Author Archive | Andrew Brandt

Your GSM Phone is (Probably) Vulnerable to Malicious Text Messages

TAFT screen iphone 25Virtually all GSM phones (such as Apple’s iPhone) and GSM wireless operators (such as AT&T and T-Mobile) on the planet appear to be vulnerable to attacks using specially crafted SMS text messages discovered by security researchers Zane Lackey and Luis Miras. At the Black Hat Briefings this morning, the two researchers demonstrated several different ways they could bypass anti-spoofing protection in cellphones, and as a result, could send phones hidden commands, profile phones, or even exploit vulnerabilities that remotely disable a targeted phone’s ability to send and receive calls or text messages.

The researchers described how they set up test systems which could read the header data sent along with text messages, then used software to craft their own custom headers and messages and sent those messages to various types of GSM phones. Based on the behavior of the phones they tested, they were able to create several kinds of automated attacks for various phone models, and determined a method an attacker could use to silently connect to mobile phones and retrieve information that permits the attacker to identify the make and model of phone, and other profiling information.

One aspect of the vulnerability not well understood is how different models of phones will behave when they receive these specially-crafted messages. Some, like the Sony Ericsson model shown at right, provide the user no context as to whether information pushed down to the phone comes from a legitimate source.taft sony settings screen med

In a final coup for the conference, Lackey and Miras demonstrated an iPhone app they call TAFT which can, at the click of a few buttons, transmit various types of attacks against specific, vulnerable phone models, including iPhones, and phones running the Windows Mobile 5 and pre-“cupcake” Android operating systems.

The researchers are currently working with all major carriers and phone manufacturers to fix the problems, but warn that it may take some time before the vulnerabilities have been patched.


Black Hat: Internet Rendered Safe for Buying Stuff

kamboard2_72tcDan Kaminsky once again brought a full batch of his grandmother’s lacey cookies, along with their maker, to his session at the Black Hat Briefings security conference in Las Vegas yesterday afternoon. On this, her third visit, grandma heard about another major security¬† breakthrough.

Kaminsky’s talk focused on website certificates, one component of performing SSL-encrypted transactions over the Web. The session drew a standing-room only crowd in one of the largest halls available at the conference. The problems Kaminsky discovered, if they had remained unfixed, could have put at risk virtually any online transaction where money changes hands. In this scenario, criminals might then use such certificates, issued in the names of legitimate businesses, to boost the legitimacy of phishing attacks.

kaminsky_1The bottom line is good news. Kaminsky worked with software companies in advance of the talk, and the various issues he reported have either been fixed already, or are in the process of being fixed, in every major OS and Web browser. Thanks, Dan, for saving the Intarwebs once again.

No comments

An Abundance of Cool Console Controllers

E3 featured a lot of brand new controller accessory announcements, but these slightly less prominent new products, from DreamGear, Nyko,¬† and PDP were almost drowned in the hype tsunami over input devices like Microsoft’s camera-based Project Natal.

Finally, Finally, Finally: Xbox-like controls for the PS3

shadow1Gamers with large hands have suffered with the Playstation dual-shock-style controller for more than 10 years. Ever since the Xbox first appeared on the scene, with its comfortable, ergonomic controller, Playstation gamers have longed for a crossover controller that features the analog-stick layout the Xbox uses. Well, the wait is finally over. The DreamGear Shadow is a third-party wireless gamepad for the PS3 which features the asymmetrical Xbox-type analog-stick orientation, on a pad with a slightly grippy rubberized texture, and with nicely curved trigger buttons to boot. With an MSRP of $60, some desperate PS3 players will probably be able to forgive the fact that the Shadow requires a USB dongle for connectivity.

