The London Underground is getting Wi-Fi. Of course there are security fears:
But Will Geddes, founder of ICP Group which specialises in reducing terror or technology-related threats, said the plan was problematic.
He said: “There are lots of implications in terms of terrorism and security.
“This will enable people to use their laptop on the Tube as if it was a cell phone.”
Mr Geddes said there had been numerous examples of bomb attacks detonated remotely by mobile phone in Afghanistan and Iraq.
He warned a wi-fi system would enable a terror cell to communicate underground.
And he said “Trojan” or eavesdropping software could be used to penetrate users’ laptops and garner information such as bank details.
Mr Geddes added: “Eavesdropping software can be found and downloaded within minutes.”
This is just silly. We could have a similar conversation regarding any piece of our infrastructure. Yes, the bad guys could use it, just as they use telephones and automobiles and all-night restaurants. If we didn’t deploy technologies because of this fear, we’d still be living in the Middle Ages.
Posted on April 13, 2011 at 1:14 PM •
Still minor, but this kind of thing is only going to get worse:
The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they’re wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere with, two different tire pressure monitoring systems.
The pressure sensors contain unique IDs, so merely eavesdropping enabled the researchers to identify and track vehicles remotely. Beyond this, they could alter and forge the readings to cause warning lights on the dashboard to turn on, or even crash the ECU completely.
Now, Ishtiaq Rouf at the USC and other researchers have found a vulnerability in the data transfer mechanisms between CANbus controllers and wireless tyre pressure monitoring sensors which allows misleading data to be injected into a vehicle’s system and allows remote recording of the movement profiles of a specific vehicle. The sensors, which are compulsory for new cars in the US (and probably soon in the EU), each communicate individually with the vehicle’s on-board electronics. Although a loss of pressure can also be detected via differences in the rotational speed of fully inflated and partially inflated tyres on the same axle, such indirect methods are now prohibited in the US.
Paper here. This is a previous paper on automobile computer security.
EDITED TO ADD (8/25): This is a better article.
Posted on August 17, 2010 at 6:42 AM •
It’s a service:
The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more “premium” price of $35, you can get the job done in about half the time. Because it is a dictionary attack using a predefined 135-million-word list, there is no guarantee that you will crack the WPA key, but such an extensive dictionary attack should be sufficient for any but the most specialized penetration testing purposes.
It gets even better. If you try the standard 135-million-word dictionary and do not crack the WPA encryption on your target network, there is an extended dictionary that contains an additional 284 million words. In short, serious brute force wireless network encryption cracking has become a retail commodity.
In related news, there might be a man-in-the-middle attack possible against the WPA2 protocol. Man-in-the-middle attacks are potentially serious, but it depends on the details — and they’re not available yet.
EDITED TO ADD (8/8): Details about the MITM attack.
Posted on July 27, 2010 at 6:43 AM •
This idea, by Stuart Schechter at Microsoft Research, is — I think — clever:
Abstract: Implantable medical devices, such as implantable cardiac defibrillators and pacemakers, now use wireless communication protocols vulnerable to attacks that can physically harm patients. Security measures that impede emergency access by physicians could be equally devastating. We propose that access keys be written into patients’ skin using ultraviolet-ink micropigmentation (invisible tattoos).
It certainly is a new way to look at the security threat model.
Posted on April 15, 2010 at 6:43 AM •
I wrote about this in 2004. This is an improved product:
While paints blocking lower frequencies have been available for some time, Mr Ohkoshi’s technology is the first to absorb frequencies transmitting at 100GHz (gigahertz). Signals carrying a larger amount of data — such as wireless internet — travel at a higher frequency than, for example, FM radio.
Posted on October 12, 2009 at 1:47 PM •
“WiFi networks and malware epidemiology,” by Hao Hu, Steven Myers, Vittoria Colizza, and Alessandro Vespignani.
In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attacks. In this article, we consider several scenarios for the deployment of malware that spreads over the wireless channel of major urban areas in the US. We develop an epidemiological model that takes into consideration prevalent security flaws on these routers. The spread of such a contagion is simulated on real-world data for georeferenced wireless routers. We uncover a major weakness of WiFi networks in that most of the simulated scenarios show tens of thousands of routers infected in as little as 2 weeks, with the majority of the infections occurring in the first 24–48 h. We indicate possible containment and prevention measures and provide computational estimates for the rate of encrypted routers that would stop the spreading of the epidemics by placing the system below the percolation threshold.
Honestly, I’m not sure I understood most of the article. And I don’t think that their model is all that great. But I like to see these sorts of methods applied to malware and infection rates.
EDITED TO ADD (3/13): Earlier — but free — version of the paper.
Posted on February 18, 2009 at 5:53 AM •
Elcomsoft is claiming that the WPA protocol is dead, just because they can speed up brute-force cracking by 100 times using a hardware accelerator. Why exactly is this news? Yes, weak passwords are weak — we already know that. And strong WPA passwords are still strong. This seems like yet another blatant attempt to grab some press attention with a half-baked cryptanalytic result.
Posted on October 14, 2008 at 6:25 AM •
Remember when I said that I keep my home wireless network open? Here’s a reason not to listen to me:
When Indian police investigating bomb blasts which killed 42 people traced an email claiming responsibility to a Mumbai apartment, they ordered an immediate raid.
But at the address, rather than seizing militants from the Islamist group which said it carried out the attack, they found a group of puzzled American expats.
In a cautionary tale for those still lax with their wireless internet security, police believe the email about the explosions on Saturday in the west Indian city of Ahmedabad was sent after someone hijacked the network belonging to one of the Americans, 48-year-old Kenneth Haywood.
Of course, the terrorists could have sent the e-mail from anywhere. But life is easier if the police don’t raid your apartment.
EDITED TO ADD (8/1): My wireless network is still open. But, honestly, the terrorists are more likely to use the open network at the coffee shop up the street and around the corner.
Posted on August 1, 2008 at 6:46 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.