Search This Blog

Wednesday, January 28, 2015

Security-Focused Android BlackPhone Was Vulnerable To Simple Text Message Bug

As reported by The Register: The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets.

Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application.  

The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers.

Mark Dowd (@mdowd), noted Sydney-based hacker and co-founder of security consultancy Azimuth Security, discovered the flaw during casual research in the latter months of 2014. He shared his findings with The Register while the fix – due to be disclosed today – was being developed.


"Successful exploitation can yield remote code execution with the privileges of the Silent Text application, which runs as a regular Android app, but with some additional system privileges required to perform its SMS-like functionality such as access to contacts, access to location information, the ability to write to external storage, and of course net access," Dowd said, noting the bug took him about a week to find.

The flaw could also be coupled with a privilege-escalation exploit to gain full control of the vulnerable device, but this was not required to run arbitrary code as an unprivileged user.

Dowd has, in the past, reported vulnerabilities he discovered in a ZRTP third-party library utilized by the Silent Phone app in 2013 prior to the July 2014 launch of BlackPhone.

It was the marketing of the Silent suite of apps that piqued Dowd's interest – which led him to report the security hole he uncovered.

"They aim to combat mass-surveillance by relying on encrypted phone calls and messages by default, which is an effective counter-measure, but I wanted to evaluate those solutions from an application security standpoint [and] by that I mean I wanted to see how robust their implementations were against targeted attacks, and evaluate any additional attack surface they might expose," he said.

The flaw discovered in Silent Text is really a programming blunder within the Silent Circle Instant Messaging Protocol (SCIMP) library, which is responsible for establishing encrypted communication channels between devices for secure transmissions of text messages and files.

"The SCIMP protocol encodes messages as JSON objects, which are then transmitted to the remote party over XMPP," Dowd explained to The Register.

"The flaw I discovered occurs during the deserialization of these JSON objects. It is a type confusion vulnerability, which when exploited allows an attacker to overwrite a pointer in memory, either partially or in full.

"This pointer is later manipulated by the program and also the system allocator, allowing you to do things such as pass arbitrary pointers to free()."

The expert went on to say:
"Specifically, libscimp expects JSON objects to contain a message type, and multiple fields that are relevant to that message type. By sending a JSON object that contains multiple message types, it is possible to have fields read in to memory from the JSON object for one message type misinterpreted as fields of another message type. This allows the attacker to engineer a situation whereby a pointer to user-controlled data may be overwritten (or partially overwritten) with a value of their choosing."
It is important to note that the implementation flaw does not imply any inherent weaknesses in the design of the SCIMP protocol nor the encryption mechanisms used by BlackPhone.

The device and its Silent Text app were the brain children of encryption gurus Phil Zimmermann, Jon Callas and Mike Janke who created the device in the wake of and in opposition to global spying revelations revealed by NSA leaker Edward Snowden.

They have not revealed how many BlackPhones are in operation, however the Android Silent Text app has clocked more than 50,000 downloads, according to Google, and is also available on Apple iOS.

Silent Circle was not available for immediate comment.

After publication of this article, once a patch was issued to BlackPhone owners, Dowd shared more technical details on the text-messaging flaw, here.

Commercial Space Rides for U.S. Astronauts to Save Millions: NASA

As reported by Reuters: The U.S. space program should save more than $12 million a seat flying astronauts to and from the International Space Station on commercial space taxis rather than aboard Russian capsules, the NASA program manager said on Monday.

In September, the National Aeronautics and Space Administration awarded contracts worth up to a combined $6.8 billion to Boeing and privately owned Space Exploration Technologies, or SpaceX, to fly crew to the station, a $100 billion research laboratory about 260 miles above Earth.

Since retiring the space shuttles in 2011, the United States has depended on Russia's space agency, Roscosmos, to ferry astronauts to the orbital outpost. The service costs more than $70 million per person.

