Categories
digital-divide

Low Cost/Low-Power/DIY Cellular data network

From http://shareable.net/blog/a-low-cost-low-power-diy-cellular-data-network

Shareable recently covered a group of residents of Jalalabad, Afghanistan who built their own open-source wireless network from junk and everyday household items. For the less-industrious yet DIY-inclined, the Village Base Station (pdf) is a low-power, easy to deploy tool developed by Berkeley professor Kurtis Heimerl to create a GSM cellular data network in areas with limited power and network resources. MobileActive recently got their hands on a prototype and tested it in a large American city, and the results were promising. In a post about the experiment, they note the benefits of the Village Base Station:

…?exible off-the grid deployment due to low power requirements that enable local generation via solar or wind; explicit support for local services within the village that can be autonomous relative to a national carrier; novel power/coverage trade-offs based on intermittency that can provide bursts of wider coverage; and a portfolio of data and voice services (not just GSM).

Categories
security

4G and CDMA, GPRS reportedly hacked

Extremetech reports that a MITM attack was conducted against all 4G and CDMA transmissions in and around the DEFCON venue in Las Vegas.  Apparently the MITM attack allowed attackers to obtain full access to some Android and PC devices, and was able to monitor data and telephony sessions.

The Register is also reporting that Security Research Labs has developed a way to monitor GPRS conversations by exploiting weaknesses in the protocol.  Demonstration software is expected to be released at CCC 2011. (In 2009 SRL’s Chief Scientist also coordinated release of a rainbow table to assist in cracking GSM, and in 2010 other cryptographers where able to defeat 3G encryption).

Fun times!

Categories
security

Defcon Lockpickers Open Card-And-Code Government Locks In Seconds

Lockpicker Toby Bluzmanis inserts a wire into the LED readout of Kaba’s E-Plex 5800 to open the lock.

To open a door fitted with the latest U.S. government-certified lock from high-end Swiss lock manufacturer Kaba, an employee must both enter a code up to eight digits long, then swipe a unique identity card coded to comply with a new standard that requires an extra layer of security, one designed to track individual staffers and make covert intrusion harder than ever.

Or, as lockpicking expert Marc Weber Tobias will show a crowd of hackers Friday, you can stick a wire in the tiny display light above the keypad and instantly render all of that “security” irrelevant.

At the Defcon security conference in Las Vegas, Tobias and his partner Toby Bluzmanis plan to demonstrate a series of simple hardware hacks that expose critical security problems in Kaba’s E-plex 5800 and its older 5000. Zurich-based Kaba markets the 5800 lock, which Bluzmmanis says can cost as much as $1,300, as the first to integrate code-based access controls with a new Department of Homeland Security standard that goes into effect next year and requires identifying credentials be used in secure facilities to control access.

In demonstrations for me and in videos they plan to show the Defcon audience, the lockpicking duo use one method called “rapping” to open the lock by simply hitting its top surface or lever handle with a mallet, compressing an internal spring that then decompresses and pushes open a latch that releases the lock. In another bypass, they insert a wire into a silicon cover for an LED light that blinks red when the user enters an invalid code. That wire can ground a contact on the circuit board behind the light that triggers a function intended to allow the door to be opened with a remote button, bypassing all its security measures.

A third attack allows an insider to open the back side of the lock and insert a wire that flips a microswitch intended as an override for power failures. That trick resets the lock’s software, tampering with its audit trail and allowing it to be reprogrammed with different codes. Bluzmanis demonstrated in a video that the more elaborate microswitch attack could be performed in under a minute.

“The issue is simply insecurity engineering,” says Tobias, who works as a consultant to several major lock firms and contributes blog posts to Forbes.com. “They simply don’t get it.”