Defcon2010
Latest
Charlie Miller and Kim Jong-Il could pwn the Internet with two years, $100 million
Well there's one thing we can say about Charlie Miller -- he sure is an ambitious rascal. When not busy exposing security holes in OS X, our fave security expert (aside from Angelina Jolie in Hackers, of course) has laid out a shocking expose based on the following premise: if Kim Jong-Il had a budget of $100 million and a timeline of two years could North Korea's de facto leader (and sunglasses model) take down the United States in a cyberwar? It seems that the answer is yes. Using a thousand or so hackers, "ranging from elite computer commandos to basic college trained geeks," according to AFP, the country could target specific elements of a country's infrastructure (including smart grids, banks, and communications) and create "beacheads" by compromising systems up to two years before they pulled the trigger. Speaking at DEFCON this weekend, Miller mentioned that such an attack could be carried out by anyone, although North Korea has a few advantages, including the fact that its infrastructure is so low tech that even destroying the entire Internet would leave it pretty much unscathed. That said, we're not worried in the least bit: if the diminutive despot brings down the entire Internet, how is he ever going to see Twilight: Eclipse?
Hacker intercepts phone calls with homebuilt $1,500 IMSI catcher, claims GSM is beyond repair
In 2009, Chris Paget showed the world the vulnerabilities of RFID by downloading the contents of US passports from the safety of his automobile. This year, he's doing the same for mobile phones. Demonstrating at DefCon 2010, the white hat hacker fooled 17 nearby GSM phones into believing his $1,500 kit (including a laptop and two RF antennas) was a legitimate cell phone base station, and proceeded to intercept and record audience calls. "As far as your cell phones are concerned, I'm now indistinguishable from AT&T," he told the crowd. The purpose of the demonstration was highlight a major flaw in the 2G GSM system, which directs phones to connect to the tower with the strongest signal regardless of origin -- in this case, Paget's phony tower. The hacker did caveat that his system could only intercept outbound calls, and that caller ID could tip off the owner of a handset to what's what, but he says professional IMSI catchers used by law enforcement don't suffer from such flaws and amateur parity would only be a matter of time. "GSM is broken," Paget said, "The primary solution is to turn it off altogether." That's a tall order for a world still very dependent on the technology for mobile connectivity, but we suppose AT&T and T-Mobile could show the way. Then again, we imagine much of that same world is still using WEP and WPA1 to "secure" their WiFi.