NASA expects to pay an average of $58 million a seat when its astronauts begin flying on Boeing’s CST-100 and SpaceX’s Dragon capsules in 2017, Kathy Lueders, manager of NASA’s Commercial Crew program, told reporters during a news conference in Houston and via conference call.

“I don’t ever want to have to write another check to Roscosmos after 2017, hopefully,” NASA Administrator Charles Bolden said.
Both SpaceX and Boeing plan two test flights to the station, the first without a crew and the second with a combination of company test pilots and NASA astronauts aboard.

SpaceX is targeting its unmanned test flight in 2016 and its piloted flight in early 2017, said company president Gwynne Shotwell. Boeing’s test flights are targeted for April and July 2017, vice president and program manager John Elbon said.

For its manned test flight, Boeing plans to fly one as-yet-unnamed company astronaut and one NASA astronaut. SpaceX said it is still deciding on a test flight crew.

Though schedules show SpaceX being ready ahead of Boeing to fly operational missions, NASA currently expects Boeing to begin flight services first in December 2017, Lueders said.

Tuesday, January 27, 2015

Why the Time Seems Right for a Space-Based Internet Service

As reported by MIT Technology Review: Providing Internet access from orbiting satellites—a concept that seemed to have died with the excesses of the dot-com boom—has returned thanks to SpaceX founder (and dot-com billionaire) Elon Musk. And while such a service would be expensive and risky to deploy, recent technological trends mean it’s no longer so out-of-this-world.

Musk has proposed a network of some 4,000 micro-satellites to provide broadband Internet services around the globe. SpaceX is partnering with Google and Fidelity Investments, which are investing $1 billion for a 10 percent stake in the endeavor. Richard Branson’s Virgin Galactic and Qualcomm, meanwhile, are investing in a competing venture called OneWeb, which aims to build a similar network of micro-satellites.

In the late 1990s there were plans to deliver similar space services. “The dot-com bust dried up their financing and it never really got off the ground,” says Forecast International analyst Bill Ostrove. Those projects might have failed anyway, though, because it costs $60 million and $70 million to launch a satellite, and there’s always a decent chance that the payload will be lost to an accident.

Fiber-optic cables, in contrast, are easy and cheap to install, even in harsh environments like the ocean floor, and they can transmit huge amounts of data.  Beaming data from a satellite is done by radio, and is limited by the available spectrum, as well as the amount of power a satellite can get from its solar panels. Most communications satellites have data-transfer speeds of around a gigabit per second, compared to several terabits per second for the fastest fiber.

But some things have changed since the late 1990s. For one thing, satellite technology has advanced, bringing the cost of deployment down significantly. Toaster-sized micro-satellites can be launched dozens at a time, and don’t have to operate at very high orbits, reducing launch costs, but they can deliver performance comparable to larger, older satellites at higher altitudes.

SpaceX and Virgin Galactic also hope to ride a different boom by targeting parts of the world where there is little infrastructure and a huge opportunity for Internet growth. Satellite services remain less economical in areas where fiber-optic networks are in place, but Musk has stated that his Internet service would be aimed primarily at providing service to remote areas of the globe.

“You’ve got large swaths of land where there is a relatively low density of users,” Musk told an audience at the opening of SpaceX’s new satellite development center in Seattle last week. “Space is actually ideal for that.”

Musk and Branson are not alone in recognizing the market potential. Besides investing in Musk’s project, Google is working on a high-altitude balloon-based Internet delivery system called Loon. And Facebook is developing high-altitude, high-endurance drones to deliver Internet capability to remote areas. The Google and Facebook projects would be similar in concept to the space-based systems, while operating within the Earth’s atmosphere.

Whether, as Musk has suggested, SpaceX’s service could also be a viable alternative for customers in the developed world is less certain. Ostrove says satellites simply cannot compete with the bandwidth and low cost of fiber-optic cables.

The technology could also prove tricky for these newcomers to master. SpaceX, after all, has built rockets—but no satellites yet.

