Tags: encryption, GSM, hacking, IAM, IMSI Catcher, mobile phone, one time password, SMS
At a recent briefing on Cyber Security, one of the speakers remarked that there’s no correlation between the size (numbers, budget, resources) of the attacker and their capability to mount an attack on your networks. My friend and former colleague Nik Barron drew my attention recently to a presentation at Defcon 18 on the subject of “Practical Cellphone Spying“.
It’s common knowledge that the crypto scheme in GSM is so weak that it’s easily broken, but in fact, if you’re within radio range of a target cellphone it’s possible to intercept calls and SMS (text messages) by bypassing the crypto scheme entirely. In his talk, Paget explains how to build and operate an IMSI catcher, a fake GSM base station which can trick a target handset into sending you its voice traffic. In fact, GSM phones are designed to accept instructions from the BTS (GSM base station). Even if instructed to turn off crypto, the handset will not warn the user. Paget’s solution is based on an overlap between the ISM (Industrial, Scientific, medical) Band and the GSM Band in the US. This band is also a ham band (ISM is a secondary use), so it’s possible to operate with an amateur radio licence and the necessary equipment can be built by a reasonably skilled amateur for around £1,000.
So, while what Paget proposes – the ability to seduce mobile phones to connect to a fake base station and to use those connections to intercept voice or SMS communications – has been possible for a long time, but crucially, it was always sufficiently difficult and expensive (hundreds of thousands of dollars) that it remained in the province of intelligence services, organised crime or other well-funded adversaries. While the price (and the expertise needed) is still probably just beyond the point where the public might attempt to “listen in” on their neighbours, it’s possible to envisage “drive by” interception, using systems built primarily around a laptop (or even a handheld device).
Why does this concern me? Well, my main area of expertise is around the design and implementation of Identity and Access Management (IAM) systems. In my field, it’s common practice to use SMS messages for out-of-band transmission of credentials, either for distributing new credentials or for one time passwords, used as part of a multi-factor authentication scheme. We must now seriously question our trust in SMS as a secure transport for these applications.
Tags: Add new tag, DocScanner, iPhone, Microsoft OneNote, MobileNoter, smart phone, SMS
As I continue to develop the information management strategy that I first laid out in my very first blog post, it’s becoming clear that the two applications at the heart of this strategy (and pretty much always open on my desktop) are Outlook and OneNote. Of course, as I’ve often pointed out, when I’m on the move, I don’t have the backup of a sophisticated unified messaging infrastructure sitting behind Outlook; rather, I need to do the best I can to synchronise between those two critical applications back at base and my iPhone. I was reading a blog post recently from the MobileNoter developers, which was looking for opinions on additional features that might be useful in this great little app. On offer were:
Improving control of the iPhone camera from within the MobileNoter app;
Adding the ability to import SMS messages into (presumably) Quick Notes.
I do use the camera on my iPhone, mainly to capture hardcopy documents and the contents of flip charts and white boards. I use an iPhone app (Document Scanner) to do this, and it gives me all the capabilities I need to correct the perspective, adjust the image properties and so on. It even provides OCR to to capture the text. The result can be saved as a jpeg or multi-page pdf. The jpeg can of course be attached to a Quick Note, while either format can be emailed back to the office PC. So, do I need more camera facilities within MobileNoter? Probably not.
The second option is more interesting. In the early 1990’s, I was working as Head of IT at a UK defence contractor. One of my priorities was to migrate our (for that time) fairly large population of mobile phone users from analogue car phones onto the new digital GSM service. One of the first things we discovered on our new phones was the message displayed on the screen to notify the arrival of voicemail. This was the first use of the Short Message Service (SMS). SMS began its life in 1992, utilising unused bandwidth in the out-of-band signalling system used to control traffic. This meant that these messages could be carried at virtually no cost – indeed, when we started, SMS was a free service, but you had to explicitly ask for it to be enabled for your phone – provided the messages were limited to 160 characters (to fit in with the existing control message formats). At the start (around 1993 for us), our Motorola 5200 flip phones could only receive SMS messages, not transmit them. However, we found that we could generate messages to these phones, by establishing a telnet connection to Vodafone’s SMS Service Centre in Newbury (over a 2400baud dial-up modem – yes, really!) and typing the message. We built on that by writing an extension for Microsoft Outlook in Visual Basic, to allow our users to select a colleague by name (we used a simple file of names and phone numbers, not the Global Address Book) and then type and send their message. The VB program then dialled the SMSC and sent the message. Not very elegant, but it worked! For the first time, a secretary in the office could send messages to the manager in their car – our first tentative steps towards mobile messaging.
Of course, SMS developed rapidly – much to the amazement of the GSM operators, who thought it was likely to remain an interesting engineering trick, with little practical application. Once all digital mobile phones had the ability to both send and receive text messages (Nokia were first to achieve this across their product range, by the end on 1993), SMS was quickly adopted by younger users, not least because of the very low cost. According to Wikipedia, the average cost of sending an SMS message is US$0.11, while the cost to the network operator is virtually zero. By 2008, 4.1 trillion messages were sent world-wide. For business users, the attraction was the ability to send a message to virtually any mobile from anywhere.
Although SMS was not the only text based messaging service available, it was not really until earlier this decade that a viable alternative became available with the arrival of the BlackBerry in 2002. I didn’t get my hands on a BlackBerry until around 2006, but when I did, it certainly changed my dependence upon text messages. The simplicity of sending “proper” emails wherever I was made that the obvious choice and I only sent text mesages when I knew that the recipent was out of the office and didn’t have a smart phone.
More recently, since I became self-employed, my usage pattern has changed again, because:
- I’ve changed to using the iPhone, where the simple intuitive screen layout and threaded messages make it a far more powerful tool and
- Data roaming charges for the iPhone when I’m travelling are prohibitive, while SMS charges are still modest.
So, a quick scan through the SMS messages currently on my iPhone shows countless pieces of information (URLs, contact details, addresses …) that I’ve manually transcribed into OneNote notebooks. So, no doubt in my mind – the facility to import text messages into MobileNoter will be yet another step towards converging those two critical applications.