Beware the SMS of Death
One of the more common predictions for 2011 among industry-watchers is that smartphone malware will become more common as smartphones grow more popular. But even feature phones are vulnerable to attacks.
We’ve already seen hacks that purportedly allow people to eavesdrop on GSM voice calls. Now researchers in Germany say feature phones can be shut down and knocked off the network via SMS attacks.
Collin Mulliner and Nico Golde – students in the Security in Telecommunications department at the Technische Universitaet Berlin – have demonstrated a so-called “SMS Of Death” attack on feature phones made by LG, Motorola, India-based Micromax Nokia, Samsung and Sony Ericsson that exploits the ability of the SMS protocol to send “binaries” (small programs) to the handset.
Cellcos use this function to remotely change phone settings, but attackers can use it to send malicious messages that can shut down the phones. While the attack requires the attacker to know the type phone someone is using, they can easily send five malicious SMSs targeting the top five handset models in that market and knock large numbers of users off the network, according to Technology Review.
The availability of Web-based bulk SMS services make this kind of attack both cheap and easy, Mulliner says.
Cellcos have two options to prevent such an attack, according to the TR report: update the firmware of existing phones, or filter SMS traffic for malware, the latter of which is tough because SMS filters are designed to block spam, not binaries.
Updating phone firmware is also a tough haul, Aurélien Francillon, a researcher in the system security group at ETH Zurich, tells TR: “Most of those phones don’t have automated updates, and when they do, patches are not made available quickly.”
Article source: http://www.telecomasia.net/blog/content/beware-sms-death?John%20C.%20Tanner
Corporate Espionage Cases Traced to China
WASHINGTON—China stealthily integrated itself into America’s telecommunications market over the past several years and is taking advantage of the United States’ superior name brand to further its goals, alleges a U.S. China Economic and Security Review Commission (USCC) report this month.
China is “able to affiliate their products with the excellent reputation of U.S. brands in global markets. China’s technology industry now appears to be a de facto part of the American communications industry landscape,” states the USCC report in its introduction.
A major issue is that China aggressively bulldozes its way into every conceivable market, most importantly the technology sector, crushing its competitors with cheaper subsidized products (often filching the technology from foreign companies doing business in China), forced technology transfer, cyber attacks, corporate spying, or acquisition of foreign companies.
The Commission sent out a warning signal stating, “Investments would increase China’s leverage in the U.S. marketplace and beyond (even if indirectly through joint ventures and third parties) and could eventually provide China access to or control of vital U.S. and allied information, networks, or segments of critical supply chains.”
Espionage in High Gear
“Lurking in the cybershadows is a far more insidious and sophisticated form of computer espionage. … Such attackers represent the elite—a dark army of cyberspies targeting the heart of corporations around the world where trade secrets, proprietary data, and cutting-edge technologies lie locked away in digital fortresses,” according to an investigation on Chinese cyber attacks by The Christian Science Monitor (CSMonitor) last year.
Experts suggest that one tool of the espionage trade is cyber espionage, a highly effective tool that has been employed a number of times and was more often than not found to originate in China.
“The China threat is constant. If there’s valuable intellectual property out there, there are people in China and elsewhere who want to take it. It’s the new battlefield—low risk and low investment with high gain,” said Shawn Carpenter, forensics analyst for cybersecurity company NetWitness, in the CSMonitor article.
In 2010, Canadian cyber attack experts discovered spyware nicknamed “GhostNet.” The spyware was found to originate from Hainan Island Internet accounts, where the Chinese army intelligence is located.
The USCC report also sees China as the main culprit in stealing trade secrets via cyber attacks. “There is growing public concern over the impacts of cyber espionage incidents that appear to originate in China.”
Congressional and industrial sources said that computer attacks on companies, including Google, Yahoo, and defense contractor Northrop Grumman have increased, although these companies, outside of Google, have remained quiet about it.
“Online attacks that appear to come from China have been an ongoing problem for years, but big companies haven’t said much about this, eager to remain in the good graces of [China],” according to an article on Computerworld’s website.
According to expert opinion, these companies downplay incidents for fear of losing access to the so-called lucrative Chinese market.
Next: Chinese students are trained in the U.S.
Article source: http://www.theepochtimes.com/n2/content/view/49537/
Renault launches legal action for industry espionage
French car maker Renault has launched legal action for industrial espionage after it suspended three top managers who it reportedly suspected of leaking secrets about its new electric cars.
The company said it had lodged a complaint for “industrial espionage, corruption, breach of trust, theft and handling stolen goods”.