Continue Reading →


Classic Console Gaming Goes Portable

fcmobileIIWandering the backwaters at E3 can yield some surprising finds, like the Hyperkin booth. The company, which sells accessories for most current and older-generation console systems, was showing off its month-old FC Mobile II, a portable game system that accepts original, 8-bit Nintendo Entertainment System cartridges. The $60 package includes a light gun and two wireless controllers, and can be connected to a television or played portably using the built-in 2-inch LCD screen.
segahandheldBut 16-bit gamers don’t have to lament–starting this summer they’ll be able to play their favorite Sega Genesis or Master System cartridges on a unit Hyperkin plans to sell. The Sega model will also connect to a television or be playable on a tiny LCD, includes two built-in classic Sonic the Hedgehog games, and can play any other Genesis cartridges you find in dust-covered boxes in your closet or scrounge up at a garage sale.

One comment

Can Aion Dethrone the King of MMOs?

aioncrop1When NCsoft showed me a demo of their soon-to-launch, massively multiplayer fantasy game, Aion, at the E3 show, I saw a lot of reworked themes common to this fairly mature genre: A pair of at-odds races, each vying to wipe the other from their common home planet; user interface elements familiar to anyone who’s played any of NCsoft’s titles; and a persistent world that’s as dangerous as it is beautiful.

But what I didn’t expect was a discussion about the game’s launch in Asia, which happened some months ago, and how rapidly the game has caught on and expanded in China.

aion2The game’s International Development Manager (international, that is, for South Korea-based NCsoft), Yong Taek Bae, explained that the game’s initial launch broke all kinds of records. On Aion’s Korean launch day, beginning at 6am local time, when the company switched on servers and began allowing paying customers to join the game, 11,000 players signed on each hour. By noon, the company had to turn on four additional servers — in addition to the 21 running at launch–to accommodate the crowd. Each server is capable of supporting 7000 simultaneous players.

Continue Reading →


Peregrine Gives Players a First-Touch

peregrine1In the world of competitive videogaming, speed is everything. So Iron Will Technologies, a gaming hardware maker, decided to bring in some pros to show off its one-of-a-kind input device, the Peregrine. The device is similar to a glove control device currently under development for the military, according to Iron Will CEO Brent Baier.

The left-hand glove is made of thin, stretchy mesh material, and its most immediately obvious feature is the Tron-like circuit traces embedded in the fabric. Essentially, the traces inside the glove act as electronic circuits, called Touch Points. Players can close a circuit by making contact between a touch point and one of three grounding spots — two on the thumb, and one planted across the palm. The first four fingers have five touch points, and the pinky finger has two. A magnetically-connected USB dongle attaches the glove to a Windows PC.

Continue Reading →

One comment

Nintendo Announces Wii Biofeedback Sensor

wii_vitality2At the Nokia Theater in downtown LA this morning, Nintendo’s E3 press briefing for its new lineup included the expected cast of characters for its Wii and DS platforms. Among the announced products were more than one new Mario game, a new Metroid game, and a new feature for the DS which allows you to edit photos and upload them directly to Facebook. But the most interesting — and least discussed — new announcement was about a hardware accessory for the Wii which provides the platform with the ability to literally take the pulse of the player, while playing.

As shown in these incredibly blurry photos taken at the event, the device that Nintendo execs are calling the Wii Vitality Sensor, looks like a small plastic sleeve into which you slip an index finger. A cable connects the Vitality Sensor to the Wiimote controller.

wii_vitality1The tease for the Vitality Sensor explained that it would give Wii developers the ability to design games that use this type of input—games which can read the player’s physical state in a way that no current-generation console can. In theory, said Nintendo president Satoru Iwata, such an accessory could be used in, for example, a game designed to help the player relax and control his or her heart rate.

While this kind of biofeedback in games isn’t exactly new–especially so for Nintendo, which released a short-lived biofeedback sensor with a game for its Nintendo 64 platform years ago — the timing of the announcement is interesting, when you consider that the other two members of the console maker’s club are expected to announce point-at-the-screen game controllers like the Wii currently uses.

I don’t think Nintendo intends to recreate The Journey to Wild Divine for the Wii, but it isn’t hard to see how, combined with the Wii Fit controller, a heart rate monitor would make a pretty useful fitness gaming accessory. A number of developers have been working on games that use biofeedback to train players to relax. A version of something similar for the Wii — which has already brought huge numbers of casual gamers into the console market — would open up the market for so-called relaxation games to a much broader audience.