US Police Organization Wants Cop-Spotting Dropped From Waze App

As reported by The RegisterThe US National Sheriffs' Association wants Google to block its crowd-sourced traffic app Waze from being able to report the position of police officers, saying the information is putting officer's lives at risk.

"The police community needs to coordinate an effort to have the owner, Google, act like the responsible corporate citizen they have always been and remove this feature from the application even before any litigation or statutory action," AP reports Sheriff Mike Brown, the chairman of the NSA's technology committee, told the association's winter conference in Washington.

Waze, founded in 2008 and purchased 18 months ago by Google for $1.1bn, has about 50 million users who anonymously share their locations to help gauge road traffic flows. The app also allows police reports and road closures to be added to maps and shared with other users.

Brown called the app a "police stalker," and said being able to identify where officers were located could put them at personal risk. Jim Pasco, executive director of the Fraternal Order of Police, said his members had concerns as well.

"I can think of 100 ways that it could present an officer-safety issue," Pasco said. "There's no control over who uses it. So, if you're a criminal and you want to rob a bank, hypothetically, you use your Waze."

Brown said he had been alerted to the dangers of Waze by Sergio Kopelev, a reserve deputy sheriff in Southern California, and invited Kopelev to brief the conference on the potentially dangerous code.

Kopelev said he first heard of the app in November, when he noticed his wife using it. He said that it was only a matter of time before officers are attacked because of the app, and said that after the murder of two NYPD officers in November the issue had become a "personal jihad" for him.

Both Brown and Kopolev pointed out that in the New York case the killer, Ismaaiyl Brinsley, had posted a screenshot from Waze on his Instagram account. Given that Brinsley threw away his phone two miles from the scene of the crime, however, it would be a stretch to pin his shootings on Waze, but the sheriffs are calling for Google to enable stealth mode for police sightings.

Google is already having a fair amount of trouble with law enforcement after both it and Apple began offering full-device encryption to mobile users. Now police have another reason to moan – although if officers are out and about in public spaces, Waze would appear to be doing nothing wrong.

"We think very deeply about safety and security and work in partnership with the NYPD and other Police and Departments of Transportation all over the world, sharing information on road incidents and closures to help municipalities better understand what's happening in their cities in real time," Julie Mossler, head of global communications at Waze, told El Reg.

"These relationships keep citizens safe, promote faster emergency response and help alleviate traffic congestion. Police partners support Waze and its features, including reports of police presence, because most users tend to drive more carefully when they believe law enforcement is nearby."

AT&T to Buy Nextel de México, Continuing It's Expansion into Latin America

As reported by GigaOM: AT&T’s plans to tackle the Mexico market aren’t just limited to buying a single mobile operator Iusacell. It announced Monday it is buying Lusacell’s competitor Nextel de México for $1.875 billion from NII Holdings and will merge its operations into its growing pan-American network.

AT&T closed its $2.5B deal for Lusacell earlier this month, making it the third largest mobile carrier in Mexico. Adding Nextel’s 3 million subscribers will give AT&T about 12.2 million customers in Mexico, but it will remain a distant third place to Mexican giant América Móvil.  

Nextel de México is one of the many companies to carry the Nextel brand throughout North and South America. The most famous Nextel Communications group was acquired by Sprint a decade ago, and its brand was only recently retired. But several other Nextel’s continued operating in different countries under the NII Holdings umbrella. NII filed for bankruptcy last year, so the AT&T offer has to go through the bankruptcy court. That means it could trigger a potential auction for Nextel de México’s assets.

Like the other Nextels, Nextel de México runs iDEN Networks, which were once celebrated for their walkie-talkie-like push-to-talk capabilities but fell out of use during the mobile data revolution. Nextel Mexico, however, has since launched a 3G network based on HSPA technology that lines up with AT&T’s technology. It’s also launched LTE in three major cities: Mexico City, Guadalajara and Monterrey.

