the captured data on them.  Source: Forbes.

 

TSA’s Pipeline Security Team Has Five People

2.7 million miles of pipeline and five employees.

Roughly half a million miles of pipe  per person.

And none of them have cyber expertise.

Since 2010 the number of people assigned to pipeline security have ranged from a low of 1 to a high of 14.  Not very comforting.

And they don’t plan to add any cyber expertise anytime soon, instead they are relying on begging other parts of Homeland Security for help.

Given that TSA hasn’t figured this out in almost 19 years, some folks in Congress want to move the responsibility elsewhere.

In the meantime, lets hope that the terrorists do not understand how bad things are.  Source: FCW.

Facebooktwitterredditlinkedinmailby feather