State prosecutor Jean-Claude Marin said the charges alleged that “elements concerning France’s economic secrets” had been leaked “to a foreign power”.
The French daily Le Figaro has reported that Chinese interests stood to benefit from spying on Renault’s electric car programme, on which it is staking its future. China has angrily denied any involvement.
Renault last week suspended three senior managers – Michel Balthazard, Matthieu Tenenbaum and Bertrand Rochette – over suspicions they had leaked strategic information.
The three deny involvement and were not named in the company’s judicial complaint last Thursday. Under the French judicial system prosecutors can investigate allegations without a defendant being named.
Article source: http://www.timesofmalta.com/articles/view/20110117/business/renault-launches-legal-action-for-industry-espionage
Woman accused of bugging ex-boyfriend’s car seat
Eau Claire (WQOW) – Investigators believe a woman bugged a child’s car seat to keep tabs on her ex-boyfriend.
Jamie Mesang is accused of duct taping a digital recorder underneath a car seat that belongs to her ex. Police say he became suspicious when Mesang started texting him about things she shouldn’t have known about.
Eventually, he took apart his son’s car seat and found the recorder. She’s been charged with a felony and will be in court in March.
Article source: http://www.wqow.com/Global/story.asp?S=13930104
My landline was bugged as papers tried to ‘out’ me, says Nick Brown
Nick Brown, the former chief whip and key political ally of former prime minister Gordon Brown, became the latest public figure yesterday to say that he believes his private calls and messages were eavesdropped.
The Newcastle MP revealed that he believes his landline was the subject of an “amateurish” bugging operation around the time his homosexuality was made public in 1998.
Five years later, he was also approached by police investigating voicemail hacking claims and warned that his mobile phone may have been illegally accessed. The former Cabinet minister is the latest senior Labour figure to come forward with claims that his phone calls and messages were hacked. Tessa Jowell, the former culture secretary, revealed that her phone may have been accessed as recently as this week and she has hired lawyers to discover who hacked into her messages on 29 separate occasions in 2006.
Although it is not known in both cases who was responsible for the hacking, the claims will further fuel the phone hacking scandal engulfing the News of the World (NOTW), which is now the subject of a new police investigation following the decision of the Sunday paper to sack its head of news, Ian Edmondson.
Mr Brown, who was chief whip in the Commons for Tony Blair when he first came to power in 1997, said that his suspicions were raised following a conversation from a landline with an “important” person while his sexuality was still unknown. The MP said: “I picked up a landline telephone very quickly to make another call straight away. And the line clicked and then I heard my last conversation played back to me, which was quite eerie.
“I got on to British Telecom straight away. They said the line showed every sign of having been intercepted manually, not through scanners. It was an amateurish attempt involving the physical intervention of the line with a recording device.”
He added: “The engineer thought a recording device had been set to record calls automatically. I have no idea who did it but it was clearly not the intelligence services. I assume it was someone acting for a newspaper.”
Mr Brown, who also served as agriculture secretary, revealed he was gay after a former lover approached the NOTW offering to sell his story. In a speech to farmers the day after he confirmed his sexuality, the then minister put on a brave face, saying: “The sun is out – and so am I.” There is no evidence that the NOTW was responsible for the bugging operation.
Mr Brown added that he was then approached by an unnamed police force in the west of England in 2003 who told him that they were pursuing a phone-tapping prosecution and he was one of those who may have been targeted. The case collapsed when it reached court and full details of the allegations were never disclosed.
The MP said: “Given that it was near [Prince Charles' home] Highgrove, my assumption was that this might involve the Royal Family. But I was never explicitly told that.”
Mr Brown, regarded as a staunch supporter of Gordon Brown, who has made public his own concerns that his phone was hacked while he was chancellor, called on Scotland Yard to make a greater effort to ensure such crimes did not take place again. He said: “The only people who can properly inquire into this are the police and they are right to review everything.”
A growing number of public figures have come forward recently claiming they were targeted by Glenn Mulcaire, the private detective who was jailed in 2007 along with the NOTW’s then royal editor, Clive Goodman, for illegally accessing the voicemails of member of the royal household.
The television actress Leslie Ash and her husband, Lee Chapman, the former footballer, said they were planning to sue after records of phone numbers belonging to the couple and their children were found on notebooks seized at the home of Mr Mulcaire.
Article source: http://www.independent.co.uk/news/uk/crime/my-landline-was-bugged-as-papers-tried-to-out-me-says-nick-brown-2197771.html