Category Archives: Offence

Mobile Phone intercept, it’s not new

A 60 Minutes report demonstrated how mobile networks could be intercepted and that this has been an open secret within intelligence agencies.

Mobile intercepts are done by accessing the mobile network infrastructure shared by providers across the world. The mobile infrastructure utilise a protocol called SS7 that handles call connections and subscriber information. So, anyone with access to SS7 can intercept subscribers on the network just about anywhere in the world.

Demonstration on base band weaknesses was made as early as 2010, Karsten Nohl the person who demonstrated this to 60 Minutes presented his findings in 2010 and again in 2014. If you have thought about it, chances are that someone else has as well. In this case, intelligence agencies.

Why is this not a big deal?

Just as providers and adversaries could intercept landlines through a PBX, wire taps and even exchanges, surely the same principles/assumptions would exist for mobile technologies?

All the same information security networking rules apply: if you have anything of importance to transmit over a 3rd party network, assume that the 3rd party is not trusted and make sure you have some sort of end to end encryption in place (like the couplers used in spy movies) or use an alternative method.

Advertisement

Using Endpoint Security Products against you

Pretty interesting read on several vulnerabilities relating to Symantec Endpoint Protection

http://codewhitesec.blogspot.be/2015/07/symantec-endpoint-protection.html

The article discuss various means to remotely compromise the management console and plant code in the distribution package.

There are several takeaways here:

  • Given that your security product is supposed to be securing your entire environment, your management console must be locked down, patched, etc.
  • If you haven’t performed an audit on your management console settings, you are asking for trouble. At the very least, explain why you have certain rules in place (file/folder exceptions come to mind)
  • Does your management console have a auditing function? Do you check it?
  • Are the endpoint packages that you create, verified and signed?
  • (To the vendors) Do services really require local SYSTEM to run?
  • If your endpoint product is compromised, you can no longer trust it or the system that it is protecting.