Monday, January 26, 2015

SpaceX, US Air Force Settle Spy Satellite Dispute

As reported by TechieNews: The US Air Force and private space flight company SpaceX have settled their dispute involving military’s expendable rocket program thereby paving way for the latter to join the spy satellite launch programme under Evolved Expendable Launch Vehicle (EELV).

The settlement opens doors for SpaceX to compete with United Launch Alliance (ULA) for launch of spy satellites. ULA is a joint Boeing-Lockheed venture – the only private player to have received clearance for launching black ops satellites.

SpaceX has claimed in its lawsuit filed last year that the bidding system was unfair and rigged in favour of ULA. SpaceX went onto claim that the contract “was granted to ULA on a sole-source basis without any competition from other launch providers.”

Both the company and its founder Elon Musk have been quite vocal about Air Force’s deal with ULA and have been openly criticising the process questioning whether the allotment of contract was driven in large part by hiring favors between ULA and the government.

“Under the agreement, the Air Force will work collaboratively with SpaceX to complete the certification process in an efficient and expedient manner”, announced SpaceX in a press release.

“Going forward, the Air Force will conduct competitions consistent with the emergence of multiple certified providers. Per the settlement, SpaceX will dismiss its claims relating to the EELV block buy contract pending in the United States Court of Federal Claims.”

The settlement means that SpaceX will see an expansion of its private spaceflight program. The company has already managed to bag a contract from NASA for trips to International Space Station and the settlement means that it will now have the ability to launch surveillance satellites for the US.

With an investment of $1 billion by Google and Fidelity earlier this week and the deal with US Air Force, SpaceX will surely be highly motivated to ensure that its soft landing of Falcon 9 rocket succeeds enabling it to reduce cost and turnaround times giving it an edge over ULA.

Tesla Motors, Inc. Has a New $9 Billion Ally

As reported by The Motley FoolTesla Motors is roaring ahead with electric vehicle innovation -- but it's not the only one. EV's need infrastructure, and Tesla Motors has found an unlikely new ally with the power to push electric vehicle feasibility to the next frontier. Here's what you need to know.
Recharge RevolutionNRG Energy isn't an auto manufacturer. Not even close. With close to a $9 billion market cap and 53,000 MW of nuclear, fossil, wind, and solar generating facilities spread across 3 million customers in 47 states, NRG Energy, is an electric utility through and through.
But utilities aren't the power-producing stalwarts they used to be. With decentralizing grids, smart meters, and increasingly volatile power portfolios, electric companies are looking for ways to stabilize and diversify their earnings. For NRG Energy that means taking a page out of Tesla Motors' book and building out an enviable electric vehicle charging infrastructure.
Dubbed "eVgo," NRG Energy, currently has charger stations in 10 national markets, with plans to expand to more than 25 markets in the next two years. From San Francisco to Houston to Atlanta, NRG Energy's already entrenched national presence gives it an advantage over Tesla Motors' start-from-scratch expansion. But it doesn't take more than a glance to realize NRG Energy is employing a different growth model:
The eVgo charging stations provide approximately 40 miles of range in just 15 minutes of charging. Source: NRG Energy, Inc.
Source: Tesla Motors, red = open now, grey = opening soon. 
While Tesla Motors' 171 current stations in North America have a significantly wider spread, NRG Energy's 150 stations provide easy electric accessibility within its municipal markets. And more importantly for NRG Energy, its stations aren't an amenity -- they're profit-pulling investments. Owners can pay for individual plans, or hop in on pre-arranged partnerships NRG has with several of America's 13 electric vehicle manufacturers. NRG's "Recharge for No Charge" special offers are available to Ford Motor Co.General Motors Company , Porsche, Nissan, and BMW electric vehicle owners in select markets. In their latest quarterly statement, NRG Energy noted that these and other partnerships "have resulted in significant increases in customer count."